Specifications
Chapter 3 Configuration
Radio Configuration
3-34
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-01
Enhanced MIC verification for WEP
This setting enables Message Integrity Check (MIC), a security feature that
protects your WEP keys by preventing attacks on encrypted packets called bit-flip
attacks. During a bit-flip attack, an intruder intercepts an encrypted message,
alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. The MIC, implemented on both the access point and all
associated client devices, adds a few bytes to each packet to make the packets
tamper-proof. Select MMH from the pull-down menu and click Apply to enable
MIC.
Note MIC takes effect only when the Use Aironet Extensions setting on the AP Radio
Advanced page is set to yes and WEP is enabled and set to full encryption.
Note When you enable MIC, only MIC-capable client devices can communicate with
the access point.
Temporal Key Integrity Protocol
This setting enables the temporal key integrity protocol (TKIP, also known as
WEP key hashing), which defends against an attack on WEP in which the intruder
uses the unencrypted initialization vector (IV) in encrypted packets to calculate
the WEP key. WEP key hashing removes the predictability that an intruder relies
on to determine the WEP key by exploiting IVs. Select Cisco from the pull-down
menu and click Apply to enable WEP key hashing.
Note To use TKIP, the Use Aironet Extensions setting on the AP Radio Advanced page
must be set to yes (the default setting).
Note When you enable TKIP, all WEP-enabled client devices associated to the access
point must support WEP key hashing. WEP-enabled devices that do not support
key hashing cannot communicate with the access point.