Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 340 Series

181

182

183

184

185

186

187

188

189

190

Chapter 8 Security Setup

Security Overview

8-4

Cisco Aironet Access Point Software Configuration Guide

OL-0657-07

each packet to make the packets tamper-proof. See the “Enabling Message

Integrity Check (MIC)” section on page 8-14 for instructions on enabling

MIC MIC is also known as key hashing.

• TKIP (Temporal Key Integrity Protocol, also known as WEP key

hashing)—This feature defends against an attack on WEP in which the

intruder uses the unencrypted initialization vector (IV) in encrypted packets

to calculate the WEP key. TKIP removes the predictability that an intruder

relies on to determine the WEP key by exploiting IVs. See the “Enabling

Temporal Key Integrity Protocol (TKIP)” section on page 8-16 for

instructions on enabling TKIP.

• Broadcast key rotation—EAP authentication provides dynamic unicast WEP

keys for client devices but uses static broadcast, or multicast, keys. When you

enable broadcast WEP key rotation, the access point provides a dynamic

broadcast WEP key and changes it at the interval you select. Broadcast key

rotation is an excellent alternative to TKIP if your wireless LAN supports

wireless client devices that are not Cisco devices or that cannot be upgraded

to the latest firmware for Cisco client devices. See the “Enabling Broadcast

WEP Key Rotation” section on page 8-18 for instructions on enabling

broadcast key rotation.

Note The MIC, TKIP, and broadcast key rotation features are available in firmware

versions 11.10T and later, which are available on Cisco.com. You can

download Cisco Aironet firmware releases at

http://www.cisco.com/public/sw-center/sw-wireless.shtml.

Network Authentication Types

Before a wireless client device can communicate on your network through the

access point, it must authenticate to the access point and to your network. The

access point uses four authentication mechanisms or types and can use more than

one at the same time:

• Network-EAP—This authentication type provides the highest level of

security for your wireless network. By using the Extensible Authentication

Protocol (EAP) to interact with an EAP-compatible RADIUS server, the

access point helps a wireless client device and the RADIUS server to perform

mutual authentication and derive a dynamic unicast WEP key. The RADIUS