Configuring tkip cipher suite, Configuring ccmp cipher suite, Configuring port security – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

60

Configuring TKIP cipher suite

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter WLAN service

template view.

wlan service-template
service-template-number crypto

N/A

3.

Enable the TKIP cipher suite. cipher-suite tkip

By default, no cipher suite is
selected.

4.

Configure the TKIP
countermeasure interval.

tkip-cm-time time

Optional.
The default countermeasure
interval is 0 seconds. No

countermeasures are taken.

NOTE:

Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data security
by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that the data has

been modified and the system is being attacked. Upon detecting the attack, TKIP will suspend within the

countermeasure interval. No TKIP associations can be established within the interval.

Configuring CCMP cipher suite

CCMP adopts the AES encryption algorithm.
To configure the CCMP cipher suite:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter WLAN service
template view.

wlan service-template
service-template-number crypto

N/A

3.

Enable the CCMP cipher

suite.

cipher-suite ccmp

By default, no cipher suite is
selected.

Configuring port security

The authentication type configuration includes the following options:

•

PSK

•

802.1X

•

MAC

•

PSK and MAC

NOTE:

This document describes only several common port security modes. For more information about other port
security modes, see

Security Configuration Guide.

Before configuring port security, you must:

1.

Create the wireless port.