Chapter 11
Configuring Cipher Suites and WEP
348
• If you enable a cipher suite with two elements (such as TKIP and 128-
bit WEP), the second cipher becomes the group cipher.
• If you configure
command to enable Aironet extensions is
.
aironet
You can use the
encryption mode wep
WEP. However, use
associate to the access point are capable of key management.
When you configure the cipher TKIP (not
) for an SSID, the SSID must use WPA or CCKM key management.
WEP 40
Client authentication fails on an SSID that uses the cipher TKIP without
enabling WPA or CCKM key management.
You must configure WPA key management as optional to configure cipher modes
TKIP + WEP 128 or TKIP + WEP 40
encryption
[vlan vlan-id]
mode ciphers
{[aes | aes-ccm | ckip | tkip]} {[wep128 | wep40]}
6. Return to privileged EXEC mode.
end
7. (Optional) Save your entries in the configuration file.
copy running-config startup-config
Use the no form of the encryption command to disable a cipher suite.
Matching Cipher Suites with WPA or CCKM
If you configure your access point to use WPA or CCKM authenticated key
management, you must select a cipher suite compatible with the authenticated
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
you must also enable Aironet extensions. The
ckip
dot11 extension
command to set up static
encryption mode wep
TKIP + WEP 128 or TKIP +
.
only if no clients that