Configuring tkip cipher suite, Configuring ccmp cipher suite, Configuring port security – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 72
60
Configuring TKIP cipher suite
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter WLAN service
template view.
wlan service-template
service-template-number crypto
N/A
3.
Enable the TKIP cipher suite. cipher-suite tkip
By default, no cipher suite is
selected.
4.
Configure the TKIP
countermeasure interval.
tkip-cm-time time
Optional.
The default countermeasure
interval is 0 seconds. No
countermeasures are taken.
NOTE:
Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data security
by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that the data has
been modified and the system is being attacked. Upon detecting the attack, TKIP will suspend within the
countermeasure interval. No TKIP associations can be established within the interval.
Configuring CCMP cipher suite
CCMP adopts the AES encryption algorithm.
To configure the CCMP cipher suite:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter WLAN service
template view.
wlan service-template
service-template-number crypto
N/A
3.
Enable the CCMP cipher
suite.
cipher-suite ccmp
By default, no cipher suite is
selected.
Configuring port security
The authentication type configuration includes the following options:
•
PSK
•
802.1X
•
MAC
•
PSK and MAC
NOTE:
This document describes only several common port security modes. For more information about other port
security modes, see
Security Configuration Guide.
Before configuring port security, you must:
1.
Create the wireless port.