User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

411

412

413

414

415

416

417

418

419

420

SSID Profile Overview

ArubaOS supports different types of the Advanced Encryption Standard (AES), Temporal Key Integrity Protocol

(TKIP), and wired equivalent privacy (WEP) encryption. AES is the most secure and recommended encryption

method. Most modern devices are AES capable and AES should be the default encryption method. Use TKIP

only when the network includes devices that do not support AES. In these situations, use a separate SSID for

devices that are only capable of TKIP.

Suite-B Cryptography

The Suite-B (bSec) protocol is a pre-standard protocol that has been proposed to the IEEE 802.11 committee as

an alternative to 802.11i. The main difference between bSec and standard 802.11i is that bSec implements

Suite-B algorithms wherever possible. Notably, AES-CCM is replaced by AES-GCM, and the Key Derivation

Function (KDF) of 802.11i is upgraded to support SHA-256 and SHA-384. In order to provide interoperability

with standard Wi-Fi software drivers, bSec is implemented as a shim layer between standard 802.11 Wi-Fi and a

Layer 3 protocol such as IP. A controller configured to advertise a bSec SSID will advertise an open network,

however only bSec frames will be permitted on the network.

This feature requires the ACR license.

The bSec protocol requires that you use VIA 2.1.1 or greater on the client device. Consult VIA documentation

for more information on configuring and installing VIA.

The bSec protocol is available in 128-bit mode and 256-bit mode. The number of bits specifies the length of the

AES-GCM encryption key. Using United States Department of Defense classification terminology, bSec-128 is

suitable for protection of information up to the SECRET level, while bSec-256 is suitable for protection of

information up to the TOP SECRET level.

Suite-B AES-128-GCM and AES-256-GCM encryption is supported by the ArubaOS hardware. Note, however,

that not all controllers support Suite-B encryption. The table below describes the controller support for Suite-B

encryption in ArubaOS.

Controller Serial Number Prefix ACR License Support

W-7200 Series

All serial numbers supported Yes

W-600 Series All serial numbers supported Yes

W-3000 Series FC Yes

W-3000 Series F No

W-6000M3 card AK Yes

W-6000M3 card A No

To determine the serial number prefix for your controller, issue the CLI command show inventory and note

the prefix before the system serial number. The serial number prefix in the example below appears in bold.

(host) #show inventory

Supervisor Card slot : 0

System Serial# : AK0093676

SC Assembly# : 2010052B (Rev:02.01)

SC Serial# : F01629529 (Date:03/29/10)

SC Model# : W-3600-US

Dell Networking W-Series ArubaOS 6.4.x | User Guide Virtual APs | 415