The WPA Pre-Shared Key (WPA-PSK) option lets any client device with the correct shared key access the network connected to the wireless Access Point (AP). Although the shared key is easy to set up, it has a few drawbacks. First, a network administrator must manually configure each wireless client with the correct shared key. In addition, a shared key doesn't guarantee that all connected devices are authorized or approved. For example, if a user gives the shared key to another user, both their devices will successfully connect to the wireless AP.
A solution to this problem is to authenticate all users or devices connecting to the wireless AP. The Linksys WRT54G AP's WPA RADIUS feature (called WPA Enterprise in the newest version of the product) opens up a number of authentication options to validate that the incoming client is, in fact, trusted.
WPA RADIUS uses the IEEE 802.1x authentication standard to check all new wireless devices against a Remote Authentication Dial-In User Service (RADIUS) server. When the configured RADIUS server successfully authenticates a client, it approves the connection, and the wireless AP allows the device to connect to the network. Microsoft includes a RADIUS server—the Internet Authentication Service (IAS) server—with Windows Server 2003. Using a RADIUS server dramatically increases your authentication options, such as requiring that clients use a domain username and password, smart cards, or certificates before they're allowed to connect to the wireless AP.
On a Linksys WRT54G AP, when you enable WPA RADIUS or WPA Enterprise, you must enter the IP Address of the RADIUS server and a RADIUS shared key. You must also configure a RADIUS server, such as Windows 2003 with IAS enabled. The Microsoft TechNet Web site offers a number of in-depth configuration guides for configuring certificates, RADIUS, and WLANs. Also, you can read more about 802.1x in "A Secure Wireless Network Is Possible," May 2004, InstantDoc ID 42273, and Security Administrator," Using Certificates to Secure Your WLAN," August 2004, InstantDoc ID 43086. WPA RADIUS isn't terribly difficult to configure, but it does require a bit more work; for SOHO users, WPA-PSK offers a good balance of security and ease of management.