Configuring User Encryption 203

Configuring WPA

To configure AP access point radios to support WPA:

1Create a service profile for each SSID that will support WPA clients.

2Enable the WPA IE in the service profile.

3Enable the cipher suites you want to support in the service profile. (TKIP is enabled by default.) Optionally, you also can change the countermeasures timer value for TKIP.

4Map the service profile to the radio profile that will control IEEE settings for the radios.

5Assign the radio profile to the radios and enable the radios.

If you plan to use PSK authentication, you also need to enable this authentication method and enter an ASCII passphrase or a hexadecimal (raw) key.

Creating a Service Profile for WPA

Encryption parameters apply to all users who use the SSID configured by a service profile. To create a service profile, use the following command:

set service-profile name

To create a new service profile named wpa, type the following command:

23x0# set service-profile wpa

success: change accepted.

Enabling WPA

To enable WPA, you must enable the WPA information element (IE) in the service profile. To enable the WPA IE, use the following command:

set service-profile name wpa-ie {enable disable}

To enable WPA in service profile wpa, type the following command:

23x0# set service-profile wpa wpa-ie enable

success: change accepted.

Specifying the WPA Cipher Suites

To use WPA, at least one cipher suite must be enabled. You can enable one or more of the following cipher suites:

CCMP

TKIP

40-bit WEP

104-bit WEP

By default, TKIP is enabled and the other cipher suites are disabled.

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 203
Image 203
Nortel Networks 2300 Configuring WPA, Creating a Service Profile for WPA, Enabling WPA, Specifying the WPA Cipher Suites