6-146
CHAPTER 6: COMMAND LINE INTERFACE
and a re-keying mechanism. Select TKIP if there are clients in the network
that are not WPA2 compliant.
• TKIP defends against attacks on WEP in which the unencrypted
initialization vector in encrypted packets is used to calculate the WEP key.
TKIP changes the encryption key on each packet, and rotates not just the
unicast keys, but the broadcast keys as well. TKIP is a replacement for WEP
that removes the predictability that intruders relied on to determine the
WEP key.
• AES-CCMP (Advanced Encryption Standard Counter-Mode/CBCMAC
Protocol): WPA2 is backward compatible with WPA, including the same
802.1X and PSK modes of operation and support for TKIP encryption. The
main enhancement is its use of AES Counter-Mode encryption with Cipher
Block Chaining Message Authentication Code (CBC-MAC) for message
integrity. The AES Counter-Mode/CBCMAC Protocol (AES-CCMP)
provides extremely robust data confidentiality using a 128-bit key. The
AES-CCMP encryption cipher is specified as a standard requirement for
WPA2. However, the computational intensive operations of AES-CCMP
requires hardware support on client devices. Therefore to implement
WPA2 in the network, wireless clients must be upgraded to
WPA2-compliant hardware.
Example
mic_mode
This command specifies how to calculate the Message Integrity Check (MIC).
Syntax
mic_mode <hardware | software>
• hardware - Uses hardware to calculate the MIC.
• software - Uses software to calculate the MIC.
Default Setting
software
Command Mode
Interface Configuration (Wireless)
Command Usage
• The Michael Integrity Check (MIC) is part of the Temporal Key Integrity
Protocol (TKIP) encryption used in Wi-Fi Protected Access (WPA) security.
Outdoor 11a Building to Building (if-wireless g: VAP[0])#cipher-suite TKIP
Outdoor 11a Building to Building (if-wireless g)#