User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module

161

162

163

164

165

166

167

168

169

170

8-9

Cisco 3200 Series Wireless MIC Software Configuration Guide

OL-7734-02

Chapter 8 Configuring Authentication Types

Configuring Authentication Types

Configuring Additional WPA Settings

Use two optional settings to configure a pre-shared key on the bridge and adjust the frequency of group

key updates.

Setting a Pre-Shared Key

To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must

configure a pre-shared key on the bridge. You can enter the pre-shared key as ASCII or hexadecimal

characters. If you enter the key as ASCII characters, you enter between 8 and 63 characters, and the

bridge expands the key using the process described in the Password-based Cryptography Standard

(RFC2898). If you enter the key as hexadecimal characters, you must enter 64 hexadecimal characters.

Configuring Group Key Updates

In the last step in the WPA process, the root bridge distributes a group key to the authenticated non-root

bridge. You can use these optional settings to configure the root bridge to change and distribute the group

key based on association and disassociation of non-root bridges:

• Membership termination—the root bridge generates and distributes a new group key when any

authenticated non-root bridge disassociates from the root bridge. This feature keeps the group key

private for associated bridges.

• Capability change—the root bridge generates and distributes a dynamic group key when the last

non-key management (static WEP) non-root bridge disassociates, and it distributes the statically

configured WEP key when the first non-key management (static WEP) non-root bridge

authenticates. In WPA migration mode, this feature significantly improves the security of

key-management capable clients when there are no static-WEP bridges associated to the root bridge.

Beginning in privileged EXEC mode, follow these steps to configure a WPA pre-shared key and group

key update options:

This example shows how to configure a pre-shared key for non-root bridges using WPA and static WEP,

with group key update options:

bridge# configure terminal

bridge(config)# configure interface dot11radio 0

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface dot11radio 0 Enter interface configuration mode for the radio interface.

Step 3

ssid ssid-string Enter SSID configuration mode for the SSID.

Step 4

wpa-psk { hex | ascii } [ 0 | 7 ]

encryption-key

Enter a pre-shared key for bridges using WPA that also use

static WEP keys.

Enter the key using either hexadecimal or ASCII characters. If

you use hexadecimal, you must enter 64 hexadecimal

characters to complete the 256-bit key. If you use ASCII, you

must enter a minimum of 8 letters, numbers, or symbols, and

the bridge expands the key for you. You can enter a maximum

of 63 ASCII characters.

Step 5

end Return to privileged EXEC mode.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.