CLI Reference Guide
Configuring a Service Profile 243
Temporal Key Integrity Protocol (TKIP) — TKIP uses the RC4 encryption
algorithm, a 128-bit encryption key, a 48-bit initialization vector (IV),
and a message integrity code (MIC) called Michael.
Wired Equivalent Privacy (WEP) with 104-bit keys — 104-bit WEP uses
the RC4 encryption algorithm with a 104-bit key.
WEP with 40-bit keys — 40-bit WEP uses the RC4 encryption
algorithm with a 40-bit key.
You can configure MAP access points to support one or more of these
cipher suites. For all of these cipher suites, MSS dynamically generates
unique keys for each session. MSS periodically changes the keys to reduce
the likelihood that a network intruder can intercept enough frames to
decode a key.
WPA access points and clients verify the integrity of a wireless frame
received on the network by generating a keyed message integrity check
(MIC). The Michael MIC used with TKIP provides a holddown mechanism
to protect the network against tampering.
The MIC used by CCMP — CBC-MAC — is stronger than the one used by
Michael and does not require or provide countermeasures. WEP does not
use a MIC. Instead, WEP performs a cyclic redundancy check (CRC) on
the frame and generates an integrity check value (ICV).
To configure WPA or RSN authentication
1 To enable 802.1X authentication, select 802.1x Auth Enabled.
By default, this option is selected. To disable this option, clear the 802.1x
Auth Enabled checkbox.
2 Do one of the following:
To configure PSK authentication, go to step 3.
If you are not configuring PSK authentication, see “To configure WPA
or RSN encryption choices” on page 244.
3 In the Encryption page of the Create Radio Profile wizard, select PSK
Auth Enabled. By default, PSK authentication is not enabled.
4 In the Pre-shared Key box, do one of the following:
Type the preshared key — a 64-digit hexadecimal string (256 bits
long).
Type a passphrase.