Specifications
Chapter 8 Security Setup
Enabling Additional WEP Security Features
8-18
Cisco Aironet Access Point Software Configuration Guide
OL-0657-07
Enabling Broadcast WEP Key Rotation
EAP authentication provides dynamic unicast WEP keys for client devices but
uses static multicast keys. With broadcast, or multicast, WEP key rotation
enabled, the access point provides a dynamic broadcast WEP key and changes it
at the interval you select. Broadcast key rotation is an excellent alternative to
TKIP if your wireless LAN supports wireless client devices that are not Cisco
devices or that cannot be upgraded to the latest firmware for Cisco client devices.
Note When you enable broadcast key rotation, only wireless client devices using
LEAP or EAP-TLS authentication can use the access point. Client devices
using static WEP (with open, shared key, or EAP-MD5 authentication) cannot
use the access point when you enable broadcast key rotation.
Tip Broadcast key rotation and TKIP (WEP key hashing) provide similar
protection. If you enable TKIP, you might not need to enable key rotation.
Follow these steps to enable broadcast key rotation:
Step 1 Follow the steps in the “Setting Up WEP” section on page 8-9 to set up and enable
WEP.
Step 2 Follow this link path to browse to the AP Radio Advanced page:
a. On the Summary Status page, click Setup.
b. On the Setup page, click Advanced in the AP Radio row under Network
Ports.
Step 3 On the AP Radio Advanced page, enter the rotation interval in seconds in the
Broadcast WEP Key rotation interval entry field. If you enter 900, for example,
the access point sends a new broadcast WEP key to all associated client devices
every 15 minutes. To disable broadcast WEP key rotation, enter 0.
Note You must set the rotation interval on every access point using
broadcast key rotation. You cannot enter the rotation interval on your
RADIUS server.