Support User Manuals

Cisco Systems OL-29225-01 Film Camera User Manual

Open as PDF

of 514

10-11

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 10 Configuring WLAN Authentication and Encryption

Configuring Encryption Modes

Use the no form of the encryption command to disable a cipher suite.

Matching Cipher Suites with WPA or CCKM

If you configure your access point to use WPA or CCKM authenticated key management, you must select

a cipher suite compatible with the authenticated key management type. Table 10-3 lists the cipher suites

that are compatible with WPA and CCKM.

Step 3

encryption [vlan vlan-id] mode

ciphers {aes-ccm | ckip | ckip-cmic |

cmic | tkip | wep128 | wep40}

Enable a cipher suite containing the protection you need.

Table 10-3 lists guidelines for selecting a cipher suite that

matches the type of authenticated key management you

configure.

• (Optional) Select the VLAN for which you want to enable

a cipher type.

• Select the cipher options you need. You can select more

than one cipher.

Note If you enable a cipher suite with 2 or 3 elements, each

client will use the highest encryption mechanism

enabled on the interface and supported by the client.

The broadcast key will use the element supported by all

clients. See the Understanding Authentication and

Encryption Mechanisms section for more details.

Note If you configure ckip you must also enable Aironet

extensions. The command to enable Aironet extensions

is dot11 extension aironet.

Note You can also use the encryption mode wep command

to set up static WEP. However, you should use

encryption mode wep only if no clients that associate

to the access point are capable of key management. See

the Cisco IOS Command Reference for Cisco Access

Points and Bridges for a detailed description of the

encryption mode wep command.

Note When you configure the cipher TKIP (not TKIP +

WEP 128 or TKIP + WEP 40) for an SSID, the SSID

must use WPA or CCKM key management. Client

authentication fails on an SSID that uses the cipher

TKIP without enabling WPA or CCKM key

management.

Note You must configure WPA key management as optional

in order to configure cipher modes TKIP + WEP 128

or TKIP + WEP 40.

Step 4

end Return to privileged EXEC mode.

Step 5

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

previous next