304 Configuring user encryptionNN47250-500 (320657-F Version 02.01)To enable or disable cipher suites, use the following commands:set service-profile name cipher-ccmp {enable | disable}set service-profile name cipher-tkip {enable | disable}set service-profile name cipher-wep104 {enable | disable}set service-profile name cipher-wep40 {enable | disable}To enable the 40-bit WEP cipher suite in service profile wpa, type the following command:WSS# set service-profile wpa cipher-wep40 enablesuccess: change accepted.After you type this command, the service profile supports TKIP and 40-bit WEP.Changing the TKIP countermeasures timer valueBy default, WSS Software enforces TKIP countermeasures for 60,000 ms (60 seconds) after a second MIC failure withina one-minute interval. To change the countermeasures timer value, use the following command:set service-profile name tkip-mc-time wait-timeTo change the countermeasures wait time in service profile wpa to 30 seconds, type the following command:WSS# set service-profile wpa tkip-mc-time 30000success: change accepted.Enabling PSK authenticationBy default, WPA uses 802.1X dynamic keying. If you plan to use static keys, you must enable PSK authentication andconfigure a passphrase or the raw key. You can configure the passphrase or key globally. You also can configure keys onan individual MAC client basis.By default, 802.1X authentication remains enabled when you enable PSK authentication.To enable PSK authentication, use the following command:set service-profile name auth-psk {enable | disable}To enable PSK authentication in service profile wpa, type the following command:WSS# set service-profile wpa auth-psk enablesuccess: change accepted.Note. Microsoft Windows XP does not support WEP with WPA. To configure a serviceprofile to provide WEP for XP clients, leave WPA disabled and see “Configuring WEP”(page 309).