encryption-type

Selects the encryption type for this user-defined role. Encryption ensures privacy between Access Points and wireless clients. There are various modes of encrypting communication on a WLAN, such as CCMP (Counter-model CBC-MAC Protocol), WEP (Wired Equivalent Privacy), keyguard, TKIP (Temporal Key Integrity Protocol), etc.

Supported on the following devices:

Syntax

encryption-type [any|eq|neq]
encryption-type any
encryption-type [eq|neq] [ccmp|keyguard|none|tkip|wep128|wep64] 
(ccmp|keyguard|none|tkip|tkip-ccmp|wep128|wep64)}

Parameters

encryption-type any

any

The encryption type can be any one of the listed options (ccmp|keyguard|tkip|wep128|wep64). This is the default setting.
encryption-type [eq|neq] [ccmp|keyguard|none|tkip|wep128|wep64] 
(ccmp|keyguard|none|tkip|tkip-ccmp|wep128|wep64)}

eq [ccmp|keyguard|none| |wep128|wep64]

The role is applied only if the encryption type equals to one of the following options:

  • ccmp: Encryption mode is CCMP

  • keyguard: Encryption mode is keyguard. Keyguard encryption shields the master encryption keys from being discovered

  • none: No encryption mode specified

  • tkip – Encryption mode is TKIP
  • wep128: Encryption mode is WEP128

  • wep64: Encryption mode is WEP64

Note: These parameters are recursive, and you can configure more than one encryption type for this user-defined role.

neq [ccmp|keyguard|none| wep128|wep64]

The role is applied only if encryption type is not equal to any of the following options:

  • ccmp: Encryption mode is not equal to CCMP

  • keyguard: Encryption mode is not equal to keyguard

  • none: Encryption mode is not equal to none

  • tkip – Encryption mode is not equal to TKIP
  • wep128: Encryption mode is not equal to WEP128

  • wep64: Encryption mode is not equal to WEP64

Note: These parameters are recursive, and you can configure more than one ‘not equal to‘ encryption type for this user-defined role.

Examples

nx9500-6C8809(config-role-policy-test-user-role-testing)#encryption-type eq wep128
nx9500-6C8809(config-role-policy-test-user-role-testing)#show context
 user-role testing precedence 10
  authentication-type eq kerberos
  encryption-type eq wep128
  ap-location contains office
  captive-portal authentication-state pre-login
  city exact SanJose
  company exact ExampleCompany
  country exact America
  department exact TnV
  emailid exact testing@examplecompany.com
  employeeid contains TnVTest1
nx9500-6C8809(config-role-policy-test-user-role-testing)#

Related Commands

no

Removes the encryption type configured for this user-defined role