Specifications
9-3
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-5260-01
Chapter 9 Configuring Cipher Suites and WEP
Configuring Cipher Suites and WEP
• Broadcast key rotation (also known as Group Key Update)—Broadcast Key Rotation allows the
access point to generate the best possible random group key and update all key-management capable
clients periodically. Wi-Fi Protected Access (WPA) also provides additional options for group key
updates. See the “Using WPA Key Management” section on page 10-7 for details on WPA.
Note Client devices using static WEP cannot use the access point when you enable broadcast key
rotation. When you enable broadcast key rotation, only wireless client devices using 802.1x
authentication (such as LEAP, EAP-TLS, or PEAP) can use the access point.
Configuring Cipher Suites and WEP
These sections describe how to configure cipher suites, WEP and additional WEP features such as MIC,
TKIP, and broadcast key rotation:
• Creating WEP Keys, page 9-3
• Enabling Cipher Suites and WEP, page 9-6
• Enabling and Disabling Broadcast Key Rotation, page 9-7
Note WEP, TKIP, MIC, and broadcast key rotation are disabled by default.
Creating WEP Keys
Note You need to configure static WEP keys only if your access point needs to support client devices that use
static WEP. If all the client devices that associate to the access point use key management (WPA, CCKM,
or 802.1x authentication) you do not need to configure static WEP keys.
Beginning in privileged EXEC mode, follow these steps to create a WEP key and set the key properties:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The
2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.