CLI Reference Guide
242 CHAPTER 6: CONFIGURING WIRELESS PARAMETERS
Configuring WPA or RSN
WPA is a security enhancement to the IEEE 802.11 wireless standard.
WPA provides enhanced encryption with new cipher suites and provides
per-packet message integrity checks. WPA is based on Draft 3 of the
802.11i standard. You can use WPA with 802.1X authentication. If the
client does not support 802.1X, you can use a preshared key on the MAP
and the client for authentication.
Robust Security Network (RSN) provides WPA2 support. WPA2 is based
on the final IEEE 802.11i amendment to the 802.11 standard.
WPA uses RC4 encryption (TKIP) and WPA2 generally uses AES
encryption.
WPA and RSN Authentication Methods
You can configure MAP access points to support one or both of the
following authentication methods for WPA clients:
802.1X — The MAP and client use an Extensible Authentication
Protocol (EAP) method to authenticate one another, then use the
resulting key in a handshake to derive a unique key for the session.
802.1X authentication requires user information to be configured on
AAA servers or in the WX switch’s local database. This is the default
authentication method for WPA and RSN.
Preshared key (PSK) — a MAP and a client authenticate one another
based on a key that is statically configured on both devices. The
devices use the key in a handshake to derive a unique key for the
session. For a given radio profile, you can globally configure a PSK for
use with all clients. You can configure the key by entering an ASCII
passphrase or by entering the key itself in raw (hexadecimal) form.
WPA and RSN Cipher Suites
WPA and RSN support the following cipher suites for packet encryption,
listed from most secure to least secure:
Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol (CCMP) — CCMP provides Advanced Encryption
Standard (AES) data encryption. To provide message integrity, CCMP
uses the Cipher Block Chaining Message Authentication Code
(CBC-MAC).