Specifications
Encryption Configuration Scenarios
10-22 Configuring User Encryption
Configuring Encryption for MAC Clients
ThefollowingexampleshowshowtoconfigureMSStoprovidePSKauthenticationandTKIPor
40‐bitWEPencryptionforMACclients:
1. CreateanauthenticationrulethatsendsallMACusersofSSIDvoicetothelocaldatabasefor
authenticationandauthorization.Typethefollowingcommand:
RBT-8100# set authentication mac ssid voice * local
2. ConfigureaMACusergroupnamedwpa‐for‐macthatassignsallMACusersinthegroupto
VLANblue.Typethefollowingcommand:
RBT-8100# set mac-usergroup wpa-for-mac attr vlan-name blue
3. AddMACuserstoMACusergroupwpa‐for‐mac.Typethefollowingcommands:
RBT-8100# set mac-user aa:bb:cc:dd:ee:ff group wpa-for-mac
RBT-8100# set mac-user a1:b1:c1:d1:e1:f1 group wpa-for-mac
4. Ve rifytheAAAconfigurationchanges.Typethefoll owingcommand:
RBT-8100# show aaa
Default Values
authport=1812 acctport=1813 timeout=5 acct-timeout=5
retrans=3 deadtime=0 key=(null) author-pass=(null)
Radius Servers
Server Addr Ports T/o Tries Dead State
-------------------------------------------------------------------
Server groups
set authentication mac ssid voice * local
mac-usergroup wpa-for-mac
vlan-name = blue
mac-user aa:bb:cc:dd:ee:ff
Group = wpa-for-mac
mac-user a1:b1:c1:d1:e1:f1
Group = wpa-for-mac
5. Createaserviceprofilenamedwpa‐wep‐for‐macforSSIDvoice.Typethefollowingcommand:
RBT-8100# set service-profile wpa-wep-for-mac
6. SettheSSIDintheserviceprofiletovoice.Typethefollowingcommand:
RBT-8100# set service-profile wpa-wep-for-mac ssid-name voice
7. EnableWPAinserviceprofilewpa‐wep‐for‐mac.Typethefollowingcommand:
RBT-8100# set service-profile wpa-wep-for-mac wpa-ie enable
8. EnabletheWEP40ciphersuiteinserviceprofilewpa‐wep‐for‐mac.Typethe following
command:
RBT-8100# set service-profile wpa-wep-for-mac cipher-wep40 enable
9. EnablePSKauthenticationinserviceprofilewpa‐wep‐for‐mac.Typethefollowingcommand:
RBT-8100# set service-profile wpa-wep-for-mac auth-psk enable