User's Manual

ManualsBrandsSMC Networks ManualsAccess PointsSMC Networks WAP5110

231

232

233

234

235

236

237

238

239

240

Chapter 25

| Wireless Security Commands

– 239 –

cipher-suite This command defines the cipher algorithm used to encrypt the global key for

broadcast and multicast traffic when using WPA or WPA2 security.

Syntax

multicast-cipher <aes-ccmp | tkip >

aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher.

tkip - Use TKIP encryption for the multicast cipher. TKIP or AES-CCMP can

be used for the unicast cipher depending on the capability of the client.

Default Setting

None

Command Mode

Interface Configuration (Wireless-VAP)

Command Usage

◆ WPA and WPA2 enable a VAP to support different unicast encryption keys for

each client. However, the global encryption key for multicast and broadcast

traffic must be the same for all clients.

◆ TKIP provides data encryption enhancements including per-packet key

hashing (i.e., changing the encryption key on each packet), a message integrity

check, an extended initialization vector with sequencing rules, and a re-keying

mechanism. Select TKIP if there are clients in the network that are not WPA2

compliant.

◆ TKIP defends against attacks on WEP in which the unencrypted initialization

vector in encrypted packets is used to calculate the WEP key. TKIP changes the

encryption key on each packet, and rotates not just the unicast keys, but the

broadcast keys as well. TKIP is a replacement for WEP that removes the

predictability that intruders relied on to determine the WEP key.

◆ AES-CCMP (Advanced Encryption Standard Counter-Mode/CBCMAC Protocol):

WPA2 is backward compatible with WPA, including the same 802.1X and PSK

modes of operation and support for TKIP encryption. The main enhancement is

its use of AES Counter-Mode encryption with Cipher Block Chaining Message

Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/

CBCMAC Protocol (AES-CCMP) provides extremely robust data confidentiality

using a 128-bit key. The AES-CCMP encryption cipher is specified as a standard

requirement for WPA2. However, the computational intensive operations of

AES-CCMP requires hardware support on client devices. Therefore to

implement WPA2 in the network, wireless clients must be upgraded to WPA2-

compliant hardware.