Manual:Network/WiFi/Security

From Compex Wiki
Jump to: navigation, search

Interface Configuration > Wireless Security

CpxWRT Network Security Overview.png

Encryption: Chooses between No Encryption (open) and the following encryptions: WEP Open System, WEP Shared Key, WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode, WPA-EAP, and WPA2-EAP.

WEP

Wired Equivalent Privacy (WEP) is the oldest and least secure encryption algorithm. Stronger encryption using WPA or WPA2 should be used where possible. The WEP option may be removed from the future releases of the firmware.

For the WEP Open System and WEP Shared Key encryptions, you can specify up to 4 keys and only 1 would be used at a time. We have the following options:

Used Key Slot: Chooses between Key #1 to Key #4.

Key #1: Specifies a string of characters to be used as the password. It may consist of 5 ASCII characters or 10 HEX characters, implying a 64-bit WEP key length. Otherwise, it may consist of 13 ASCII or 26 HEX characters, implying a 128-bit key length.

Key #2, #3, and #4: Similar to Key #1.

Note: Valid HEX characters are numbers 0-9 and letters A-F, case insensitive. Valid ASCII characters are numbers and the letters of the English alphabet, case sensitive. Based on the number of characters, the key is automatically checked for validity. Invalid keys are represented by red dots while valid keys are represented by black dots. Click the green arrows icon beside the text field to reveal/hide the password.

WPA or WPA2 with PSK

WiFi protected access (WPA) is a stronger encryption than WEP.

Furthermore, WPA2 was developed to strengthen the security of WPA and is stronger than WPA and WEP.

For WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode encryptions, we have the following options.

Cipher: Can be set to Auto, CCMP (AES), or TKIP and CCMP (AES). The Temporal Key Integrity Protocol (TKIP) was developed as a temporary replacement for WEP. The Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on the Advanced Encryption Standard (AES) and is the most secure protocol.

Key: The pre-shared key (PSK) is the password for the wireless network. This may consist of 8 to 63 ASCII characters.

WPA or WPA2 with EAP

The Extensible Authentication Protocol (EAP) is encapsulated by the IEEE 802.1X authentication method. IEEE 802.1X is equivalent to EAP over LAN or WLAN. Enterprise networks commonly use this authentication method.

WPA or WPA2 with EAP (AP Mode)

CpxWRT Network Security WPA AP Mode.png

Cipher: Can be set to Auto, CCMP (AES), or TKIP and CCMP (AES). Radius-Authentication-Server: Specifies the IP address of the RADIUS authentication server.

Note: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service.

Radius-Authentication-Port: Sets the port number for the RADIUS authentication server. Normally, the port number is 1812. Radius-Authentication-Secret: Configures the password for the authentication transaction. Radius-Accounting-Server: Specifies the IP address of the RADIUS accounting server. Radius-Accounting-Port: Sets the port number for the RADIUS accounting server. Normally, the port number is 1813. Radius-Accounting-Secret: Configures the password for the accounting transaction. NAS ID: Specifies the identity of the network access server (NAS).

WPA or WPA2 with EAP (Station Mode)

CpxWRT Network Security WPA Station Mode.png

Cipher: Can be set to Auto, CCMP (AES), or TKIP and CCMP (AES).

EAP-Method: The authentication protocol can be set to Transport Layer Security (TLS), Tunneled TLS (TTLS), or Protected EAP (PEAP). Path to CA-Certificate: Selects the file for the CA certificate.

Note: The certificate authority (CA) is a trusted third party that issues digital certificates. In a public key infrastructure scheme, a digital certificate certifies the ownership of a public key by the named subject of the certificate.

Path to Client-Certificate: Selects the file for the client certificate.

Options for TLS as the EAP method

Path to Private Key: Selects the file for the private key.

Password of Private Key: Configures the password for the private key.

Options for TTLS or PEAP as the EAP method

Authentication: Selects the authentication method used by the AP, e.g. PAP, CHAP, MSCHAP, or MSCHAPV2.

Identity: Sets the identity used by the supplicant for EAP authentication.

Password: Sets the password used by the supplicant for EAP authentication.