Table of Contents
Advertisement
10. Set the following
TKIP Countermeasure
Hold Time
Exclude WPA2-TKIP
Use SHA256
11. Select
OK
when completed to update the WLAN's WPA2-CCMP encryption configuration. Select
last saved configuration.
WPA2-CCMP Deployment Considerations
WPA2-CCMP
Before defining a WPA2-CCMP supported configuration on a WLAN, refer to the following deployment guidelines to ensure the
configuration is optimally effective:
• Motorola Solutions recommends WPA2-CCMP be configured for all new (non visitor) WLANs requiring encryption, as it's
supported by the majority of the hardware and client vendors using Motorola Solutions wireless networking equipment.
• WPA2-CCMP supersedes WPA-TKIP and implements all the mandatory elements of the 802.11i standard. WPA2-CCMP
introduces a new AES-based algorithm called CCMP, which replaces TKIP and WEP and is considered significantly more
secure.
6.1.2.9 WEP 64
Configuring WLAN Security
Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wireless Fidelity (Wi -Fi) standard. WEP is designed
to provide a WLAN with a level of security and privacy comparable to that of a wired LAN.
WEP can be used with open, shared, MAC and 802.1 X EAP authentications. WEP is optimal for WLANs supporting legacy
deployments when also used with 802.1X EAP authentication to provide user and device authentication and dynamic WEP key
derivation and periodic key rotation. 802.1X provides authentication for devices and also reduces the risk of a single WEP key
being deciphered.
WEP 64 uses a 40 bit key concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key. WEP 64 is a less robust
encryption scheme than WEP 128 (containing a shorter WEP algorithm for a hacker to potentially duplicate), but networks that
require more security are at risk from a WEP flaw. WEP is only recommended if there are client devices incapable of using
higher forms of security. The existing 802.11 standard alone offers administrators no effective method to update keys.
To configure WEP 64 encryption on a WLAN:
1. Select the
Configuration
2. Select
Wireless.
3. Select
Wireless LANs
Advanced
for the WPA2-CCMP encryption scheme:
The TKIP Countermeasure Hold Time is the time a WLAN is disabled, if TKIP
countermeasures have been invoked on the WLAN. Use the drop-down menu to define a
value in either Hours (0-18), Minutes (0-1,092) or Seconds (0-65,535). The default setting
is 60 seconds.
Select this option to advertise and enable support for only WPA-TKIP. This option can be
used if certain older clients are not compatible with newer WPA2-TKIP information
elements. Enabling this option allows backwards compatibility for clients that support
WPA-TKIP and WPA2-TKIP, but do not support WPA2-CCMP. Motorola Solutions
recommends enabling this feature if WPA-TKIP or WPA2-TKIP supported clients operate
in a WLAN populated by WPA2-CCMP enabled clients. This feature is disabled by default.
Select this option to enable SHA-256 authentication key management suite. This suite
consists of a set of algorithms for key agreement, key derivation, key wrapping, and
content encryption and provide a minimum cryptographic security level of 128 bits.
tab from the Web UI.
to display a high level display of existing WLANs.
6 - 19
Reset
to revert back to its
Hide quick links:
Advertisement
Table of Contents
