Configuring Wpa2-Ccmp (802.11I) Encryption - Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual

5.3.7 Configuring WPA2-CCMP (802.11i) Encryption

WPA2 is a newer 802.11i standard that provides stronger wireless security than WiFi Protected Access
(WPA) and WEP.
CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message
Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code
(CBC-MAC) method. Changing even one bit in a message produces a totally different result thus providing
strong authentication.
WPA2-CCMP is based upon the concept of a robust security network (RSN), which defines a hierarchy of keys
that have a limited lifetime, similar to TKIP. Also like TKIP, the keys that the administrator provides are used
to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The end
result is encryption that is extremely secure.
1. Select the WPA2-CCMP
Integrity Protocol (TKIP).
2. To use WPA-TKIP encryption with
click the WPA-TKIP Settings
3. Check the Broadcast Key Rotation
changes to mobile units.
4. Specify a time period in seconds for broadcasting encryption-key changes to mobile units. Set key
broadcasts to a shorter time interval (at least 300 seconds) for tighter security on this WLAN's wireless
connections. Set key broadcasts to a longer time interval (at most, 200,000 seconds) to relax security on
wireless connections.
5. Select either the
6. If ASCII Passphrase
character spaces. The switch converts the string to a numeric value.
7. To use the 256-bit Key
8. WPA2-CCMP Mixed Mode
the network. Enabling this option allows backwards compatibility for clients that support WPA-TKIP but
do not support WPA2-CCMP.
9. The Fast Roaming
with one Access Port to carry out an 802.1x authentication with another Access Port before it roams over
to it. The WS 2000 switch will cache the keying information of the client until it roams to the new Access
radio button to enable Wi-Fi Protected Access (WPA) with Temporal Key
802.1x EAP authentication
button to display a sub-screen for key and key rotation settings.
checkbox to enable or disable the broadcasting of encryption-key
ASCII Passphrase or the
is selected, specify a 8 to 63 character ASCII string. The ASCII string allows
option, enter 16 hexadecimal characters into each of four fields.
enables WPA2-CCMP and WPA-TKIP Clients to operate simultaneously on
area provides two fields. Enabling
or the No Authentication
256-bit Key radio button.
Pre-Authentication
5-13
Wireless Configuration
selection,
enables a client associated