Configuring wpa2-ccmp (802.11i), Configuring wpa2-ccmp, 11i) – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

144

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Configuring WPA2-CCMP (802.11i)

6

28292A2B2C2D2E2F

7. Enable WPA2-TKIP Support as needed to allow WPA2 and TKIP client interoperation.

8. Configure the Fast Roaming (802.1x only) field as required to enable additional Mobility 5181

Access Point roaming and key caching options. This feature is applicable only when using
802.1x EAP authentication with WPA2-TKIP.

NOTE

PMK key caching is enabled internally by default for WPA2-TKIP when 802.1x EAP
authentication is enabled.

9. Click the Apply button to save any changes made within this New Security Policy screen.

10. Click the Cancel button to undo any changes made within the WPA/TKIP Settings field and

return to the WLAN screen. This reverts all settings to the last saved configuration.

Configuring WPA2-CCMP (802.11i)

WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi
Protected Access (WPA) and WEP. CCMP is the security standard used by the Advanced Encryption
Standard (AES). AES serves the same function TKIP does for WPA-TKIP. CCMP computes a
Message Integrity Check (MIC) using the proven Cipher Block Chaining (CBC) technique. Changing
just one bit in a message produces a totally different result.

WPA2/CCMP is based on the concept of a Robust Security Network (RSN), which defines a
hierarchy of keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator
provides are used to derive other keys. Messages are encrypted using a 128-bit secret key and a
128-bit block of data. The end result is an encryption scheme as secure as any the Mobility 5181
Access Point provides.

To configure WPA2-CCMP on the Mobility 5181 Access Point:

1. Select Network Configuration -> Wireless -> Security from the Mobility 5181 Access Point

menu tree.

If security policies supporting WPA2-CCMP exist, they appear within the Security Configuration
screen. These existing policies can be used as is, or their properties edited by clicking the Edit
button. To configure a new security policy supporting WPA2-CCMP, continue to step 2.

2. Click the Create button to configure a new policy supporting WPA2-CCMP.

The New Security Policy screen displays with no authentication or encryption options selected.

Allow WPA2-TKIP
clients

WPA2-TKIP support enables WPA2 and TKIP clients to operate
together on the network.

Pre-Authentication

Selecting this option enables an associated Client to carry out an
802.1x authentication with another Mobility 5181 Access Point
before it roams to it. The Mobility 5181 Access Point caches the
keying information of the client until it roams to the other Mobility
5181 Access Point. This enables the roaming client to start
sending and receiving data sooner by not having to do 802.1x
authentication after it roams. This feature is only supported when
802.1x EAP authentication and WPA2-TKIP is enabled.