10-27-2005 04:26 AM - edited 07-04-2021 11:15 AM
Hi,
Can someone clarify for me how this works in a WPA-PSK scenario:
If I configure WPA key management/authentication with TKIP cipher suite I dont explicitly need to enter a WEP key for encryption. Are the WEP encryption keys derived from the shared PMK?
Interestingly, in the cisco documentation for configuring cipher suites, it mentions config commands for TKIP alone (like I state above) or TKIP with WEP40 or WEP128, for example:
'encryption vlanX mode ciphers tkip wep128 '
how does the addition of the explicit WEP 128 or WEP40 change the setup?
Thanks,
11-03-2005 07:10 AM
configure Wi-Fi Protected Access (WPA) on a Cisco Access Point (AP) without an authentication server, configure the AP with a pre-share key (WPA-PSK).
To configure the WPA-PSK, perform these steps using the GUI interface:
In the Encryption Manager window, select cipher TKIP and click Apply.
In the Service Set Identifier (SSID) Manager window, perform these steps:
Create an SSID.
Select Open Authentication.
Set the Key Management to Mandatory.
Check the WPA box.
Enter a WPA-PSK and click Apply.
11-03-2005 09:35 AM
Hi,
Thanks but you missed my point. Maybe I didnt make myself clear. First of all I need to make config changes using CLI only. Second, I didnt ask how to configure WPA-PSK. Instead I want to understand the resulting AP configuration differences and behaviour between these commands:
'encryption vlanX mode ciphers tkip wep128'
'encryption vlanX mode ciphers tkip'
Specifically about WEP encryption - are the WEP keys dynamically generated if either command is issued, or only the first?
If using the second command, does the TKIP cipher suite derive WEP encryption keys form the PMK?
hope thats clearer.
Thanks,
11-04-2005 03:52 AM
Hi Simon
I think 'encryption vlanX mode ciphers tkip wep128' is intended to use in 'WPA Migration Mode'.
WPA Migration Mode is an access point setting defined by Cisco that enables both WPA and non-WPA clients to associate to an access point using the same SSID.
In this scenario the Cisco Aironet access point is configured with WPA optional, TKIP+WEP128 or TKIP+WEP40 cipher, and a static WEP key in key slot 2 or 3
Regarding 2nd question, I don't think so.
Hope this helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: