3Com WX2200 3CRWX220095A Switch User Manual


 
292 CHAPTER 13: CONFIGURING USER ENCRYPTION
After you type this command, the service profile supports TKIP and 40-bit
WEP.
Microsoft Windows XP does not support WEP with WPA. To configure a
service profile to provide WEP for XP clients, leave WPA disabled and see
“Configuring WEP” on page 299.
Changing the TKIP Countermeasures Timer Value
By default, MSS enforces TKIP countermeasures for 60,000 ms (60
seconds) after a second MIC failure within a one-minute interval. To
change the countermeasures timer value, use the following command:
set service-profile name tkip-mc-time wait-time
To change the countermeasures wait time in service profile wpa to 30
seconds, type the following command:
WX1200# set service-profile wpa tkip-mc-time 30000
success: change accepted.
Enabling PSK Authentication
By default, WPA uses 802.1X dynamic keying. If you plan to use static
keys, you must enable PSK authentication and configure a passphrase or
the raw key. You can configure the passphrase or key globally. You also
can configure keys on an individual MAC client basis.
By default, 802.1X authentication remains enabled when you enable
PSK authentication.
To enable PSK authentication, use the following command:
set service-profile name auth-psk {enable | disable}
To enable PSK authentication in service profile wpa, type the following
command:
WX1200# set service-profile wpa auth-psk enable
success: change accepted.
Configuring a Global PSK Passphrase or Raw Key for All Clients
To configure a global passphrase for all WPA clients, use the following
command:
set service-profile name psk-phrase passphrase