Open as PDF
Configuring WPA 289
Probe response (sent by a MAP radio) — The WPA IE in a probe
response frame lists the same WPA information that is contained in
the beacon frame.
Association request or reassociation (sent by a client) — The
WPA IE in an association request lists the authentication method and
cipher suite the client wants to use.
Client Support To use the TKIP or CCMP cipher suite for encryption, a client must
support WPA. However, a MAP radio configured for WPA can support
non-WPA clients who use dynamic WEP or static WEP. If the WPA IE is
enabled in the service profile used by an SSID supported by the radio, and
the 40-bit WEP or 104-bit WEP cipher suite also is enabled in the service
profile, MSS allows a non-WPA client to authenticate using WEP under
the following circumstances:
If a client wants to authenticate using dynamic WEP, MSS uses 802.1X
to authenticate the client if either the WEP40 or WEP104 cipher suite
is enabled for WPA.
If a client wants to authenticate using static WEP, the radio checks for
the static WEP key presented by the client. If the keys match, MSS
authenticates the client. Because the WEP key is static, MSS does not
use 802.1X to authenticate the client.
To allow a non-WPA client that uses dynamic WEP to be authenticated by
a radio on which WPA IE is enabled, enable the WEP40 or WEP104 cipher
suite in the service profile for the SSID the client will access. To prevent
non-WPA clients that use dynamic WEP from being authenticated, do not
enable the WEP40 or WEP104 cipher suite in the service profile.
To allow a client that uses static WEP to be authenticated, configure the
same WEP keys on the client and the service profile.