Configuring tkip, Configuring ccmp, Configuring port security – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual
Page 24: Configure psk authentication
5-9
Configuring TKIP
Follow these steps to configure TKIP:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter WLAN service template
wlan service-template
service-template-number crypto
Required
Enable the TKIP cipher suite
cipher-suite tkip
Required
Set TKIP counter measure time
tkip-cm-time time
Optional
By default, the counter measure
time value is 60 seconds.
Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data
security by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that the
data has been modified and the system is being attacked. Upon detecting the attack, TKIP will suspend
within the countermeasure interval, that is, no TKIP associations can be established within the interval.
Configuring CCMP
CCMP is the most secure data protection mechanism supported by WLAN. It adopts the AES
encryption algorithm.
Follow these steps to configure CCMP:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter WLAN service template
wlan service-template
service-template-number crypto
Required
Enable the CCMP cipher suite
cipher-suite ccmp
Required
Configuring Port Security
Port security configuration includes authentication type configuration and the AAA server configuration.
The authentication type configuration includes the following options:
z
PSK
z
802.1X
z
MAC
z
PSK and MAC
Before configuring port security, you must:
z
Create the WLAN-BSS interface
z
Enable port security globally
Configure PSK authentication
Follow these steps to configure PSK authentication: