As noted in Chapter 4, "Wireless Security," Wi-Fi Protected Access (WPA) is the replacement for WEP. It uses keys that automatically change, which enhances WEP.
First, open the Encryption Manager from the AP's home page (Security > Encryption Manager) shown in Figure 8-5.
Figure 8-5. The Encryption Manager Page Is Used to Manage WPA Settings
This configuration assumes that you have a working LEAP, EAP, or PEAP configuration.
To configure WPA settings, follow these steps:
Select the radio button next to Cipher and select TKIP from the drop-down menu.
Clear the encryption key in Key 1.
Enable Encryption Key 2 as the transmit key by selecting the Transmit Key radio button next to Encryption Key 2.
Click the Apply-Radio# button.
Next, you must set up the SSID manager. On the leftmost menu under SECURITY, select SSID Manager to bring up the screen shown in Figure 8-6.
Figure 8-6. Making WPA Settings on the SSID Manager Page
Select the appropriate SSID from Current SSID List.
Select the authentication method based on what type of clients you use. Use the authentication method listing in Table 8-1.
Table 8-1. Select an Authentication Method Based on Your Clients
Type of Clients
Third-party clients, including Cisco Compatible Extension (CCX) clients
Use Open Authentication with EAP
Both Cisco and third-party clients
Use both Network-EAP and Open Authentication with EAP
If EAP worked before you added WPA, you should not need to change this setting.
Under Authenticated Key Management, choose Mandatory from the drop-down menu, and then check the box to choose WPA. This is shown in Figure 8-7.
Figure 8-7. Making Authentication Key Management Settings on the SSID Manager Page
Click Apply-Radio#, as shown in Figure 8-8.
Figure 8-8. Applying Settings on the SSID Manager Page
You can verify your WPA configuration if you click Association from the leftmost menu on the AP's homepage, and click the client's MAC address. Under Key Management, you can see if WPA has been properly enabled and if TKIP is used.