User's Manual

ManualsBrandsCisco Systems ManualsWelding SystemCisco Systems IOS Software 0L-11350-01

221

222

223

224

225

226

227

228

229

230

10-8

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter 10 Configuring Cipher Suites and WEP

Configuring Cipher Suites and WEP

Beginning in privileged EXEC mode, follow these steps to enable broadcast key rotation:

Use the no form of the encryption command to disable broadcast key rotation.

This example enables broadcast key rotation on VLAN 22 and sets the rotation interval to 300 seconds:

ap1200# configure terminal

ap1200(config)# interface dot11radio 0

ap1200(config-if)# broadcast-key vlan 22 change 300

ap1200(config-if)# end

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The

2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.

Step 3

broadcast-key

change seconds

[ vlan vlan-id ]

[ membership-termination ]

[ capability-change ]

Enable broadcast key rotation.

• Enter the number of seconds between each rotation of the

broadcast key.

• (Optional) Enter a VLAN for which you want to enable

broadcast key rotation.

• (Optional) If you enable WPA authenticated key

management, you can enable additional circumstances

under which the access point changes and distributes the

WPA group key.

–

Membership termination—the access point generates

and distributes a new group key when any

authenticated client device disassociates from the

access point. This feature protects the privacy of the

group key for associated clients. However, it might

generate some overhead if clients on your network

roam frequently.

–

Capability change—the access point generates and

distributes a dynamic group key when the last non-key

management (static WEP) client disassociates, and it

distributes the statically configured WEP key when

the first non-key management (static WEP) client

authenticates. In WPA migration mode, this feature

significantly improves the security of

key-management capable clients when there are no

static-WEP clients associated to the access point.

See Chapter 11, “Configuring Authentication Types,” for

detailed instructions on enabling authenticated key

management.

Step 4

end Return to privileged EXEC mode.

Step 5

copy running-config startup-config (Optional) Save your entries in the configuration file.