Configuring Cipher Suites
bridge(config-if)# encryption vlan 1 mode ciphers ckip-cmic wep128
This example sets up a cipher suite for VLAN 1 that enables AES as the encryption mode:
bridge# configure terminal
bridge(config)# configure interface dot11radio 0
bridge(config-if)# encryption vlan 1 mode ciphers aes-ccm
bridge(config-if)# end
Matching Cipher Suites with WPA
If you configure your bridges to use WPA or CCKM authenticated key management, you must select a
cipher suite compatible with the authenticated key management type.
that are compatible with WPA and CCKM.
Table 3
Authenticated Key Management Types
CCKM
WPA
Note
When you configure TKIP-only cipher encryption (not TKIP + WEP128 or TKIP + WEP40) into SSID
configuration, the SSID must be set to use WPA or CCKM key management. If you configure TKIP but
you do not configure key management on the SSID, the authentication fails on this SSID.
For a complete description of WPA and CCKM and instructions for configuring authenticated key
management, see the
Cisco 3200 Series Wireless MIC Software Configuration Guide
8
Cipher Suites Compatible with WPA and CCKM
Compatible Cipher Suites
"Authentication Types"
•
encryption mode ciphers wep128
•
encryption mode ciphers wep40
•
encryption mode ciphers ckip
encryption mode ciphers cmic
•
encryption mode ciphers ckip-cmic
•
encryption mode ciphers tkip
•
encryption mode ciphers tkip wep128
•
encryption mode ciphers tkip wep40
•
encryption mode ciphers aes-ccm
•
encryption mode ciphers tkip
•
encryption mode ciphers tkip wep128
•
•
encryption mode ciphers tkip wep40
encryption mode aes-ccm
•
encryption mode aes-ccm wep128
•
encryption mode aes-ccm wep40
•
encryption mode aes-ccm tkip
•
encryption mode aes-ccm tkip wep128
•
encryption mode aes-ccm tkip wep40
•
document.
Cipher Suites and WEP
Table 3
lists the cipher suites