Filter
Top Products
Ta b l e 5-3 Cipher Suites Compatible with WPA
Authenticated Key Management Types Compatible Cipher Suites
WPA • encryption mode ciphers aes-ccm
• encryption mode ciphers aes-ccm wep128
• encryption mode ciphers aes-ccm wep40
• encryption mode ciphers aes-ccm tkip
• encryption mode ciphers aes-ccm tkip
wep128
• encryption mode ciphers aes-ccm tkip
wep128 wep40
• encryption mode ciphers tkip wep128 wep40
•
5-7
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 5 Configuring Encryption Types
Configure Encryption Types
Note When you configure AES-CCM-only, TKIP-only, or AES-CCM + TKIP cipher TKIP encryption (not
including any WEP 40 or WEP 128) on a radio interface or VLAN, every SSID on that radio or
VLANmust be set to use the WPA key management. If you configure AES-CCM or TKIP on a radio or
VLAN but do not configure key management on the SSIDs, client authentication fails on the SSIDs.
For a complete description of WPA and instructions for configuring authenticated key management, see
the
“Using WPA Key Management” section on page 6-6.
Enabling and Disabling Broadcast Key Rotation
Broadcast key rotation is disabled by default.
Note Client devices using static WEP cannot use the access point when you enable broadcast key rotation.
When you enable broadcast key rotation, only wireless client devices using 802.1x authentication (such
as LEAP, EAP-TLS, or PEAP) can use the access point.
Beginning in privileged EXEC mode, follow these steps to enable broadcast key rotation:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The
2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.