Specifications
2-18
Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges
0L-24115-01
Chapter 2 Cisco IOS Commands for Access Points and Bridges
authentication key-management
authentication key-management
Use the authentication key-management SSID configuration mode command to configure the radio
interface (for the specified SSID) to support authenticated key management. Cisco Centralized Key
Management (CCKM) and Wi-Fi Protected Access (WPA) are the key management types supported on
the access point.
authentication key-management {[wpa version] [cckm]} [optional]
Note This command is not supported on bridges.
Syntax Description
Defaults This command has no defaults.
Command Modes SSID configuration interface
Command History
Usage Guidelines Use this command to enable authenticated key management for client devices.
• To enable authenticated key management, you must enable a cipher suite using the encryption
mode ciphers command.
• To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must
use the
wpa-psk command to configure a pre-shared key for the SSID.
• When you enable both WPA and CCKM for an SSID, you must enter wpa first and cckm second in
the command. Any WPA client can attempt to authenticate, but only CCKM voice clients can
attempt to authenticate. Only 802.11b and 802.11g radios support WPA and CCKM simultaneously.
wpa version {1 | 2} Specifies WPA MFP version authenticated key management for the
SSID
• Version 1—WPAv1handshake for TKIP encryption
• Version 2—WPAv2 handshake for AES-CCMP encryption
cckm Specifies CCKM authenticated key management for the SSID
optional Specifies that client devices that do not support authenticated key
management can use the SSID
Release Modification
12.2(11)JA This command was introduced.
12.2(13)JA This command was modified to allow you to enable both WPA and CCKM
for an SSID.
12.4(3g)JA &
12.3(8)JEB
This command was modified to allow you to specify MFP versions 1 or 2
usage.