Chapter 3 Wireless LANs
NWD Series User’s Guide
22
If both an AP and the wireless clients support WPA2-PSK, use WPA2-PSK for stronger data encryption. If
the AP or the wireless clients do not support WPA2-PSK, just use WPA-PSK. Select WEP only when the AP
and/or wireless clients do not support WPA-PSK or WPA2-PSK. WEP is less secure than WPA-PSK or WPA2-
PSK.
3.4 Wi- Fi Pro te c te d Se tup
3.4.1 Ho w WPS Wo rks
When two WPS-enabled devices connect, each device must assume a specific role. One device acts
as the registrar (the device that supplies network and security settings) and the other device acts as the
enrollee (the device that receives network and security settings. The registrar creates a secure EAP
(Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the WPA-PSK or
WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the
standards supported by the devices. If the registrar is already part of a network, it sends the existing
information. If not, it generates the SSID and WPA(2)-PSK randomly.
The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a
WPS-enabled access point.
Fig ure 9
How WPS works
The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The
next time you use WPS, a different device can be the registrar if necessary.
SECURE TUNNEL
SECURITY INFO
WITHIN 2 MINUTES
COMMUNICATION
ACTIVATE
WPS
ACTIVATE
WPS
WPS HANDSHAKE
REGISTRAR
ENROLLEE
