Manualshelf

user manual

ManualsBrandsCisco Systems ManualsNetwork RouterNetwork Router DL-2159-05
171172173174175176177178179180
8-10
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 8 Security Setup
Enabling Additional WEP Security Features
Using SNMP to Set Up WEP
You can use SNMP to set the WEP level on the access point. Consult the Using SNMP section on
page 2-7 for details on using SNMP.
Access points use the following SNMP variables to set the WEP level:
dot11ExcludeUnencrypted.2
awcDot11AllowEncrypted.2
Table 8-2 lists the SNMP variable settings and the corresponding WEP levels
.
Note Access points do not use the SNMP variable dot11PrivacyInvoked, so it is always set to disabled.
Enabling Additional WEP Security Features
You can enable three advanced security features to protect against sophisticated attacks on your wireless
networks WEP keys. This section describes how to set up and enable these features:
Enabling Message Integrity Check (MIC)
Enabling Temporal Key Integrity Protocol (TKIP)
Enabling Broadcast WEP Key Rotation
Enabling Message Integrity Check (MIC)
MIC prevents attacks on encrypted packets called bit-flip attacks. During a bit-flip attack, an intruder
intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the
retransmitted message as legitimate. The MIC, implemented on both the access point and all associated
client devices, adds a few bytes to each packet to make the packets tamper-proof.
Note You must set up and enable WEP with full encryption before MIC takes effect.
Note To use MIC, the Use Aironet Extensions setting on the radios AP Radio Advanced page must be set to
yes (the default setting).
Note Enabling MIC on the internal radio module might reduce throughput for that radio by as much as 30%.
Table 8-2 SNMP Variable Settings and Corresponding WEP Levels
SNMP Variable WEP Full WEP Off WEP Optional
dot11ExcludeUnencrypted.2 true false false
awcDot11AllowEncrypted.2 true false true