I would ask the proctor :) Subject: RE: [CCIE Wireless] authentication key-management wpa verseswpa version 2 Date: Mon, 24 Jan 2011 09:43:52 -0800 From: [email protected] To: [email protected]; [email protected]
Good to know, so if they ask for wpa2 for the phones, do we assume that they don’t want roaming – or is that an ask your proctor kind of question? Thanks, -Kara From: [email protected] [mailto:[email protected]] On Behalf Of Chris Jolliffe Sent: Monday, January 24, 2011 9:17 AM To: [email protected] Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 Another thing to keep in mind is that if they ask for WPA2 on a Voice ssid be careful because the 7921 doesn't support WPA2 & CCKM (for fast roaming) on the firmware load that they use in the lab. > Date: Mon, 24 Jan 2011 05:38:14 -0800 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 > > Thanks Kristjan, > > Looks like being on a slightly different version of code has bit me twice now. Time to downgrade! > > Thanks, > > -Kara > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Kristján Ólafur Eðvarðsson > Sent: Monday, January 24, 2011 4:38 AM > To: [email protected] > Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 > > Hi Kara, > > The thing about WPA and WPA2 is usually simple. WPA is TKIP and WPA2 is AES. > However some suplicants have a funny ways of supporting WPA. For example some > may support WPA2 but only with TKIP and some WPA with AES ! So the options > we have to configure is partly to support those schenarios. > > But bear this in mind. The LAB blueprint states 12.3.8ja for the autonomous > and you cant configure version 2 under the dot11ssid in that code. > So when you are asked for either WPA or WPA2, under the dot11 SSID config , always* use authentication key-management wpa > But under the dotradiox interface you should differ with encryption mode ciphers aes-ccm for AES (WPA2) or encryption mode cipher tkip for TKIP (WPA) > > * authentication key-managment cckm (Cisco centralized key managment) could also be used under the SSID. This is when > you want to support fast-secure roaming for clients enabled for it. Such as IP phones. Usually this would have WDS setup aswell > if you were in Autonomous mode. > > In WLC you have options of WPA and WPA2 look a lot clearer. And you have the option there > to enable WPA with AES encryption just like above. WLC handles the fast-secure roaming > in cases of CCKM the WLC handles the fast-secure roaming caching so no need for extra configuration like WDS in Autonomous. > > regards. Kristjan > > > > ------------------------------ > > Message: 2 > Date: Sun, 23 Jan 2011 18:06:21 -0800 > From: "Kara Muessig (kmuessig)" <[email protected]> > To: <[email protected]> > Subject: [CCIE Wireless] authentication key-management wpa verses wpa > version 2 > Message-ID: > <26b4af8f83778445bc4309d72860457a0d7ca...@xmb-sjc-21d.amer.cisco.com> > Content-Type: text/plain; charset="us-ascii" > > Hi all, > > > > When a question states that you should use WPA2 for authentication is > there any reason why you wouldn't configure WPA version 2 verses just > WPA on the authentication key-management underneath the SSID? I realize > that the encryption aes assumes that you are using wpa2... > > > > Thanks, > > > > > > Kara Muessig > CONSULTING SYSTEMS ENGINEER.SALES > Wireless South Team > [email protected] <mailto:[email protected]> > Phone: 512-791-2870 > > > > > Cisco.com <http://www.cisco.com> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
