Specifications

Configuring RSN (802.11i)

10-12 Configuring User Encryption

Configuring RSN (802.11i)

RobustSecurityNetwork(RSN)provides802.11isupport.RSNusesAESencryption.Youcan

configureaserviceprofiletosupportRSNclientsexclusively,ortosupportRSNwithWPAclients,

orevenRSN,WPAandWEPclients.

TheconfigurationtasksforaserviceprofiletouseRSNaresimilartothetasks

forWPA:

1. CreateaserviceprofileforeachSSIDthatwillsupportRSNclients.

2. EnabletheRSNIEintheserviceprofile.

3. Enabletheciphersuitesyouwanttosupportintheserviceprofile.(TKIPisenabledby

default.)Optionally,youalsocanchangethe countermeasurestimervalueforTKIP.

4. Mapthe

serviceprofiletotheradioprofilethatwillcontrolIEEEsettingsfortheradios.

5. Assigntheradioprofiletotheradiosandenabletheradios.

IfyouplantousePSKauthentication,youalsoneedtoenablethisauthenticati onmethodand

enteranASCIIpassphraseorahexadecimal(raw)key.

Creating a Service Profile for RSN

EncryptionparametersapplytoalluserswhousetheSSIDconfiguredbyaserviceprofile.To

createaserviceprofile,usethefollowingcommand :

set service-profile name

Example

Tocreateanewserviceprofilenamedrsn,typethefollowingcommand:

RBT-8100# set service-profile rsn

success: change accepted.

Enabling RSN

ToenableRSN,youmustenabletheRSNinformationelement(IE)intheserviceprofile.Toenable

theRSNIE,usethefollowingcommand:

set service-profile name rsn-ie {enable | disable}

Example

ToenableRSNinserviceprofilewpa,typethefollowingcommand:

RBT-8100# set service-profile rsn rsn-ie enable

success: change accepted.