You are here: Authentication and User Management > Understanding Encryption Types
Previous TopicNext Topic

Understanding Encryption Types

Encryption is the process of converting data into a cryptic format or code when it is transmitted on a network. Encryption prevents unauthorized use of the data.

Instant supports the following types of encryption:

WEP —Wired Equivalent Privacy (WEP) is an authentication method where all users share the same key. WEP is not secure as other encryption types such as TKIP.
TKIP —Temporal Key Integrity Protocol (TKIP) uses the same encryption algorithm as WEP. However, TKIP is more secure and has an additional message integrity check (MIC).
AES — The Advanced Encryption Standard (AES) encryption algorithm a widely supported encryption type for all wireless networks that contain any confidential data. AES in Wi-Fi leverages 802.1X or PSKs to generate per station keys for all devices. AES provides a high level of security like IP Security (IPsec) clients.


WEP and TKIP are limited to WLAN connection speed of 54 Mbps. The 802.11n connection supports only AES encryption. Aruba recommends AES encryption. Ensure that all devices that do not support AES are upgraded or replaced with the devices that support AES encryption.

WPA and WPA2

WPA is created based on a draft of 802.11i, which allowed users to create more secure WLANs. WPA2 encompasses the full implementation of the 802.11i standard. WPA2 is a superset that encompasses the full WPA feature set.

The following table summarizes the differences between the two certifications:

Table 1: WPA and WPA2 Features





l IEEE 802.1X with Extensible Authentication Protocol (EAP)

TKIP with message integrity check (MIC)



l IEEE 802.1X with EAP

AES -- Counter Mode with Cipher Block Chaining Message Authentication Code (AESCCMP)

WPA and WPA2 can be further classified as follows:

Personal — Personal is also called Pre-Shared Key (PSK). In this type, a unique key is shared with each client in the network. Users have to use this key to securely log in to the network. The key remains the same until it is changed by authorized personnel. You can also configure key change intervals .
Enterprise — Enterprise is more secure than WPA Personal. In this type, every client automatically receives a unique encryption key after securely logging on to the network. This key is automatically updated at regular intervals. WPA uses TKIP and WPA2 uses the AES algorithm.

Recommended Authentication and Encryption Combinations

The following table summarizes the recommendations for authentication and encryption combinations for the Wi-Fi networks.

Table 2: Recommended Authentication and Encryption Combinations

Network Type






Guest Network

Captive Portal


Voice Network or Handheld devices

802.1X or PSK as supported by the device

AES if possible, TKIP or WEP if necessary (combine with security settings assigned for a user role).