CKIP and other cipher options.

bdunsing2 · ‎12-14-2007

Hi - I'm installing 1310 bridges for the first time. I've seen Release Notes that state CKIP is the recommended option for encrypting traffic between the two bridges. I have many other options in that field - tkip, tkip+128bit wep, etc.

Is it the consensus of this forum that CKIP should be used? Can someone explain to me why I would choose any of the other options? And if I set the cipher, do I need to use WPA for any reason in a point to point only scenario?

Any advice would be appreciated.

Thank you -

Richard Atkin · ‎12-14-2007

Hi,

CKIP is a Cisco version of TKIP. I believe CKIP was released just before TKIP, but it was released for the same reasons, ie, better than WEP, but still based on RC4.

Anyway, I'd suggest that TKIP, or even better, AES is used to encrypt your link. Using TKIP and/or AES will require the use of WPA / WPA2, which can be configured to use static keys, or dynamic keys via RADIUS authentication. If you don't have a RADIUS server, you can configure a RADIUS service on your Root AP without too much hassle.

Best regards,

Richard

bdunsing2 · ‎12-14-2007

Thanks for your reply. My wireless bridge is currently using TKIP+128bitWEP, as that is what one "expert" advised. I select that entry, then type a 128bit hex wep key. With only that, I'm able to establish an encrypted link between the two APs. Is this any better than using just WEP?

Is there any Cisco documentation that discusses the function of the encryption tab versus the authentication modes found on the SSID tab? (Hope that made sense!)