Specifications
2-134
Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges
0L-24115-01
Chapter 2 Cisco IOS Commands for Access Points and Bridges
encryption mode ciphers
encryption mode ciphers
Use the encryption mode ciphers configuration interface command to enable a cipher suite. Cipher
suites are sets of encryption algorithms that, like WEP, protect radio communication on your wireless
LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key
Management (CCKM).
Because cipher suites provide the protection of WEP while also allowing use of authenticated key
management, Cisco recommends that you enable WEP by using the encryption mode ciphers command
in the CLI or by using the cipher drop-down menu in the web-browser interface. Cipher suites that
contain TKIP provide the best security for your wireless LAN, and cipher suites that contain only WEP
are the least secure.
Note You can also use the encryption mode wep command to set up static WEP. However, you should
use encryption mode wep only if all clients that associate to the access point are not capable of
key management.
Note Encryption VLAN is not supported on bridges.
encryption [vlan vlan] mode ciphers
{[aes-ccm | ckip | cmic | ckip-cmic | tkip]}
{[wep128 | wep40]}
Syntax Description
Defaults This command has no defaults.
Command Modes Configuration interface
vlan vlan (Optional) Specifies the VLAN number
aes-ccm Specifies that AES-CCMP is included in the cipher suite.
ckip
1
Specifies that ckip is included in the cipher suite.
cmic
1
Specifies that cmic is included in the cipher suite.
ckip-cmic
1
Specifies that both ckip and cmic are included in the cipher
suite.
tkip Specifies that TKIP is included in the cipher suite.
Note If you enable a cipher suite with two elements (such as
TKIP and 128-bit WEP), the second cipher becomes the
group cipher.
wep128 Specifies that 128-bit WEP is included in the cipher suite.
wep40 Specifies that 40-bit WEP is included in the cipher suite.
1. You must enable Aironet extensions to use this option in the cipher suite.