3Com 8760 User Guide - Page 239

Using the Command Line Interface • AES-CCMP (Advanced Encryption Standard Counter-Mode/CBCMAC Protocol): WPA2 is backward compatible with WPA, including the same 802.1X and PSK modes of operation and support for TKIP encryption. The main enhancement is its use of AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol (AES-CCMP) provides extremely robust data confidentiality using a 128-bit key. The AES-CCMP encryption cipher is specified as a standard requirement for WPA2. However, the computational intensive operations of AES-CCMP requires hardware support on client devices. Therefore to implement WPA2 in the network, wireless clients must be upgraded to WPA2-compliant hardware. Example Enterprise AP(if-wireless g: VAP[0])#cipher-suite TKIP Enterprise AP(if-wireless g)# mic_mode This command specifies how to calculate the Message Integrity Check (MIC). Syntax mic_mode • hardware - Uses hardware to calculate the MIC. • software - Uses software to calculate the MIC. Default Setting software Command Mode Interface Configuration (Wireless) Command Usage • The Michael Integrity Check (MIC) is part of the Temporal Key Integrity Protocol (TKIP) encryption used in Wi-Fi Protected Access (WPA) security. The MIC calculation is performed in the access point for each transmitted packet and this can impact throughput and performance. The access point supports a choice of hardware or software for MIC calculation. The performance of the access point can be improved by selecting the best method for the specific deployment. • Using the "hardware" option provides best performance when the number of supported clients is less than 27. 5-137