R2511-HP MSR Router Series WLAN Configuration Guide(V5)
40
Configuring TKIP cipher suite
Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data
security by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that the
data has been modified and the system is being attacked. Upon detecting the attack, TKIP will suspend
within the countermeasure interval. No TKIP associations can be established within the interval.
To configure TKIP cipher suite:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter WLAN service template
view.
wlan service-template
service-template-number crypto
N/A
3. Enable the TKIP cipher suite.
cipher-suite tkip
By default, no cipher suite is
selected.
4. Configure the TKIP
countermeasure interval.
tkip-cm-time time
Optional.
The default countermeasure
interval is 0 seconds. No
countermeasures are taken.
Configuring AES-CCMP cipher suite
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter WLAN service template
view.
wlan service-template
service-template-number crypto
N/A
3. Enable the AES-CCMP cipher
suite.
cipher-suite ccmp
By default, no cipher suite is
selected.
Configuring port security
The authentication type configuration includes the following options:
• PSK
• 802.1X
• MAC
• PSK and MAC
This document describes only common port security modes. For more information about other port
security modes, see Security Configuration Guide.
Before configuring port security, create the wireless port and enable port security.
Configuring PSK authentication
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter WLAN-BSS interface
view.
interface wlan-bss
interface-number
N/A