Manualshelf

user manual

ManualsBrandsCisco Systems ManualsNetwork RouterNetwork Router DL-2159-05
171172173174175176177178179180
8-13
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 8 Security Setup
Enabling Additional WEP Security Features
Step 2 Follow this link path to browse to the AP Radio Advanced page:
a. On the Summary Status page, click Setup.
b. On the Setup page, click Advanced in the AP Radio row under Network Ports for the internal radio
or the radio module.
Step 3 Select Cisco from the Temporal Key Integrity Protocol pull-down menu.
Step 4 Make sure yes is selected for the Use Aironet Extensions setting. Key hashing does not work if Use
Aironet Extensions is set to no.
Step 5 Click OK. TKIP is enabled.
Enabling Broadcast WEP Key Rotation
EAP authentication provides dynamic unicast WEP keys for client devices but uses static multicast keys.
With broadcast, or multicast, WEP key rotation enabled, the access point provides a dynamic broadcast
WEP key and changes it at the interval you select. Broadcast key rotation is an excellent alternative to
TKIP if your wireless LAN supports wireless client devices that are not Cisco devices or that cannot be
upgraded to the latest firmware for Cisco client devices.
Note When you enable broadcast key rotation, only wireless client devices using LEAP, EAP-TLS, or PEAP
authentication can use the access point. Client devices using static WEP (with open, shared key, or
EAP-MD5 authentication) cannot use the access point when you enable broadcast key rotation.
Tip Broadcast key rotation and TKIP (WEP key hashing) provide similar protection. If you enable TKIP, you
might not need to enable key rotation.
When broadcast key rotation is enabled, you can configure the WEP keys so that the unicast key is
overwritten when the keys are rotated. If no keys are set when broadcast key rotation is enabled, key 0
becomes the transmit key by default. This means that key 0 and key 1 are rotated as the broadcast keys
and key 3 is used as the unicast key. This configuration poses no problem.
A key can also be explicitly set as the transmit key, meaning that the transmit key and transmit key index
+1 are rotated as the broadcast keys. Setting key 0 or 1 works satisfactorily. But if you set key 2 or 3 as
the transmit key then the unicast key, which is generated following LEAP authentication and set as key
3, is overwritten as the broadcast keys are rotated.
Therefore, you should specify only key 0 or 1 as the transmit key.
Note If you enable Broadcast Key Rotation on one of the radios in a dual-radio access point, Broadcast Key
Rotation is automatically enabled on the other radio.
Tip You might not need to enable broadcast key rotation if you enable TKIP. You can use both key rotation
and key hashing, but these features provide similar protection.