Configuring wpa migration mode – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

363

Configuring Authentication Types

Chapter 12

Use the no form of the SSID commands to disable the SSID or to disable SSID
features.

This example sets the authentication type for the

SSID batman

to Network-

EAP with CCKM authenticated key management. Client devices using the
batman SSID authenticate by using the adam server list. After they are
authenticated, CCKM-enabled clients can perform fast reassociations by using
CCKM.

ap1200# configure terminal

ap1200(config-if)# ssid batman

ap1200(config-ssid)# authentication network-eap

adam

ap1200(config-ssid)# authentication key-management

cckm optional

ap1200(config)# interface dot11radio 0

ap1200(config-if)# ssid batman

ap1200(config-ssid)# end

Configuring WPA Migration Mode

WPA migration mode lets these client device types to associate to the access
point by using the same SSID:

• WPA clients capable of TKIP and authenticated key management

• 802.1X-2001 clients (such as legacy LEAP clients and clients by using

TLS) capable of authenticated key management but not TKIP

• Static-WEP clients not capable of TKIP or authenticated key management

If all three client types associate by using the same SSID, the multicast cipher
suite for the SSID must be WEP. If only the first two types of clients use the same
SSID the multicast key can be dynamic, but if the static-WEP clients use the
SSID, the key must be static. The access point can switch automatically between a
static and a dynamic group key to accommodate associated client devices. To
support all three types of clients on the same SSID, you must configure the static
key in key slots 2 or 3.

To set up an SSID for WPA migration mode, configure these settings:

• WPA optional
• A cipher suite containing TKIP and 40-bit or 128-bit WEP
• A static WEP key in key slot 2 or 3