10-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter10 Configuring WLAN Authentication and Encryption
Configuring Encryption Modes
Note If using WPA and CCKM as key management, only tkip and aes ciphers are supported. If using only
CCKM as key management, ckip, cmic, ckip-cmic, tkip, wep, and aes ciphers are supported.
Note When you configure the cipher TKIP (not TKIP + WEP 128 or TKIP + WEP 40) for an SSID, the SSID
must use WPA or CCKM key management. Client authentication fails on an SSID that uses the cipher
TKIP without enabling WPA or CCKM key management.
For a complete description of WPA and instructions for configuring authenticated key management, see
the “Using WPA Key Management” section on page11 -7.
Note Wi-Fi certified access points no longer support WPA/TKIP configuration. TKIP is only allowed in
combination with WPA2/AES for backward compatibility to allow older TKIP-only devices to associate.
WPA version 1 option has been removed from the authentication key-management wpa cli and
configuring TKIP only under this interface is not supported. For more information, see Configuration
and CLI Changes in this Release, page 1-4.
Table10-3 Cipher Suites Compatible with WPA and CCKM
Authenticated Key Management Types Compatible Cipher Suites
CCKM encryption mode ciphers wep128
encryption mode ciphers wep40
encryption mode ciphers ckip
encryption mode ciphers cmic
encryption mode ciphers ckip-cmic
encryption mode ciphers tkip
encryption mode aes
WPA encryption mode ciphers tkip
encryption mode ciphers tkip wep128
encryption mode ciphers tkip wep40
encryption mode ciphers eas
Note Encryption mode ciphers tkip wep128 and
tkip wep-40 can only be used is WPA is
configured as optional.