beautypg.com

Configuring multi cipher support – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

Page 220

background image

208

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

Configuring Multi Cipher Support

The access point’s Multi Cipher allows legacy and new MUs (Wi-Fi handheld devices) within the
same WLAN. Multi cipher extends the access point’s existing WLAN security options by allowing
dynamic WEP and 802.11i configurations to co-exist, and allowing multiple security policies to be
associated with the same ESSID on different WLANs. Within such an environment, legacy MUs are
capable of WEP, while new MUs are capable of WPA/2-TKIP and WPA2-CCMP encryption. This
particular form of multi cipher (security) support helps maintain the co-existence of Dynamic WEP
and 802.11i based environments.

To support this feature, certain security policy combinations need to be available on a per-WLAN
basis. The following combinations are supported:

WEP 64 and WPA/WPA2-TKIP

WEP 64 and WPA2-CCMP

WEP 128 and WPA/WPA2-TKIP

WEP 128 and WPA2-CCMP

WPA2-CCMP and WPA/WPA2-TKIP

To configure multi cipher support, WLANs should be created with the same ESSID, but different
BSSIDs and security schemes. This results in the AP announcing different beacons for the same
ESSID. MUs can then select a corresponding BSSID to associate, depending on their individual
configurations.

From the MU’s point of view, the scenario is as if there are two APs available with same ESSID, but
different security policies. The MU can choose an appropriate AP based on its configuration.

NOTE

Multi Cipher is supported in adaptive mode (AAP), provided the required configuration is allowed on
switch.

Configuring multi cipher support requires:

Creating WLANs with the same ESSID, but different BSSIDs and security schemes. This results
in the AP beaconing the same ESSID, but a different BSSID.

Each WLAN having a unique WLAN name. If a WLAN’s name is same as the ESSID, it’s difficult
to distinguish them when doing WLAN-BSSID grouping.

Not using WLANs with same ESSID and security scheme. If this were to be deployed, beacons
will contain the same ESSID and security scheme data, but different BSSIDs would be
generated, potentially confusing MUs.

Ensuring WLANs with the same ESSID use the same authentication method(s) in their security
policies.

WLANs with the same ESSID not use both WEP64 and WEP128 as security schemes. If both
are defined for the same ESSID, MUs configured with WEP could be associated with the wrong
WLAN and fail to get an IP address.

NOTE

Since the AP supports a maximum of 4 different BSSID groups, Brocade Mobility recommends
grouping WLANs with common security schemes under the same BSSID group to support a greater
number of WLANs.

See also other documents in the category Brocade Computer Accessories: