Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

221

222

223

224

225

226

227

228

229

230

Configuring WPA

RoamAbout Mobility System Software Configuration Guide 10-5

Figure 10-3 WPA Encryption with TKIP and WEP

TKIP Countermeasures

WPAaccesspointsandclientsverifytheintegrityofawirelessframereceived onthenetworkby

generatingakeyedmessageintegritycheck(MIC).TheMichaelMICusedwithTKIPprovidesa

holddownmechanismtoprotectthenetworkagainsttampering.

•IftherecalculatedMICmatchestheMICreceivedwiththeframe,

theframepassesthe

integritycheckandtheaccesspointorclientprocessestheframenormally.

•IftherecalculatedMICdoesnotmatchtheMICreceivedwiththeframe,theframefailsthe

integritycheck.ThisconditioniscalledaMICfailure.Theaccesspointorclientdiscardsthe

frameand

alsostartsa60‐secondtimer.IfanotherMICfailuredoesnotoccurwithin60

seconds,thetimerexpires.However,ifanotherMICfailureoccursbeforethetimerexpires,

thedevicetakesthefollowingactions:

•AnAPthatreceivesanotherframewithaninvalidMICendsitssessionswithallTKIP



andWEPclientsbydisassociatingfromtheclients.ThisincludesbothWPAWEPclients

andnon‐WPAWEPclients.Theaccesspointalsotemporarilyshutsdownthenetworkby

refusingallassociationorreassociationrequestsfromTKIPandWEPclients.Inaddition,

MSSgeneratesanSNMPtrapthatindicatesthe

RASportandradiothatreceivedframes

withthetwoMICfailuresaswellasthesourceanddestinationMACaddressesinthe

frames.

RoamAbout Switch

User D

TKIP

WPA

User C

Static WEP

Non-WPA

User B

Dynamic 40-bit WEP

WPA

User A

Dynamic WEP

Non-WPA

Encryption settings:

-WPA enabled: TKIP, WEP40

-Dynamic WEP enabled

-Static WEP disabled

Layer 2