Authentication Overview

Table 57 lists the authentication types with descriptive features and uses for each.

 

Table 57. Authentication types

Type

Features and use

WEP
Lower security
For use with older legacy devices, PDAs, wireless printers

WPA
Good security (uses TKIP)
For use with trusted corporate wireless clients
Transparent authentication with Windows log-in
No client software needed in most cases

WPA2

Best security (uses AES)
For use with trusted corporate wireless clients
Transparent authentication with Windows log-in
Client software install may be necessary in some cases
Supports 802.11i “Fast Roaming” feature
No backend authentication needed after first log-in (allows for faster roaming)

WPA2-AUTO
Tries to connect using WPA2 security.
If the client is not WPA2 capable, the connection will default to WPA.
Topics:
Wired Equivalent Protocol (WEP)
Wi-Fi Protected Access (WPA and WPA2)

Wired Equivalent Protocol (WEP)

Can be used to protect data as it is transmitted over the wireless network, but it provides no protection past the Dell SonicWALL. It is designed to provide a minimal level of protection for transmitted data, and is not recommended for network deployments requiring a high degree of security.

Wi-Fi Protected Access (WPA and WPA2)

Provides much greater security than WEP, but requires a separate authentication protocol, such as RADIUS, be used to authenticate all users. WPA uses a dynamic key that constantly changes, as opposed to the static key that WEP uses.

The Dell SonicWALL security appliance provides a number of permutations of WEP and WPA encryption.

WPA/WPA2 Encryption Settings

Both WPA and WPA2 support two protocols for storing and generating keys:
Pre-Shared Key (PSK)—PSK allows WPA to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.
Extensible Authentication Protocol (EAP)—EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.

WPA2 also supports EAP and PSK protocols, but adds an optional AUTO mode for each protocol. WPA2 EAP AUTO and WPA2 PSK AUTO try to connect using WPA2 security, but will default back to WPA if the client is not WPA2 capable.

* 
NOTE: EAP support is only available in Access Point Mode. EAP support is not available in Bridge Mode.

Configuring WPA2 PSK and WPA PSK Settings

When you finish configuring the settings, click Accept to apply your WPA/WPA2 PSK settings.

Topics:
Encryption Mode
EAPOL Settings
WPA2/WPA Settings
Preshared Key Settings (PSK)

Encryption Mode

From the Authentication Type drop-down menu, select either WPA-PSK, WPA2-PSK, or WPA2-Auto-PSK.

EAPOL Settings

From the EAPOL Version drop-down menu, select:
V1—Selects the extensible authentication protocol over LAN version 1.
V2 (default)—Selects the extensible authentication protocol over LAN version 2. This provides better security than version 1, but may not be supported by some wireless clients.

WPA2/WPA Settings

Specify these settings:
Cypher Type—Select TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis.
Group Key Update—Specifies when the Dell SonicWALL security appliance updates the key. Select By Timeout to generate a new group key after an interval specified in seconds; this is the default. Select Disabled to use a static key.
Interval—If you selected By Timeout, enter the number of seconds before WPA automatically generates a new group key. The default is 86400 seconds. If you selected Disabled for Group Key Update, this option is not displayed.

Preshared Key Settings (PSK)

In the Passphrase field, enter the passphrase from which the key is generated.