Temporal Key Integrity Protocol (Tkip); Broadcast Key Rotation; Synchronizing Security Features - Cisco Aironet 340 Series Installation And Configuration Manual

Wireless lan client adapters windows ce

Hide thumbs Also See for Aironet 340 Series:

Configuration manual (206 pages)

Hardware installation manual (80 pages)

Quick start manual (16 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

Table of Contents

Chapter 4

Enabling Security Features

Temporal Key Integrity Protocol (TKIP)

This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the

intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes

the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both

unicast and broadcast WEP keys.

Note

Broadcast Key Rotation

EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or

multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic

broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless

client devices using LEAP or EAP-TLS authentication can associate to the access point. Client devices

using static WEP (with open, shared key, or EAP-MD5 authentication) cannot associate.

Synchronizing Security Features

In order to use any of the security features discussed in this section, both your client adapter and the access

point to which it will associate must be set appropriately.

settings required for each security feature. This chapter provides specific instructions for enabling the security

features on your client adapter. Refer to the Cisco Aironet Access Point Software Configuration Guide for

instructions on enabling the features on the access point.

Table 4-1

Security Feature

Static WEP with open

authentication

Static WEP with shared key

authentication

LEAP authentication

MIC

TKIP

Broadcast key rotation

OL-1375-02

If you enable TKIP on the access point, your client adapter's firmware must support TKIP;

otherwise, the client cannot associate.

Client and Access Point Security Settings

Client Setting

Create a WEP key and enable Use

Static WEP Keys and Open

Authentication

Create a WEP key and enable Use

Static WEP Keys and Shared Key

Authentication

Enable LEAP

Use driver version 2.2x or greater

Use firmware version 4.25.23 or

greater

Use firmware version 4.25.23 or

greater and enable LEAP

Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

Overview of Security Features

Table 4-1

indicates the client and access point

Access Point Setting

Set up and enable WEP and enable

Open Authentication

Set up and enable WEP and enable

Shared Key Authentication

Set up and enable WEP and enable

Network-EAP

Set up and enable WEP with full

encryption, set MIC to MMH, and

set Use Aironet Extensions to Yes

Set up and enable WEP, set TKIP to

Cisco, and set Use Aironet

Extensions to Yes

Set up and enable WEP and set

Broadcast WEP Key Rotation

Interval to any value other than

zero (0)

4-5

Table of Contents

Troubleshooting

This manual is also suitable for:

Aironet 350 series Air-pcm341 Air-pcm342 Air-lmc341 Air-lmc342 Air-pcm351 ... Show all

Temporal Key Integrity Protocol (Tkip); Broadcast Key Rotation; Synchronizing Security Features - Cisco Aironet 340 Series Installation And Configuration Manual

Temporal Key Integrity Protocol (TKIP)

Broadcast Key Rotation

Synchronizing Security Features

Troubleshooting

Related Manuals for Cisco Aironet 340 Series

Related Content for Cisco Aironet 340 Series

This manual is also suitable for:

Table of Contents