3com WXR100 3CRWXR10095A User Manual

292

HAPTER

13: C

ONFIGURING

SER

NCRYPTION

After you type this command, the service profile supports TKIP and 40-bit
WEP.

Microsoft Windows XP does not support WEP with WPA. To configure a
service profile to provide WEP for XP clients, leave WPA disabled and see
“Configuring WEP” on page 299.

Changing the TKIP Countermeasures Timer Value

By default, MSS enforces TKIP countermeasures for 60,000 ms (60
seconds) after a second MIC failure within a one-minute interval. To
change the countermeasures timer value, use the following command:

set service-profile name tkip-mc-time wait-time

To change the countermeasures wait time in service profile wpa to 30
seconds, type the following command:

WX1200# set service-profile wpa tkip-mc-time 30000
success: change accepted.

Enabling PSK Authentication

By default, WPA uses 802.1X dynamic keying. If you plan to use static
keys, you must enable PSK authentication and configure a passphrase or
the raw key. You can configure the passphrase or key globally. You also
can configure keys on an individual MAC client basis.

By default, 802.1X authentication remains enabled when you enable
PSK authentication.

To enable PSK authentication, use the following command:

set service-profile name auth-psk {enable | disable}

To enable PSK authentication in service profile wpa, type the following
command:

WX1200# set service-profile wpa auth-psk enable
success: change accepted.

Configuring a Global PSK Passphrase or Raw Key for All Clients

To configure a global passphrase for all WPA clients, use the following
command:

set service-profile name psk-phrase passphrase