That is a very good point Jason, To summarize:
If the question doesn´t specify to use AES or WPA2 in clear words. Only use the most secure option and fast-secure-roaming. You should know (judging from the older firmware on the LAB phone that I would guess wasn´t the most recent and up to date) that best practices would allow you "only" to use TKIP as your encryption method. So again, read what they want don´t make assumtions, Those are the root of all evils. But to be very safe , I would explain this to my proctor so he will remember that you asked when grading your exam :D regards. Kristjan -----Original Message----- From: Jason Boyers [mailto:[email protected]] Sent: 21. febrúar 2011 16:21 To: Kristján Ólafur Eðvarðsson; [email protected] Subject: RE: [CCIE Wireless] Question on Lab 3.16 (Kara Muessig (kmuessig)) The requirement for both the L7920 and L7921B SSIDs mention "fast, secure roaming." When you see that with a 7920, or a 7921 prior to 1.3(4), it will be WPA/TKIP with CCKM. Keep the whole requirement in mind, not just the "most secure form of encryption." Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kristján Ólafur Eðvarðsson Sent: Saturday, February 19, 2011 6:08 PM To: [email protected] Subject: [CCIE Wireless] Question on Lab 3.16 (Kara Muessig (kmuessig)) Hi Kara, I think the case is even though the phone connects using the unsupported WPA2 CCKM (unsupported for firmware older than 1.3(4)). It will fail when it roams. But WPA2 CCKM with 7921 on a single AP it will work. That might confuse things. If I would have an question saying use the most secure. I would check the firmware, and if older than 1.3(4) then I would go to my proctor and explain to him that WPA2 isn´t supported for roaming and ask if he minds... regards. Kristjan ------------------------------ Message: 3 Date: Sat, 19 Feb 2011 13:08:34 -0800 From: "Kara Muessig (kmuessig)" <[email protected]> To: <[email protected]> Subject: [CCIE Wireless] 7921 ver 1.2.1 WPA2 / CCKM Message-ID: <26b4af8f83778445bc4309d72860457a0db39...@xmb-sjc-21d.amer.cisco.com> Content-Type: text/plain; charset="us-ascii" Hi all, On question 8.2, it asks you to run the most secure form of encryption that supports CCKM. On the solutions guide this says you must run wpa/tkip to support CCKM, but I seem to be running 1.2(1) software on my 7921 an am able to connect to my SSID that is running WPA2/AES CCKM. I thought if you have cckm enabled on the wlan that the clients connecting must support cckm. Has anybody else seen this? Am I missing something? Thanks, Kara Muessig CONSULTING SYSTEMS ENGINEER.SALES Wireless South Team [email protected] <mailto:[email protected]> Phone: 512-791-2870 ********************************************* _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
