wpa_cli - how to set net_nwtwork pairwiseTKIP CCMP

Jouni Malinen j
Thu Aug 28 05:18:16 PDT 2008

On Thu, Aug 28, 2008 at 01:53:05PM +0200, Manuel Sahm wrote:

> I have set WPA2 encryption in my router (TKIP + AES).
> If I type iwlist scan, linux shows me the 
> group cipher : TKIP 
> pairwise ciphers (2) : CCMP TKIP
> 1.) Why is group cipher only TKIP and not TKIP CCMP ?

Group cipher is used for broadcast/multicast frames and as such, it must
be shared with all clients and as such, there can only be one group
cipher and it has to be the least secure (well, the most likely to be
implemented) cipher from the ones enabled as pairwise ciphers.

> 2.) how could I set via wpa_cli the pairwise varaible to TKIP CCMP ?
> If I type wpa_cli -iwlan0 set_network TKIP CCMP ist doesn?t work, the
> function only allows 3 paramters ???

TKIP CCMP must be in a single command line argument, i.e., use
set_network "TKIP CCMP" on the command line.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list