Support User Manuals

Cisco Systems OL-6415-04 Network Router User Manual

Open as PDF

of 188

5-8

Cisco Wireless ISR and HWIC Access Point Configuration Guide

OL-6415-04

Chapter 5 Configuring Encryption Types

Configure Encryption Types

Use the no form of the encryption command to disable broadcast key rotation.

This example enables broadcast key rotation on VLAN 22 and sets the rotation interval to 300 seconds:

router# configure terminal

router(config)# interface dot11radio 0

routerrouter(config-if)# broadcast-key vlan 22 change 300

router(config-ssid)# end

Security Type in Universal Client Mode

Security

In universal client mode, the security type must be configured exactly as that of the access point it is

associating to. For example, if the access point is configured with AES and TKIP encryption, the

universal client must also have AES+TKIP in order for the devices to associate properly.

Step 3

broadcast-key

change seconds

[ vlan vlan-id ]

[ membership-termination ]

[ capability-change ]

Enable broadcast key rotation.

• Enter the number of seconds between each rotation of the

broadcast key.

• (Optional) Enter a VLAN for which you want to enable

broadcast key rotation.

• (Optional) If you enable WPA authenticated key

management, you can enable additional circumstances

under which the access point changes and distributes the

WPA group key.

–

Membership termination—the access point generates

and distributes a new group key when any

authenticated client device disassociates from the

access point. This feature protects the privacy of the

group key for associated clients. However, it might

generate some overhead if clients on your network

roam frequently.

–

Capability change—the access point generates and

distributes a dynamic group key when the last non-key

management (static WEP) client disassociates, and it

distributes the statically configured WEP key when the

first non-key management (static WEP) client

authenticates. In WPA migration mode, this feature

significantly improves the security of

key-management capable clients when there are no

static-WEP clients associated to the access point.

See Chapter 6, “Configuring Authentication Types,” for

detailed instructions on enabling authenticated key

management.

Step 4

end Return to privileged EXEC mode.

Step 5

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

previous next