All Very good observations. I am changing that requirement to be "The client will be using LEAP," removing the reference to WPA completely. You'll be seeing a couple more emails covering some other issues that need corrections as well.
Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: *[email protected] * Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat <* http://www.ipexpert.com/chat*> eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Wireless, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities <*http://www.ipexpert.com/communities*> and our public website at www.ipexpert.com <*http://www.ipexpert.com/*> On Sun, May 1, 2011 at 2:47 AM, Yuri Mecca <[email protected]> wrote: > Hi Guys, > > I really don't have the DSG, but lets define some concepts: > > CKIP = Cisco security set that comes to cover wep weaks. > WPA = Security set that comes after 802.11 security. This solve some issues > from WEP. > WPA2 = Security set that comes based in the standard 802.11i. This increase > the criptografic algoritm. > > For fast roaming solution you had 2 ways: > > CCKM: Cisco Way used in Autonomous or Lightweight solution. > Key Caching: WPA2 > > So, WEP40 and WEP128 is 802.11 Security, not WPA or WPA2, so in the SSID > will need to put only like bellow: > > ### Static Key #### > dot11 ssid TEST > authentication open > int d0 > encryption mode cipher wep40 > encryption key 1 size 40bit PASS > > ### Dynamic Key ### > dot11 ssid TEST > authentication open > authentication key cckm > > int d0 > encryption mode cipher wep40 > > This config don't cover AAA commnads. > > So, I found this table that will be greath to share: > > > http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-chap2.html#wp2494184 > > This says, when we can use WPA or when we can use CCKM as a key management. > > About the Kara's question, theres a "cheat". > > You can use wpa optional, so, if the client have WPA its okay, if not, > don't worry, come on. This was used in the past to migrate from wep to wpa. > > Fell free to comment or complement about that e-mail, nobody know > everything! :-) > > Best Regards, > > Yuri > > ------------------------------ > Date: Sun, 1 May 2011 10:35:11 +1000 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [OSL | CCIE_Wireless] Lab 3 question 3.2 SSID Test5 > > > Hi Kara, > > Good question and I see your confusion. From what I can work out: > > WPA = tkip, WEP40 or WEP128 > Cisco Proprietary encryption = ckip > Protect from bit flip attacks = cmic (some sort of message integratry > check) > > When you look at the documentation > > > http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-chap2.html#wp2489175 > > the only key management that supports ckip-mic is CCKM. So I would question > the protoctor and say > > "The question calls for WPA with LEAP but this is not compatible with > CKIP-CMIC encryption." > > In reality it would appear the question may be wrong. > > Regards, > Leigh > > On 1 May 2011 00:05, Kara Muessig (kmuessig) <[email protected]> wrote: > > Hi all, > > > > For SSID Test5, the question asks you to use WPA, using LEAP, yet you can’t > use the key management wpa because of the requirement to use the cipher > ckip-cmic. I guess I’m a bit confused on how this ssid is still utilizing > WPA and why CCKM is needed on the key-management per the solution guide. > > > > Thoughts? > > > > Thanks, > > > > [image: > http://www.cisco.com/web/europe/images/email/signature/horizontal04.jpg] > > *Kara Muessig* > CONSULTING SYSTEMS ENGINEER.SALES > Wireless South Team > [email protected] > Phone: *512-791-2870* > > > Cisco.com <http://www.cisco.com/> > > [image: Think before you print.]Think before you print. > > This email may contain confidential and privileged material for the sole > use of the intended recipient. Any review, use, distribution or disclosure > by others is strictly prohibited. If you are not the intended recipient (or > authorized to receive for the recipient), please contact the sender by reply > email and delete all copies of this message. > > For corporate legal information go to: > http://www.cisco.com/web/about/doing_business/legal/cri/index.html > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > > > > -- > CCIE Blog - http://leigh-cciewireless.blogspot.com/ > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
