Open as PDF
284 CHAPTER 13: CONFIGURING USER ENCRYPTION
Configuring WPA Wi-Fi Protected Access (WPA) is a security enhancement to the IEEE
802.11 wireless standard. WPA provides enhanced encryption with new
cipher suites and provides per-packet message integrity checks. WPA is
based on the 802.11i standard. You can use WPA with 802.1X
authentication. If the client does not support 802.1X, you can use a
preshared key on the MAP and the client for authentication.
WPA Cipher Suites WPA supports the following cipher suites for packet encryption, listed
from most secure to least secure:
Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) — CCMP provides
Advanced Encryption Standard (AES) data encryption. To provide
message integrity, CCMP uses the Cipher Block Chaining Message
Authentication Code (CBC-MAC).
Temporal Key Integrity Protocol (TKIP) — TKIP uses the RC4
encryption algorithm, a 128-bit encryption key, a 48-bit initialization
vector (IV), and a message integrity code (MIC) called Michael.
Wired Equivalent Privacy (WEP) with 104-bit keys — 104-bit WEP
uses the RC4 encryption algorithm with a 104-bit key.
WEP with 40-bit keys — 40-bit WEP uses the RC4 encryption
algorithm with a 40-bit key.
You can configure MAPs to support one or more of these cipher suites.
For all of these cipher suites, MSS dynamically generates unique session
keys for each session. MSS periodically changes the keys to reduce the
likelihood that a network intruder can intercept enough frames to
decode a key.