10-8
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 10 Configuring Cipher Suites and WEP
Configuring Cipher Suites and WEP
Note If using WPA and CCKM as key management, only tkip and aes ciphers are supported. If using only
CCKM as key management, ckip, cmic, ckip-cmic, tkip, wep, and aes ciphers are supported.
Note When you configure the cipher TKIP (not TKIP + WEP 128 or TKIP + WEP 40) for an SSID, the SSID
must use WPA or CCKM key management. Client authentication fails on an SSID that uses the cipher
TKIP without enabling WPA or CCKM key management.
For a complete description of WPA and instructions for configuring authenticated key management, see
the “Using WPA Key Management” section on page 11-7.
Enabling and Disabling Broadcast Key Rotation
Broadcast key rotation is disabled by default.
Note Client devices using static WEP cannot use the access point when you enable broadcast key rotation.
Broadcast key rotation is supported only when using key management (such as dynamic WEP (802.1x),
WPA with EAP, or preshared key).
Table 10-3 Cipher Suites Compatible with WPA and CCKM
Authenticated Key Management Types Compatible Cipher Suites
CCKM
• encryption mode ciphers wep128
• encryption mode ciphers wep40
• encryption mode ciphers ckip
• encryption mode ciphers cmic
• encryption mode ciphers ckip-cmic
• encryption mode ciphers tkip
• encryption mode aes
WPA
• encryption mode ciphers tkip
• encryption mode ciphers tkip wep128
• encryption mode ciphers tkip wep40
• encryption mode ciphers eas
Note Encryption mode ciphers tkip wep128 and
tkip wep-40 can only be used is WPA is
configured as optional.