User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module

151

152

153

154

155

156

157

158

159

160

7-5

Cisco 3200 Series Wireless MIC Software Configuration Guide

OL-7734-02

Chapter 7 Configuring WEP and WEP Features

Configuring Cipher Suites and WEP

Enabling Cipher Suites and WEP

Beginning in privileged EXEC mode, follow these steps to enable a cipher suite:

Use the no form of the encryption command to disable a cipher suite.

This example sets up a cipher suite for VLAN 1 that enables CKIP, CMIC, and 128-bit WEP.

bridge# configure terminal

bridge(config)# configure interface dot11radio 0

bridge(config-if)# encryption vlan 1 mode ciphers ckip-cmic wep128

bridge(config-if)# end

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface dot11radio 0 Enter interface configuration mode for the radio interface.

Step 3

encryption

[vlan vlan-id]

mode ciphers

{[aes-ccm | ckip | cmic | ckip-cmic |

tkip]}

{[wep128 | wep40]}

Enable a cipher suite containing the WEP protection you need.

Table 7-3 lists guidelines for selecting a cipher suite that

matches the type of authenticated key management you

configure.

• (Optional) Select the VLAN for which you want to enable

WEP and WEP features.

• Set the cipher options and WEP level. You can combine

TKIP with 128-bit or 40-bit WEP.

Note If you enable a cipher suite with two elements (such as

TKIP and 128-bit WEP), the second cipher becomes the

group cipher.

Note You can also use the encryption mode wep command

to set up static WEP. However, you should use

encryption mode wep only if none of the non-root

bridges that associate to the root bridge are capable of

key management. See the Cisco IOS Command

Reference for Cisco Access Points and Bridges for a

detailed description of the encryption mode wep

command.

Note When you configure TKIP-only cipher encryption (not

TKIP + WEP 128 or TKIP + WEP 40) on any radio

interface or VLAN, the SSID on that radio or VLAN

must be set to use WPA or CCKM key management. If

you configure TKIP on a radio or VLAN but you do not

configure key management on the SSID, non-root

bridge authentication fails on the SSID.

Note ckip and ckip-cmic are supported only on the 2.4-GHz

(802.11b/g) WMIC.

Step 4

end Return to privileged EXEC mode.

Step 5

copy running-config startup-config (Optional) Save your entries in the configuration file.