Motorola WS2000 System Reference Manual page 99

(CBC-MAC) method. Changing even one bit in a message produces a totally different result thus providing
strong authentication.
WPA2-CCMP is based upon the concept of a Robust Security Network (RSN), which defines a hierarchy of
keys that have a limited lifetime, similar to TKIP. Also like TKIP, the keys that the administrator provides are
used to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data.
The end result is encryption that is extremely secure.
1. Select the WPA2-CCMP
Integrity Protocol (TKIP).
2. To use WPA-TKIP encryption with
click the WPA-TKIP Settings
3. Check the Broadcast Key Rotation
changes to mobile units.
4. Specify a time period in seconds for broadcasting encryption-key changes to mobile units. Set key
broadcasts to a shorter time interval (at least 300 seconds) for tighter security on this WLAN's wireless
connections. Set key broadcasts to a longer time interval (at most, 200,000 seconds) to relax security on
wireless connections.
5. Select either the ASCII Passphrase
6. If ASCII Passphrase
character spaces. The switch converts the string to a numeric value.
7. To use the 256-bit Key
8. WPA2-CCMP Mixed Mode
the network. Enabling this option allows backwards compatibility for clients that support WPA-TKIP but
do not support WPA2-CCMP.
9. The Fast Roaming area provides two fields. Enabling
with one Access Port to carry out an 802.1x authentication with another Access Port before it roams over
to it. The WS2000 switch will cache the keying information of the client until it roams to the new Access
Port. This enables the roaming the client to start sending and receiving data sooner by not having to do
802.1x authentication after it roams. Enabling
Pairwise Master Key (PMK) derived with a client on one Access Port with the same client when it roams
over to another Access Port. Upon roaming the client does not have to do 802.1x authentication and can
start sending/receiving data sooner.
radio button to enable Wi-Fi Protected Access (WPA) with Temporal Key
802.1x EAP authentication
button to display a sub-screen for key and key rotation settings.
check box to enable or disable the broadcasting of encryption-key
or the 256-bit Key
is selected, specify a 8 to 63 character ASCII string. The ASCII string allows
option, enter 16 hexadecimal characters into each of four fields.
enables WPA2-CCMP and WPA-TKIP Clients to operate simultaneously on
Opportunistic Key Caching
Wireless Configuration
or the No Authentication
radio button.
Pre-Authentication enables a client associated
allows the switch to use a
5-15
selection,