Key controller wireless security
To support wireless security to standard Wi-Fi Protected Access (WPA) protocols, a key rotation strategy is implemented for Catalyst IW9167E.
A key controller is a wireless security protocol that
-
implements a key rotation strategy for Catalyst IW9167E to support wireless security to standard Wi-Fi Protected Access (WPA) protocols
-
involves a packet exchange between two devices with different stages corresponding to different states of each device, and
-
uses algorithm flow controlled by a set of timers scheduled periodically to generate new Pairwise Transient Key/Group Transient Key for packet encryption.
Security benefits
The more frequently keys are updated, the lesser amount of information is leaked in the event of an attack.
Configure key controller from CLI
Configure a key controller to enable Advanced Encryption Standard (AES) encryption, key control, and key rotation functionality on radio interfaces to enhance wireless security.
Key controller configuration is necessary when you need to implement advanced encryption and key management for wireless radio interfaces in your network infrastructure.
Procedure
|
Step 1 |
Use the configure dot11Radio interface crypto aes enable command to enable Advanced Encryption Standard (AES) on Radio. Example: |
||
|
Step 2 |
Use the configure dot11Radio interface crypto key-control enable command to enable key controller. Example: |
||
|
Step 3 |
Use the configure dot11Radio interface crypto key-control key-rotation enable command to enable key rotation. Example: |
||
|
Step 4 |
Use the configure dot11Radio interface crypto key-control key-rotation value command to set key rotation timer. Example:
|
Validate key controller from CLI
To validate a key controller, use this show command:
Device# show dot11Radio X crypto
AES encryption: enabled
AES key-control: enabled
Key rotation: enabled
Key rotation timeout: 3600(second)
Feedback