374 Configuring user encryption
NN47250-500 (Version 03.01)
To enable or disable cipher suites, use the following commands:
set service-profile name cipher-ccmp {enable | disable}
set service-profile name cipher-tkip {enable | disable}
set service-profile name cipher-wep104 {enable | disable}
set service-profile name cipher-wep40 {enable | disable}
To enable the 40-bit WEP cipher suite in service profile wpa, type the following command:
WSS# set service-profile wpa cipher-wep40 enable
success: change accepted.
After you type this command, the service profile supports TKIP and 40-bit WEP.

Changing the TKIP countermeasures timer value

By default, WSS Software enforces TKIP countermeasures for 60,000 ms (60 seconds) after a second MIC failure within
a one-minute interval. To change the countermeasures timer value, use the following command:
set service-profile name tkip-mc-time wait-time
To change the countermeasures wait time in service profile wpa to 30 seconds, type the following command:
WSS# set service-profile wpa tkip-mc-time 30000
success: change accepted.

Enabling PSK authentication

By default, WPA uses 802.1X dynamic keying. If you plan to use static keys, you must enable PSK authentication and
configure a passphrase or the raw key. You can configure the passphrase or key globally. You also can configure keys on
an individual MAC client basis.
By default, 802.1X authentication remains enabled when you enable PSK authentication.
To enable PSK authentication, use the following command:
set service-profile name auth-psk {enable | disable}
To enable PSK authentication in service profile wpa, type the following command:
WSS# set service-profile wpa auth-psk ena ble
success: change accepted.
Note. Microsoft Windows XP does not support WEP with WPA. To configure a service
profile to provide WEP for XP clients, leave WPA disabled and see “Configuring WEP” on
page 379.