multicast-cipher
This command defines the cipher algorithm used for broadcasting and multicasting when using
Wi‐Fi Protected Access (WPA) security.
Syntax
multicast-cipher <AES | TKIP | WEP>
• AES ‐ Advanced Encryption Standard
• TKIP ‐ Temporal Key Integrity Protocol
• WEP ‐ Wired Equivalent Privacy
Default Setting
WEP
Command Mode
Interface Configuration (Wireless)
Interface Configuration (Wireless): VAP
Command Usage
• Use this command for the default interface or any of the seven VAPs configurable per radio
interface.
• WPA enables the access point to support different unicast encryption keys for each client.
However, the global encryption key for multicast and broadcast traffic must be the same for
all clients. This command sets the encryption type that is supported by all clients.
• If any clients supported by the access point are not WPA enabled, the multicast‐cipher
algorithm must be set to WEP.
• WEP is the first generation security protocol used to encrypt data crossing the wireless
medium using a fairly short key. Communicating devices must use the same WEP key to
encrypt and decrypt radio signals. WEP has many security flaws, and is not recommended
for transmitting highly sensitive data.
• TKIP provides data encryption enhancements including per‐packet key hashing (i.e.,
changing the encryption key on each packet), a message integrity check, an extended
initialization vector with sequencing rules, and a re‐keying mechanism.
• TKIP defends against attacks on WEP in which the un‐encrypted initialization vector in
encrypted packets is used to calculate the WEP key. TKIP changes the encryption key on
each packet, and rotates not just the unicast keys, but the broadcast keys as well. TKIP is a
replacement for WEP that removes the predictability that intruders relied on to determine
the WEP key.
• AES has been designated by the National Institute of Standards and Technology as the
successor to the Data Encryption Standard (DES) encryption algorithm, and will be used by
the U.S. government for encrypting all sensitive, nonclassified information. Because of its
strength, and resistance to attack, AES is also being incorporated as part of the 802.11
standard.
RoamAbout Access Point 3000 Configuration Guide A-143
Command Groups