Configuring WPA2
Creating a Service
Profile for RSN
Enabling RSN
Robust Security Network (RSN) provides WPA2 support. WPA2 is based
on the final IEEE 802.11i amendment to the 802.11 standard. The
primary difference between WPA and WPA2 is the type of encryption
used. WPA uses RC4 encryption (TKIP) and WPA2 generally uses AES
encryption.
You can configure a service profile to support RSN clients exclusively, or
to support RSN with WPA clients, or even RSN, WPA and WEP clients.
The configuration tasks for a service profile to use RSN are similar to the
tasks for WPA:
1 Create a service profile for each SSID that will support RSN clients.
2 Enable the RSN IE in the service profile.
3 Enable the cipher suites you want to support in the service profile. (TKIP is
enabled by default.) Optionally, you also can change the
countermeasures timer value for TKIP.
4 Map the service profile to the radio profile that will control IEEE settings
for the radios.
5 Assign the radio profile to the radios and enable the radios.
If you plan to use PSK authentication, you also need to enable this
authentication method and enter an ASCII passphrase or a hexadecimal
(raw) key.
Encryption parameters apply to all users who use the SSID configured by
a service profile. To create a service profile, use the following command:
set service-profile name
To create a new service profile named rsn, type the following command:
WX1200# set service-profile rsn
success: change accepted.
To enable RSN, you must enable the RSN information element (IE) in the
service profile. To enable the RSN IE, use the following command:
set service-profile name rsn-ie {enable | disable}
Configuring WPA2
179