System information
Command Line Reference
Wireless Security Commands
• WPA enables the access point to support different unicast encryption
keys for each client. However, the global encryption key for multicast
and broadcast traffic must be the same for all clients. This command
can set the encryption type that is used for multicast and unicast
traffic.
• WPA2 defines a transitional mode of operation for networks moving
from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and
WPA2 clients to associate to a common SSID interface. When the
encryption cipher suite is set to tkip-aes, the unicast encryption cipher
(TKIP or AES-CCMP) is negotiated for each client. The access point
advertises it’s supported encryption ciphers in beacon frames and
probe responses. WPA and WPA2 clients select the cipher they
support and return the choice in the association request to the access
point. For mixed-mode operation, the cipher used for broadcast
frames is always TKIP. WEP encryption is not allowed.
• If any clients supported by the access point are not WPA enabled, the
multicast-cipher algorithm must be set to WEP.
• When 802.1X is disabled, the access point does not support 802.1X
authentication for any station. After successful 802.11 association,
each client is allowed to access the network.
• When 802.1X is supported, the access point supports 802.1X authen-
tication only for clients initiating the 802.1X authentication process.
The access point does NOT initiate 802.1X authentication. For
stations initiating 802.1X, only those stations successfully authenti-
cated are allowed to access the network. For those stations not
initiating 802.1X, access to the network is allowed after successful
802.11 association.
• When 802.1X is required, the access point enforces 802.1X authenti-
cation for all 802.11 associated stations. If 802.1X authentication is
not initiated by the station, the access point will initiate authentica-
tion. Only those stations successfully authenticated with 802.1X are
allowed to access the network.
Example
The following example configures mixed mode client support for dynamic
WEP keys and WPA with 802.1X.
HP420(if-wireless-g-ssid-1)#security-suite open-system wpa-
supported 802.1x-required wep-tkip
HP420(if-wireless-g-ssid-1)#
8-119