Table of Contents
Advertisement
Chapter 5
Configuring the Client Adapter
The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your
adapter or dynamically created as part of the EAP authentication process. The information in the
WEP Keys"
of WEP keys you want to use. Dynamic WEP keys with EAP offer a higher degree of security than static
WEP keys.
WEP keys, whether static or dynamic, are either 40 or 128 bits in length. 128-bit WEP keys offer a
greater level of security than 40-bit WEP keys.
Refer to the
Note
security features that can make your WEP keys even more secure.
Static WEP Keys
Each device (or profile) within your wireless network can be assigned up to four static WEP keys. If a
device receives a packet that is not encrypted with the appropriate key (as the WEP keys of all devices
that are to communicate with each other must match), the device discards the packet and never delivers
it to the intended receiver.
Static WEP keys are write-only and temporary; therefore, they cannot be read back from the client
adapter, and they are lost when power to the adapter is removed or the Windows device is rebooted.
Although the keys are temporary, you do not need to re-enter them each time the client adapter is inserted
or the Windows device is rebooted. This is because the keys are stored (in an encrypted format for
security reasons) in the registry of the Windows device. When the driver loads and reads the client
adapter's registry parameters, it also finds the static WEP keys, unencrypts them, and stores them in
volatile memory on the adapter.
The Network Security screen enables you to view the current WEP key settings for the client adapter and
then to assign new WEP keys or overwrite existing WEP keys as well as to enable or disable static WEP.
Refer to the
EAP (with Dynamic WEP Keys)
The new standard for wireless LAN security, as defined by the Institute of Electrical and Electronics
Engineers (IEEE), is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X
and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless
client and an authentication server, such as a Remote Authentication Dial-In User Service (RADIUS)
server, to which the access point communicates over the wired network.
Two 802.1X authentication types can be selected in ACU for use with Windows operating systems:
•
Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-07
and
"EAP (with Dynamic WEP Keys)"
"Additional WEP Key Security Features" section on page 5-28
"Using Static WEP" section on page 5-32
EAP-Cisco Wireless (or LEAP)—This authentication type is available for Windows 98, 98 SE, NT,
2000, Me, and XP, as well as non-Windows systems. Support for LEAP is provided not in the
Windows operating system but in your client adapter's firmware and the Cisco software that
supports it. RADIUS servers that support LEAP include Cisco Secure ACS version 2.6 and greater,
Cisco Access Registrar version 1.7 and greater, and Funk Software's Steel-Belted RADIUS version
3.0 and greater.
LEAP is enabled or disabled for a specific profile through ACU, provided the LEAP security module
was selected during installation. After LEAP is enabled, a variety of configuration options are
available, including how and when a username and password are entered to begin the authentication
process.
Setting Network Security Parameters
sections below can help you to decide which type
for information on three
for instructions.
"Static
5-23
Advertisement
Table of Contents
Troubleshooting
