Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

143

53-1002516-01

Configuring WPA/WPA2 using TKIP

6

Wi-Fi Protected Access 2 (WPA2) is an enhanced version of WPA. WPA2 uses the Advanced
Encryption Standard (AES) instead of TKIP. AES supports 128-bit, 192-bit and 256-bit keys.

WPA/WPA2 also provide strong user authentication based on 802.1x EAP. To configure WPA/WPA2
encryption on the Mobility 5181 Access Point:

1. Select Network Configuration -> Wireless -> Security from the Mobility 5181 Access Point

menu tree.

If security policies supporting WPA-TKIP exist, they appear within the Security Configuration
screen. These existing policies can be used as is, or their properties edited by clicking the Edit
button. To configure a new security policy supporting WPA-TKIP, continue to step 2.

2. Click the Create button to configure a new policy supporting WPA-TKIP.

The New Security Policy screen displays with no authentication or encryption options selected.

3. Select the WPA/WPA2 TKIP radio button.

The WPA/TKIP Settings field displays within the New Security Policy screen.

4. Ensure the Name of the security policy entered suits the intended configuration or function of

the policy.

5. Configure the Key Rotation Settings area as needed to broadcast encryption key changes to

Clients and define the broadcast interval.

6. Configure the Key Settings area as needed to set an ASCII Passphrase and key values.

Default (hexadecimal) 256-bit keys for WPA/TKIP include:

1011121314151617

18191A1B1C1D1E1F

2021222324252627

Broadcast Key
Rotation

Select the Broadcast Key Rotation checkbox to enable or disable
broadcast key rotation. When enabled, the key indices used for
encrypting/decrypting broadcast traffic will be alternatively rotated
on every interval specified in the Broadcast Key Rotation Interval.
Enabling broadcast key rotation enhances the broadcast traffic
security on the WLAN. This value is disabled by default.

Update broadcast
keys every
(300-604800
seconds)

Specify a time period in seconds to rotate the key index used for
the broadcast key. Set the interval to a shorter duration like 3600
seconds for tighter broadcast traffic security on the wireless LAN.
Set the interval to a longer duration like 86400 seconds for less
broadcast traffic security requirements. Default value is 86400
secs.

ASCII Passphrase

To use an ASCII passphrase (and not a hexadecimal value), select
the checkbox and enter an alphanumeric string of 8 to 63
characters. The alphanumeric string allows character spaces. The
Mobility 5181 Access Point converts the string to a numeric value.
This passphrase saves the administrator from entering the 256-bit
key each time keys are generated.

256-bit Key

To use a hexadecimal value (and not an ASCII passphrase), select
the checkbox and enter 16 hexadecimal characters into each of
the four fields displayed.