Configuring Aes Key Wrap; Using The Gui To Configure Aes Key Wrap - Cisco SD2008T-NA Configuration Manual

Chapter 5 Configuring Security Solutions

Configuring AES Key Wrap

You can use the GUI or CLI to configure a controller to use AES key wrap, which makes the shared
secret between the controller and the RADIUS server more secure. AES key wrap is designed for Federal
Information Processing Standards (FIPS) customers and requires a key-wrap compliant RADIUS
authentication server.

Using the GUI to Configure AES Key Wrap

To configure a controller to use AES key wrap using the GUI, follow these steps.
Click Security > AAA > RADIUS Authentication to access the RADIUS Authentication Servers page.
Step 1
To enable AES key wrap, check the Use AES Key Wrap check box.
Step 2
Click Apply.
Step 3
Step 4 Click Save Configuration.
Step 5 Click New to configure a new RADIUS authentication server or click the Edit link of one of the servers
listed on the page to configure AES key wrap.
Step 6 Check the Key Wrap check box (see
Step 7 Choose ASCII or Hex from the Key Wrap Format drop-down box to specify the format of the AES key
wrap keys: Key Encryption Key (KEK) and Message Authentication Code Key (MACK).
Step 8 Enter the 16-byte KEK in the Key Encryption Key (KEK) field.
Step 9 Enter the 20-byte KEK in the Message Authentication Code Key (MACK) field.
OL-9141-03
AP 2
MAC Address.............................. 00:0b:85:26:91:52
Name..................................... Test_AP_2
Radio Type............................... 802.11bg
Channel.................................. 6
Last reported by this AP................. Tue Dec 6 00:30:04 2005
Figure 5-19).
Cisco Wireless LAN Controller Configuration Guide
Configuring AES Key Wrap
5-39