39
• WEP40/WEP104/WEP128
• TKIP
• AES-CCMP
Configuring WEP cipher suite
The WEP encryption mechanism requires that the authenticator and clients on a WLAN have the
same key configured. WEP adopts the RC4 algorithm (a stream encryption algorithm), supporting
WEP40, WEP104 and WEP128 keys.
You can use WEP with either open system or shared key authentication mode:
• In open system authentication mode, the WEP key is used for encryption only and not for
authentication. A client can access the network without having the same key as the
authenticator. However, if the receiver has a different key from the sender, it discards the
packets received from the sender.
• In shared key authentication mode, the WEP key is used for both encryption and authentication.
If the key of a client is different from that of the authenticator, the client cannot pass the
authentication and the access of the client is denied.
To configure WEP encryption:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter WLAN service
template view.
wlan service-template
service-template-number
crypto
N/A
3. Enable the WEP cipher
suite.
cipher-suite
{
wep40
|
wep104
|
wep128
}
By default, no cipher suite is
selected.
4. Configure the WEP default
key.
wep default-key
{
1
|
2
|
3
|
4
}
{
wep40
|
wep104
|
wep128
}
{
pass-phrase
|
raw-key
} [
cipher
|
simple
] key
By default, the WEP default key
index number is 1.
5. Specify a key index
number.
wep key-id
{
1
|
2
|
3
|
4
}
Optional.
By default, the key index number
is that configured with the
wep
default-key
command.
Configuring TKIP cipher suite
Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data
security by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that
the data has been modified and the system is being attacked. Upon detecting the attack, TKIP will
suspend within the countermeasure interval. No TKIP associations can be established within the
interval.
To configure TKIP cipher suite:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter WLAN service
template view.
wlan service-template
service-template-number
crypto
N/A
3. Enable the TKIP cipher
suite.
cipher-suite
tkip
By default, no cipher suite is
selected.
4. Configure the TKIP
countermeasure interval.
tkip-cm-time
time
Optional.
The default countermeasure
interval is 0 seconds. No
To Next Page
Loading...
Need help?
General
