Configuring tkip, Configuring ccmp, Configuring port security – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

5-9

Configuring TKIP

Follow these steps to configure TKIP:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter WLAN service template

wlan service-template
service-template-number crypto

Required

Enable the TKIP cipher suite

cipher-suite tkip

Required

Set TKIP counter measure time

tkip-cm-time time

Optional

By default, the counter measure
time value is 60 seconds.

Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data

security by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that the

data has been modified and the system is being attacked. Upon detecting the attack, TKIP will suspend

within the countermeasure interval, that is, no TKIP associations can be established within the interval.

Configuring CCMP

CCMP is the most secure data protection mechanism supported by WLAN. It adopts the AES

encryption algorithm.

Follow these steps to configure CCMP:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter WLAN service template

wlan service-template
service-template-number crypto

Required

Enable the CCMP cipher suite

cipher-suite ccmp

Required

Configuring Port Security

Port security configuration includes authentication type configuration and the AAA server configuration.

The authentication type configuration includes the following options:

z

PSK

z

802.1X

z

MAC

z

PSK and MAC

Before configuring port security, you must:

z

Create the WLAN-BSS interface

z

Enable port security globally

Configure PSK authentication

Follow these steps to configure PSK authentication: