Enabling and disabling broadcast key rotation – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual
Page 349
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
349
Configuring Cipher Suites and WEP
Chapter 11
key management type. This table lists the cipher suites that are compatible with
WPA and CCKM.
For a complete description of WPA
and instructions for configuring
authenticated key management, see
Using WPA Key Management on page 357
.
Enabling and Disabling Broadcast Key Rotation
Broadcast key rotation is disabled by default. Client devices using static WEP
cannot use the access point when you enable broadcast key rotation. Broadcast
key rotation is supported only when using key management (such as dynamic
WEP (802.1x), WPA with EAP, or preshared key).
Beginning in privileged EXEC mode, follow these steps to enable broadcast key
rotation:
1. Enter global configuration mode.
configure terminal
2. Enter interface configuration mode for the radio interface.
• The 2.4 GHz radio and the 2.4 GHz 802.11n radio is 0.
• The 5 GHz radio and the 5 GHz 802.11n radio is 1.
interface dot11radio { 0 | 1 }
Table 94 - Cipher Suites Compatible with WPA and CCKM
Authenticated Key Management Types
Compatible Cipher Suites
CCKM
encryption mode ciphers wep128
encryption mode ciphers wep40
encryption mode ciphers ckip
encryption mode ciphers cmic
encryption mode ciphers ckip-cmic
encryption mode ciphers tkip
encryption mode aes
WPA
encryption mode ciphers tkip
encryption mode ciphers tkip wep128
encryption mode ciphers tkip wep40
encryption mode ciphers eas
Encryption mode ciphers tkip wep128 and tkip wep-40 can only be
used is WPA is configured as optional.
IMPORTANT
If using WPA and CCKM as key management, only tkip and aes ciphers are
supported. If using only CCKM as key management, ckip, cmic, ckip-cmic, tkip,
wep, and aes ciphers are supported.
When you configure the cipher TKIP (not TKIP + WEP 128 or TKIP + WEP 40)
for an SSID, the SSID must use WPA or CCKM key management. Client
authentication fails on an SSID that uses the cipher TKIP without enabling WPA
or CCKM key management.