Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
141142143144145146147148149150
Configure GRE Tunnels
© 2012 Meru Networks, Inc. Configuring Security 121
Before transmission takes place, WEP combines the key stream with the payload and
ICV through a bit-wise XOR process, which produces cipher text (encrypted data).
WEP includes the IV in the clear (unencrypted) within the first few bytes of the frame
body. The receiving station uses this IV along with the shared secret key supplied by
the user of the receiving station to decrypt the payload portion of the frame body.
Limitations of the WEP Protocol
WEP is vulnerable because the relatively short IVs and keys remain static. Within a
short amount of time, WEP eventually uses the same IV for different data packets.
For a large busy network, the same IVs can be used within an hour or so. This results
in the transmitted frames having key streams that are similar. If a hacker collects
enough frames based on the same IV, the hacker can determine the shared values
among them (the key stream or the shared secret key). This can allow to the hacker
to decrypt any of the 802.11 frames.
A major underlying problem with the existing 802.11 standard is that the keys are
cumbersome to change. The 802.11 standard does not provide any functions that
support the exchange of keys between stations. To use different keys, an adminis-
trator must manually configure each access point and radio NIC with a new common
key. If the WEP keys are not updated continuously, an unauthorized person with a
sniffing tool can monitor your network and decode encrypted frames.
Despite the flaws, you should enable WEP as a minimum level of security. Many
hackers are capable of detecting wireless LANs where WEP is not in use and then use
a laptop to gain access to resources located on the associated network. By activating
WEP, however, you can at least minimize this from happening. WEP does a good job
of keeping most honest people out.
Configure GRE Tunnels
The GRE tunneling provides packet isolation from one endpoint to another, encapsu-
lated within an IP tunnel to separate user traffic.
GRE Tunneling facilitates configurations as shown in Figure 11, where guest users who
are logged into a guest ESS are given “guest” Internet access at Level 1 and have their
traffic separated from corporate users who are on a common shared link to the corpo-
rate campus. Contract users have similar connection as corporate users but are
restricted in access to certain sites by user firewall policies.
GRE tunneling provides an option to segregate users’ traffic by allowing an ESS
profile to be tied to a GRE profile. This provides an alternative to VLANs for segre-
gating traffic.