System information
Wireless Security Configuration
Using the Security Wizard
Command Syntax CLI Reference Page
802.1x session-key-refresh-rate <rate> page 8-73
802.1x session-timeout <seconds> page 8-74
pmksa-lifetime <minutes> page 8-122
[no] pre-authentication enable page 8-121
show wep-key page 8-123
show interface wireless g page 8-111
show station page 8-114
To configure access point security using the CLI, the security-suite command
provides wizard options to set parameters for the most common security
mechanisms. These wizard options (numbered 1 to 9) can be summarized as
follows:
■ 1 - No security (open authentication with encryption disabled).
■ 2 - Static WEP shared keys used for encryption (open authentication).
■ 3 - WPA pre-shared key authentication and AES encryption.
■ 4 - WPA pre-shared key authentication and TKIP encryption.
■ 5 - 802.1X authentication and dynamic WEP key encryption.
■ 6 - WPA with 802.1X using AES encryption.
■ 7 - WPA with 802.1X using TKIP encryption.
■ 8 - WPA pre-shared key authentication using TKIP or AES for unicast
encryption and TKIP for multicast encryption.
■ 9 - WPA with 802.1X using TKIP or AES for unicast encryption and TKIP
for multicast encryption.
The same security configurations and others can also be set using the security-
suite command without using the wizard options. This offers the possibility of
setting the following combination of security mechanisms:
■ Static WEP shared-key authentication and encryption.
■ A combination of Static and dynamic WEP.
■ Mixed mode static WEP keys and WPA-PSK, using WEP encryption for
the multicast cipher and TKIP for the unicast cipher.
■ Mixed mode dynamic WEP keys and WPA with 802.1X, using WEP encryp-
tion for the multicast cipher and TKIP for the unicast cipher.
■ Mixed mode static and dynamic WEP keys and WPA with 802.1X, using
WEP encryption for the multicast cipher and TKIP for the unicast cipher.
(Note that this mode does not support WPA-PSK clients.)
7-20