Matching cipher suites with wpa or cckm – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

348

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 11

Configuring Cipher Suites and WEP

• If you enable a cipher suite with two elements (such as TKIP and 128-

bit WEP), the second cipher becomes the group cipher.

• If you configure

ckip

you must also enable Aironet extensions. The

command to enable Aironet extensions is

dot11 extension

aironet

.

You can use the

encryption mode wep

command to set up static

WEP. However, use

encryption mode wep

only if no clients that

associate to the access point are capable of key management.

When you configure the cipher TKIP (not

TKIP + WEP 128 or TKIP +

WEP

40

) for an SSID, the SSID must use WPA or CCKM key management.

Client authentication fails on an SSID that uses the cipher TKIP without
enabling WPA or CCKM key management.

You must configure WPA key management as optional to configure cipher modes

TKIP + WEP 128 or TKIP + WEP 40

.

encryption

[vlan vlan-id]

mode ciphers

{[aes | aes-ccm | ckip | tkip]} {[wep128 | wep40]}

6. Return to privileged EXEC mode.

end

7. (Optional) Save your entries in the configuration file.

copy running-config startup-config

Use the

no

form of the encryption command to disable a cipher suite.

Matching Cipher Suites with WPA or CCKM

If you configure your access point to use WPA or CCKM authenticated key
management, you must select a cipher suite compatible with the authenticated