Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Features

WPA in action - AP "Enterprise"

Updated June 30, 2003

Figure 3 shows the Belkin AP when I selected the WPA (with RADIUS server) option.

WPA (Radius) Authentication

Figure 3: WPA (Radius) Authentication

You can see that setup for this "Enterprise" mode of WPA isn't that much more complicated. All you need to enter is the IP address of the RADIUS server, its port number (the default of 1812 is entered for you), and the RADIUS key (similar to the WPA password).

Belkin also lets you specify the Re-Key Interval, which is the rate that the AP or RADIUS server pushes a new Group Key out to all clients. The Re-Keying process is part of WPA's enhanced security and is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the Re-Key Interval is also supported by some APs in WPA-PSK mode, while others - like the Belkin - rely on a non-adjustable Re-Key Interval instead.

The configuration of the RADIUS server is beyond the scope of this NTK, but basically, it replaces the single password with per-user authentication. Figure 4 illustrates this mode, where the AP just passes the authentication request to a RADIUS server instead of performing the authentication itself. The server then checks the user's credentials against its records, grants or denies network access accordingly, and then issues the Group Key to all stations so that they can begin encryption and sending / receiving data.

WPA Enterprise Authentication

Figure 4: WPA "Enterprise" Authentication
(Diagram from Wi-Fi Alliance Networld+Interop 2003 Media Presentation
Used by permission)

There's nothing special you need to do at the RADIUS server itself to support WPA, since the wireless client WPA authentication looks the same as any other client's. This assumes, however, that the server supports 802.1X authentication and the desired EAP (Extensible Authentication Protocol) l types. I'll go into this more in the next section, which describes the Client end of WPA.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm still currently on AsusWRT Merlin 384.13 and trying to do a firmware upgrade to 384.19. I've downloaded the .trx file and tried updating the firmw...
HiI have first tried getting support from Asus, but that is like getting blood out of a stone!My new Asus router just will not connect to a web browse...
I am pleased to announce the release of CakeQOS-Merlin!Current Version: 1.0.2 (Changelog)CakeQOS-Merlin is a custom add-on for supported Asus routers ...
Hello allI think I discovered a bug with the R7800. I tested firmware 1.0.2.52 and now also the new 1.0.2.62. I have a NAS attached to a switch, attac...
Asuswrt-Merlin 384.19 is now available for all supported models, except for the RT-AX56U (no up-to-date GPL available for that model).The main changes...

Don't Miss These

  • 1
  • 2
  • 3