Hi Guys, I really don't have the DSG, but lets define some concepts: CKIP = Cisco security set that comes to cover wep weaks.WPA = Security set that comes after 802.11 security. This solve some issues from WEP.WPA2 = Security set that comes based in the standard 802.11i. This increase the criptografic algoritm. For fast roaming solution you had 2 ways: CCKM: Cisco Way used in Autonomous or Lightweight solution.Key Caching: WPA2 So, WEP40 and WEP128 is 802.11 Security, not WPA or WPA2, so in the SSID will need to put only like bellow: ### Static Key #### dot11 ssid TEST authentication openint d0 encryption mode cipher wep40 encryption key 1 size 40bit PASS ### Dynamic Key ### dot11 ssid TEST authentication open authentication key cckm int d0 encryption mode cipher wep40 This config don't cover AAA commnads. So, I found this table that will be greath to share: http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-chap2.html#wp2494184 This says, when we can use WPA or when we can use CCKM as a key management. About the Kara's question, theres a "cheat". You can use wpa optional, so, if the client have WPA its okay, if not, don't worry, come on. This was used in the past to migrate from wep to wpa. Fell free to comment or complement about that e-mail, nobody know everything! :-) Best Regards, Yuri Date: Sun, 1 May 2011 10:35:11 +1000 From: [email protected] To: [email protected] CC: [email protected] Subject: Re: [OSL | CCIE_Wireless] Lab 3 question 3.2 SSID Test5
Hi Kara, Good question and I see your confusion. From what I can work out: WPA = tkip, WEP40 or WEP128 Cisco Proprietary encryption = ckip Protect from bit flip attacks = cmic (some sort of message integratry check) When you look at the documentation http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-chap2.html#wp2489175 the only key management that supports ckip-mic is CCKM. So I would question the protoctor and say "The question calls for WPA with LEAP but this is not compatible with CKIP-CMIC encryption." In reality it would appear the question may be wrong. Regards, Leigh On 1 May 2011 00:05, Kara Muessig (kmuessig) <[email protected]> wrote: Hi all, For SSID Test5, the question asks you to use WPA, using LEAP, yet you can’t use the key management wpa because of the requirement to use the cipher ckip-cmic. I guess I’m a bit confused on how this ssid is still utilizing WPA and why CCKM is needed on the key-management per the solution guide. Thoughts? Thanks, Kara Muessig CONSULTING SYSTEMS ENGINEER.SALES Wireless South Team [email protected] Phone: 512-791-2870 Cisco.com Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com -- CCIE Blog - http://leigh-cciewireless.blogspot.com/ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
