TKIP cipher suite + 128WEP question

Unanswered Question
Oct 27th, 2005

Hi,

Can someone clarify for me how this works in a WPA-PSK scenario:

If I configure WPA key management/authentication with TKIP cipher suite I dont explicitly need to enter a WEP key for encryption. Are the WEP encryption keys derived from the shared PMK?

Interestingly, in the cisco documentation for configuring cipher suites, it mentions config commands for TKIP alone (like I state above) or TKIP with WEP40 or WEP128, for example:

'encryption vlanX mode ciphers tkip wep128 '

how does the addition of the explicit WEP 128 or WEP40 change the setup?

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
a-vazquez Thu, 11/03/2005 - 07:10

configure Wi-Fi Protected Access (WPA) on a Cisco Access Point (AP) without an authentication server, configure the AP with a pre-share key (WPA-PSK).

To configure the WPA-PSK, perform these steps using the GUI interface:

In the Encryption Manager window, select cipher TKIP and click Apply.

In the Service Set Identifier (SSID) Manager window, perform these steps:

Create an SSID.

Select Open Authentication.

Set the Key Management to Mandatory.

Check the WPA box.

Enter a WPA-PSK and click Apply.

spyoung Thu, 11/03/2005 - 09:35

Hi,

Thanks but you missed my point. Maybe I didnt make myself clear. First of all I need to make config changes using CLI only. Second, I didnt ask how to configure WPA-PSK. Instead I want to understand the resulting AP configuration differences and behaviour between these commands:

'encryption vlanX mode ciphers tkip wep128'

'encryption vlanX mode ciphers tkip'

Specifically about WEP encryption - are the WEP keys dynamically generated if either command is issued, or only the first?

If using the second command, does the TKIP cipher suite derive WEP encryption keys form the PMK?

hope thats clearer.

Thanks,

jolmo Fri, 11/04/2005 - 03:52

Hi Simon

I think 'encryption vlanX mode ciphers tkip wep128' is intended to use in 'WPA Migration Mode'.

WPA Migration Mode is an access point setting defined by Cisco that enables both WPA and non-WPA clients to associate to an access point using the same SSID.

In this scenario the Cisco Aironet access point is configured with WPA optional, TKIP+WEP128 or TKIP+WEP40 cipher, and a static WEP key in key slot 2 or 3

Regarding 2nd question, I don't think so.

Hope this helps

Actions

Login or Register to take actions

This Discussion

Posted October 27, 2005 at 4:26 AM
Stats:
Replies:3 Avg. Rating:
Views:288 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard