Chapter 10
Configuring Cipher Suites and WEP
Use the no form of the encryption command to disable a cipher suite.
This example sets up a cipher suite for VLAN 22 that enables CKIP (unsupported), CMIC (unsupported),
and 128-bit WEP.
ap1200# configure terminal
ap1200(config)# interface dot11radio 0
ap1200(config-if)# encryption vlan 22 mode ciphers ckip-cmic wep128
ap1200(config-if)# exit
Matching Cipher Suites with WPA and CCKM
If you configure your access point to use WPA or CCKM authenticated key management, you must select
a cipher suite compatible with the authenticated key management type.
that are compatible with WPA and CCKM.
Table 10-3
Authenticated Key Management Types
CCKM
WPA
When you configure the cipher TKIP (not TKIP + WEP 128 or TKIP + WEP 40) for an SSID, the SSID
Note
must use WPA or CCKM key management. Client authentication fails on an SSID that uses the cipher
TKIP without enabling WPA or CCKM key management.
For a complete description of WPA and CCKM and instructions for configuring authenticated key
management, see the
WPA Key Management" section on page
Enabling and Disabling Broadcast Key Rotation
Broadcast key rotation is disabled by default.
Client devices using static WEP cannot use the access point when you enable broadcast key rotation.
Note
When you enable broadcast key rotation, only wireless client devices using 802.1x authentication (such
as LEAP, EAP-TLS, or PEAP) can use the access point.
OL-14209-01
Cipher Suites Compatible with WPA and CCKM
Compatible Cipher Suites
"Using CCKM for Authenticated Clients" section on page 11-6
11-7.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
encryption mode ciphers wep128
•
encryption mode ciphers wep40
•
•
encryption mode ciphers ckip
•
encryption mode ciphers cmic
•
encryption mode ciphers ckip-cmic
encryption mode ciphers tkip
•
encryption mode ciphers tkip
•
encryption mode ciphers tkip wep128
•
encryption mode ciphers tkip wep40
•
Configuring Cipher Suites and WEP
Table 10-3
lists the cipher suites
and the
"Using
10-7