wpa-wpa2
Modifies TKIP-CCMP (WPA/WPA2) related parameters
Supported on the following devices:
- Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502,
AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543,
AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
Syntax
wpa-wpa2 [exclude-wpa2-tkip|handshake|key-rotation|opp-pmk-caching|pmk-caching|
preauthentication|server-only-authentication|psk|sae|tkip-countermeasures|use-sha256-akm]
wpa-wpa2 [exclude-wpa2-tkip|opp-pmk-caching|pmk-caching|preauthentication|
server-only-authentication|use-sha256-akm]
wpa-wpa2 handshake [attempts|init-wait|priority|timeout]
wpa-wpa2 handshake [attempts <1-5>|init-wait <5-1000000>|priority [high|normal]|
timeout <10-5000> {10-5000}]
wpa-wpa2 key-rotation [broadcast|unicast] <30-86400>
wpa-wpa2 psk [0 <LINE>|2 <LINE>|<LINE>]
wpa-wpa2 tkip-countermeasures holdtime <0-65535>
wpa-wpa2 sae hash-to-element
Parameters
wpa-wpa2 [exclude-wpa2-tkip|opp-pmk-caching|pmk-caching|preauthentication|
server-only-authentication|use-sha256-akm]
| wpa-wpa2 |
Modifies TKIP-CCMP (WPA/WPA2) related parameters |
| exclude-wpa2-tkip |
Excludes the Wi-Fi Protected Access II (WPA2) version of TKIP. It
supports the WPA version of TKIP only. This option is disabled by
default. |
| opp-pmk-caching |
Uses opportunistic key caching (same Pairwise Master Key (PMK)
across APs for fast roaming with EAP.802.1x. This option is enabled by
default. |
| pmk-caching |
Uses cached pair-wise master keys (fast roaming with eap/802.1x). This
option is enabled by default. |
| preauthentication |
Uses pre-authentication mode (WPA2 fast roaming) |
| use-sha256-akm |
Uses sha256 authentication key management suite |
wpa-wpa2 handshake [attempts <1-5>|init-wait <5-1000000>|priority [high|normal]|
timeout <10-5000> {10-5000}]
| wpa-wpa2 |
Modifies TKIP-CCMP (WPA/WPA2) related parameters |
| handshake |
Configures WPA/WPA2 handshake parameters |
| attempts <1-5> |
Configures the total number of times a message is transmitted towards a
non-responsive client
- <1-5> – Specify
a value from 1 - 5. The default is 2.
|
| init-wait <5-1000000> |
Configures a minimum wait-time period, in microseconds, before the first
handshake message is transmitted from the AP. This option is disabled by
default.
- <5-1000000> –
Specify a value from 5 - 1000000 microseconds.
|
| priority [high|normal] |
Configures the relative priority of handshake messages compared to other
data traffic
- high – Treats
handshake messages as high priority packets on a radio. This is the
default setting.
- normal – Treats
handshake messages as normal priority packets on a radio
|
| timeout <10-5000> <10-5000> |
Configures the timeout period, in milliseconds, for a handshake message
to retire. Once this period is exceeded, the handshake message is
retired.
- <10-5000> –
Specify a value from 10 - 5000 millisceonds. The default is 500
milliseconds.
- <10-5000> –
Optional. Configures a different timeout between the second and third
attempts'
|
wpa-wpa2 key-rotation [broadcast|unicast] <30-86400>
| wpa-wpa2 |
Modifies TKIP-CCMP (WPA/WPA2) related parameters |
| key-rotation |
Configures parameters related to periodic rotation of encryption keys.
The periodic key rotation parameters are broadcast, multicast, and unicast
traffic. |
| broadcast <30-86400> |
Configures the periodic rotation of keys used for broadcast and
multicast traffic. This parameter specifies the interval, in seconds, at
which keys are rotated. This option is disabled by default.
- <30-86400> –
Specify a value from 30 - 86400 seconds.
|
| unicast <30-86400> |
Configures a periodic interval for the rotation of keys, used for
unicast traffic. This option is disabled by default.
- <30-86400> –
Specify a value from 30 - 86400 seconds.
|
wpa-wpa2 psk [0 <LINE>|2 <LINE>|<LINE>]
| wpa-wpa2 |
Modifies TKIP-CCMP (WPA/WPA2) related parameters |
| psk |
Configures a pre-shared key. |
| 0 <LINE> |
Configures a clear text key |
| 2 <LINE> |
Configures an encrypted key |
| <LINE> |
Enter the pre-shared key either as a passphrase not exceeding 8 - 63
characters, or as a 64 character (256bit) hexadecimal value. |
wpa-wpa2 tkip-countermeasures holdtime <0-65535>
| wpa-wpa2 |
Modifies TKIP-CCMP (WPA/WPA2) parameters |
| tkip-countermeasures |
Configures a hold time period for implementation of TKIP counter
measures |
| holdtime <0-65535> |
Configures the amount of time a WLAN is disabled when TKIP counter
measures are invoked
- <0-65535> –
Specify a value from 0 - 65536 seconds. <0-65535> – Specify a
value from 0 - 65535 seconds. The default is 60 seconds.
|
| hash-to-element |
Enable the use of SAE Hash-to-Element for password element
generation. |
Examples
nx9500-6C8809(config-wlan-test)#wpa-wpa2 tkip-countermeasures hold-time 2
nx9500-6C8809(config-wlan-test)#show context
wlan test
ssid testWLAN1
vlan-pool-member 1 limit 1
vlan-pool-member 2 limit 1
vlan-pool-member 3 limit 1
vlan-pool-member 4 limit 1
vlan-pool-member 5 limit 1
vlan-pool-member 6 limit 1
vlan-pool-member 7 limit 1
vlan-pool-member 8 limit 1
vlan-pool-member 9 limit 1
vlan-pool-member 10 limit 1
bridging-mode local
encryption-type none
authentication-type none
wireless-client hold-time 200
wireless-client cred-cache-ageout 65
wireless-client max-firewall-sessions 100
protected-mgmt-frames mandatory
wireless-client reauthentication 35
wpa-wpa2 tkip-countermeasures hold-time 2
wep64 key 1 hex 0 7465737431
wep128 key 1 hex 0 25f6e7ed9718918a87a75acc75
--More--
nx9500-6C8809(config-wlan-test)#
