N o t e
WPA2 defines a transitional mode of operation for networks moving
from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and
WPA2 stations to associate to a common SSID interface. When the
encryption cipher suite is set to tkip-aes, the unicast encryption
cipher (TKIP or AES) is negotiated for each client. The access point
advertises it's supported encryption ciphers in beacon frames and
probe responses. WPA and WPA2 stations select the cipher they
support and return the choice in the association request to the access
point. For mixed-mode operation, the cipher used for broadcast
frames is always TKIP. WEP encryption is not allowed.
If any stations supported by the access point are not WPA enabled,
the multicast-cipher algorithm must be set to WEP.
When 802.1X is disabled, the access point does not support 802.1X
authentication for any station. After successful 802.11 association,
each client is allowed to access the network.
When 802.1X is supported, the access point supports 802.1X authen-
tication only for stations initiating the 802.1X authentication process.
The access point does NOT initiate 802.1X authentication. For
stations initiating 802.1X, only those stations successfully authenti-
cated are allowed to access the network. For those stations not
initiating 802.1X, access to the network is allowed after successful
When 802.1X is required, the access point enforces 802.1X authenti-
cation for all 802.11 associated stations. If 802.1X authentication is
not initiated by the station, the access point will initiate authentica-
tion. Only those stations successfully authenticated with 802.1X are
allowed to access the network.
The following commands configure the access point to use the WPA-802.1X
security mode, accept both the WPA and WPA2 stations, and allow pre-
WPA-802.1X is the recommended security mode. The incorporation of the
RADIUS Server makes it superior to the WPA-PSK security mode.
Command Line Reference
Wireless Security Commands