< Home

Configuring WPA/WPA2-PSK

Context

Both WPA and WPA2 support PSK authentication and TKIP or AES encryption algorithm. The WPA and WPA2 protocols provide almost the same security level and their difference lies in the protocol packet format.

The WPA/WPA2-PSK security policy applies to individual, home, and SOHO networks that do not require high security. The implementation of the security policy does not require an authentication server. If a wireless terminal supports only WEP encryption, the terminal can implement PSK+TKIP without hardware upgrading, whereas the terminal may need to upgrade its hardware to implement PSK+AES.

Wireless terminals vary and support different authentication and encryption modes. To enable terminals of various types to access the network and facilitate network management, you can configure WPA and WPA2 simultaneously on the device. If the security policy is set to WPA-WPA2, any terminal that supports WPA or WPA2 can be authenticated and access the WLAN; if the encryption mode is set to TKIP-AES, any authenticated terminal that supports TKIP or AES can implement service packet encryption.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run security-profile name profile-name

    The security profile view is displayed.

  4. Run security { wpa | wpa2 | wpa-wpa2 } psk { pass-phrase | hex } key-value { aes | tkip | aes-tkip }, or security wpa-wpa2 psk { pass-phrase | hex } key-value tkip aes

    The security policy is set to WPA/WPA2-PSK.

  5. (Optional) Run wpa ptk-update enable

    Periodic PTK update is enabled.

    By default, periodic PTK update is disabled.

    When periodic PTK update is implemented, some STAs may encounter service interruptions or go offline due to individual problems.

  6. (Optional) Run wpa ptk-update ptk-update-interval ptk-rekey-interval

    The PTK update interval is configured.

    By default, the interval for updating PTKs is 43200 seconds.

  7. (Optional) Run pmf { optional | mandatory }

    The PMF function is configured.

    By default, the PMF function is disabled for a VAP.

    The authentication mode WPA2 and encryption mode AES are required.

Parent Topic: Configuring a Security Policy
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >