Additional Wep Key Security Features; Synchronizing Security Features - Cisco CB21AG Installation And Configuration Manual
Cisco aironet 802.11a/b/g wireless lan client adapters (cb21ag and pi21ag)
Hide thumbs
Also See for CB21AG:
- Installation and configuration manual (226 pages) ,
- Install wizard (34 pages) ,
- User manual (22 pages)
Table of Contents
Advertisement
Setting Security Parameters
Additional WEP Key Security Features
The three security features discussed in this section (MIC, TKIP, and broadcast key rotation) are
designed to prevent sophisticated attacks on your wireless network's WEP keys. These features do not
need to be enabled on the client adapter; they are supported automatically in the client adapter software.
However, they must be enabled on the access point.
Note
Refer to the documentation for your access point for instructions on enabling these security features.
Message Integrity Check (MIC)
MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an
encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.
The Advanced Status window indicates if MIC is being used, and the Advanced Statistics window
provides MIC statistics.
Temporal Key Integrity Protocol (TKIP)
This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.
TKIP is enabled automatically when WPA is enabled, and it is disabled when WPA is disabled.
Note
Broadcast Key Rotation
When you enable broadcast WEP key rotation, the access point provides a dynamic broadcast WEP key
and changes it at the interval you select.
Synchronizing Security Features
In order to use any of the security features discussed in this section, both your client adapter and the
access point to which it will associate must be set appropriately.
point settings required for each security feature. This chapter provides specific instructions for enabling
the security features on your client adapter. Refer to the documentation for your access point for
instructions on enabling any of these features on the access point.
Table 5-4
Security Feature
Static WEP with open
authentication
Static WEP with shared key
authentication
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide
5-20
Client and Access Point Security Settings
Client Setting
Choose Open authentication and
Pre-Shared Key (Static WEP) and
create a WEP key
Choose Shared authentication and
Pre-Shared Key (Static WEP) and
create a WEP key
Chapter 5
Configuring the Client Adapter
Table 5-4
indicates the client and access
Access Point Setting
Set up and enable WEP and enable
Open Authentication for the SSID
Set up and enable WEP and enable
Shared Key Authentication for the
SSID
OL-4211-03
Advertisement
Table of Contents
Troubleshooting
