Hi Kara, The thing about WPA and WPA2 is usually simple. WPA is TKIP and WPA2 is AES. However some suplicants have a funny ways of supporting WPA. For example some may support WPA2 but only with TKIP and some WPA with AES ! So the options we have to configure is partly to support those schenarios.
But bear this in mind. The LAB blueprint states 12.3.8ja for the autonomous and you cant configure version 2 under the dot11ssid in that code. So when you are asked for either WPA or WPA2, under the dot11 SSID config , always* use authentication key-management wpa But under the dotradiox interface you should differ with encryption mode ciphers aes-ccm for AES (WPA2) or encryption mode cipher tkip for TKIP (WPA) * authentication key-managment cckm (Cisco centralized key managment) could also be used under the SSID. This is when you want to support fast-secure roaming for clients enabled for it. Such as IP phones. Usually this would have WDS setup aswell if you were in Autonomous mode. In WLC you have options of WPA and WPA2 look a lot clearer. And you have the option there to enable WPA with AES encryption just like above. WLC handles the fast-secure roaming in cases of CCKM the WLC handles the fast-secure roaming caching so no need for extra configuration like WDS in Autonomous. regards. Kristjan ------------------------------ Message: 2 Date: Sun, 23 Jan 2011 18:06:21 -0800 From: "Kara Muessig (kmuessig)" <[email protected]> To: <[email protected]> Subject: [CCIE Wireless] authentication key-management wpa verses wpa version 2 Message-ID: <26b4af8f83778445bc4309d72860457a0d7ca...@xmb-sjc-21d.amer.cisco.com> Content-Type: text/plain; charset="us-ascii" Hi all, When a question states that you should use WPA2 for authentication is there any reason why you wouldn't configure WPA version 2 verses just WPA on the authentication key-management underneath the SSID? I realize that the encryption aes assumes that you are using wpa2... Thanks, Kara Muessig CONSULTING SYSTEMS ENGINEER.SALES Wireless South Team [email protected] <mailto:[email protected]> Phone: 512-791-2870 Cisco.com <http://www.cisco.com> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
