Explanations to some of the options in Wireless setup

Hi all,
Let me start by saying that I don't have problem with wireless, thanks to Mandriva's excellent support for wireless configuration. The problem I had was largely because of a silly mistake I was making. Its solved and infact I'm now communicating with wireless connection itself.

I'm actually expecting some clarifications on few of the options that was available in my router's wireless setup page.

I have attached an image. But just incase if that is not visible enough this is what the security page has:

Code:

---

Select SSID:                SV                        # my SSID name       
Network Authentication:        Mixed WPA2/WPA-PSK        # my selection: WPA, WPA2 and 802.11 were asking for radius server ip ?!
WPA Pre-Shared Key:        blahblah                # some dummy password
WPA Group Rekey Interval:0
WPA Encryption:                TKIP+AES                # my selection, thought more is good :)
WEP Encryption:                Enabled                # Enable/Disable option
Encryption Strength:        128-bit                # had choice between 64-bit and 128-bit
Current Network Key:        2                        # 2 was default, 1 was not shown except for open authentication
Network Key1:                testingwireless        # my password
Network Key2:                testingwireless        # my password again
Network Key3:                                        # blank, got bored ;)
Network Key4:                                        # blank, wtf
                        Enter 13 ASCII characters or 26 hexadecimal digits for 128-bit encryption keys
                        Enter 5 ASCII characters or 10 hexadecimal digits for 64-bit encryption keys

Save/Apply

---

This is what was on Mandriva's Network Configuration page:

Code:

---

Operating Mode:                Managed                # Managed, Master, Repeater, Ad-hoc,...etc
Network name (ESSID):        SV
Encryption mode:        WPA/WPA2 Pre-Shared Key        #WPA/WPA2 Enterprise, Open WEP.. etc
Encryption Key:                testingwireless        # this is what I was typing instead of blahblah :)

EAP Login Username:
,,,
...
[Automatic IP radio button]

---

Each time I was able to connect with 'Open' authentication. But with any other secure authentication method I was not able to connect. I finally found that in the 'Encryption Key' box, I was typing my 'Network Key1' instead of WPA Pre-Shared Key. How silly...!!! :D But part of the problem was due to similar/confusing terms used.

Now, here is my problem. I am pretty much confused with some of the terms used in configuration pages both at router and on my linux. I searched in the net, you get elaborate and seperate guides which are too technical. Searched in youtube also. Not much of help.

My questions are:
1. With selection of WPA/WPA2, is it required to select WEP encryption? Is that just a wrong entry in my router page, I mean page showing unnecessary options even with selection of WPA?
2. What is the difference between WPA PSK and Network Key1, Network Key2.. listed above.
3. What is WPA Group Rekey Interval?
4. What are WPA Encryption:- TKIP and AES which is good or which should be selected for WPA and/or WPA2?
5. Is Radius server ip is given by ISP or we can find out?
6. What is EAP login? Again we can create it at home network level or ISP gives it?

Hope to get some positive reply...

Unfortunately, the jpg file you uploaded is of too low a resolution to see very well. Nevertheless, here we go.

First a couple of observations. The SSID is the name of your access point, which can be (but doesn't have to be) broadcast. Set it to something that makes sense for you. SV is used simply an example. You first have to change it on the access point. When you do that, you want a wired connection to the AP/router, otherwise when you change it you will lose connection, though that might not be a problem if you use that SSID to reconnect immediately.

Second observation. You misunderstand what the 4 keys are. They are the hexadecimal WEP keys used for 128bit encryption. You can have up to 4 keys (I never use more than 2), any of which can be used to connect with the access point. The Encyrption Key is a passphrase for WPA encryption. It is used to generate a key, and is a lot easier to use. Some AP's, such as Linksys, also support pass-phrases for WEP encryption, but some laptops don't use them, so you still need the hex keys for such devices to connect. The good thing is that a Linksys access point will generate and display to you the hex keys that are generated by the passphrase.

Now, on to your questions.

1. If you are using WPA/WPA-2 encryption, you don't need to worry about WEP. WPA is much more secure than WEP. The thing about a Radius server is only for the enterprise version of WPA.
2. See my comments above about WPA/WEP encryption keys.
3. I have no idea what the WPA Group Rekey Interval is for. I can only guess, though I suspect that leaving it to the default setting won't be a bad thing.
4. TKIP/AES - which to use is to a great extent dependent upon the client systems that will connect to the access point.
5. The Radius server thingy is only for enterprise systems. I use WPA, but not the version that requires the Radius server. If your company uses wireless a lot, then they would have such a beast - costs major $$ I suspect, at least for a small home/office or medium size business.
6. EAP - don't remember. Remember that Google is your friend. Look it up! :-)

Hope this helps somewhat. Once your access point is set up, your wireless clients will detect what protocol (WEP/WPA) is needed to connect with it. Your Linux system will ask for the passphrase, or hex key to use to make the connection. You don't need to worry about anything else other than the SSID you want to connect with. The system will take it from there.

Thanks a lot, Rubberman. Most of my doubts are cleared.

EAP is some, Extensible Authentication Protocol. Again a casual home user need not bother with it I guess. Don't want radius server if it costs money :) Am using wireless in my home anyway.

If I choose WPA PSK, by defualt TKIP is selected, for WPA2 PSK, AES is selected and for Mixed WPA/WPA2 PSK option, TKIP+AES is selected by default. As you said its better to stick with defaults if we are not sure what we are doing. :)

Two more favours please.
1. Do you know any online tutorial/guide/book about wireless networking which starts from basics but tells about most of the things used like the ones I asked above? I did search google with 'wireless networking', 'wireless basics'. Got nothing that I was looking for.

2. Can you give some info/links regarding how to secure communication in wireless network. If I'm not wrong, WPA and all are for establishing connection, i.e., gaining access to wireless network. But once connected, how do I make sure that my activities are secure? I remember a thread in this forums which is similar to what I asked. Am not able to find it. I guess, you guys suggested something like tunneling, IPsec..?! Atleast point me to that thread.