If you had a WEP-encrypted network functioning up until now, your various nodes no longer have access to the network as soon as you configure the Access Point to use WPA security. Once again, WPA replaces WEP, it does not enhance it.

As far as your client PCs go, they are effectively shut out of the network because the security system no longer recognizes them as legitimate members of that network. They cannot be authenticated, so they cannot participate, even though they could, as sharers of a WEP key, only a minute ago.

At this stage, you need to move to each would-be network client and enable WPA-PSK, set the passphrase, and test the connections once again. You can find everything you need to establish client-level WPA-PSK on the Wireless Network Properties dialog box found in Windows XP with the Wi-Fi Protected Access patch installed.

Figure 1 shows this dialog box with both options selected.

The first is the Network Authentication option, the first drop-down menu, here shown with the WPA-SPK choice selected.

The other three options in this dialog box are Open, Shared, and WPA, the first two of which are WEP options.

The other, WPA, depends, like its access point configuration counterpart, on the existence of a RADIUS server, and has no function on an AP network without such a server.

The second drop-down menu, Data Encryption, offers three choices: WEP, TKIP, and AES. Unfortunately, Windows gives no clue which one you should use, via neither embedded help (instructions on the dialog box) nor context help.

Nor, for that matter, in the Help and Support Center; here, a search on WPA reveals absolutely no hits whatsoever, not even for the aforementioned Windows Product Activation.

Clearly, as of this writing the Help system has not caught up with the addition of WPA, but by the time you read this, with Service Pack 2 officially released, that deficiency will almost certainly be addressed. In fact, the lack of official Help for WPA networking displays just how recently this security feature has emerged.

The D-Link DI-624 access point configuration system offers its own Help pages, and while they range from the somewhat useful to the completely worthless, they, too, offer nothing on the WPA options, even though the radio buttons for WPA and WPA-PSK settings feature prominently on the Wireless screens.

Again, this lack will probably disappear over the next few months, and the products you buy will probably include the necessary details in the Help system, as embedded help, and in the manuals. As we write this chapter, none of the three recently produced access points offer any assistance.

In other words, you’re left to your own devices, and you can choose either to engage in a process of trial and error (always frustrating with networking products) or know enough about WPA in advance to know which setting to choose.

Having read through the beginning parts of this tutorials, you’ll automatically know that of the three Data Encryption methods offered on the Wireless Network Properties dialog box, TKIP gets you where you want to go.

WEP won’t work because WPA replaces WEP entirely, and AES, while possible on WPA equipment, remains a technology primarily for the future, when the full 802.11i spec appears in the new range of wireless products.

With the correct network authentication and data encryption settings in place on the access point, all that remains is to type the passphrase, identical to that established on the access point.

In the Windows XP Wireless Network Properties dialog box, you don’t need to specify what kind of key you’re typing because, as with the various WEP keys, the combination of authentication and encryption choices, when combined with the key length, tells Windows XP what the key represents.

It would help, however, if the dialog box changed, on selecting WPA-PSK, to reflect the terminology of WPA, with Network Key relabeled either Passphrase or Shared Secret. This way, nobody would get confused wondering precisely what to type in the Network Key field.

Still, the trick is simply to type the passphrase, click OK, and then wait while Windows XP reconfigures itself to recognize the newly defined network and connect to it with the enhanced security in place. As with WEP configuration, you need not use the Wireless Network Properties dialog box supplied by Windows XP.

Instead, you can uncheck the box labeled “Use Windows to configure my wireless network settings,” under the Wireless Networks tab of the Wireless Network Connection Properties dialog box, and open the configuration screens supplied with your WLAN adapter.

You have little reason to do so, however, because Windows XP really does know itself best, so save the device-specific configuration menus for other operating systems and make use of those in your operating system when setting up your enhanced security.

Obviously, this statement does not necessarily hold true if your vendor has included proprietary technology in the wireless WLAN adapters, especially if you’re using the adapter in conjunction with an Access Point that shares this proprietary technology.

Given the trend of vendors to include non-standard speed and even encryption technologies on their wireless products, you should check to ensure you’re making the best use of your product before working with the default Windows XP configuration boxes.