4-5
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE
OL-1375-02
Chapter 4 Enabling Security Features
Overview of Security Features
Temporal Key Integrity Protocol (TKIP)
This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.
Note If you enable TKIP on the access point, your client adapter’s firmware must support TKIP;
otherwise, the client cannot associate.
Broadcast Key Rotation
EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or
multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless
client devices using LEAP or EAP-TLS authentication can associate to the access point. Client devices
using static WEP (with open, shared key, or EAP-MD5 authentication) cannot associate.
Synchronizing Security Features
In order to use any of the security features discussed in this section, both your client adapter and the access
point to which it will associate must be set appropriately. Table 4-1 indicates the client and access point
settings required for each security feature. This chapter provides specific instructions for enabling the security
features on your client adapter. Refer to the Cisco Aironet Access Point Software Configuration Guide for
instructions on enabling the features on the access point.
Table 4-1 Client and Access Point Security Settings
Security Feature Client Setting Access Point Setting
Static WEP with open
authentication
Create a WEP key and enable Use
Static WEP Keys and Open
Authentication
Set up and enable WEP and enable
Open Authentication
Static WEP with shared key
authentication
Create a WEP key and enable Use
Static WEP Keys and Shared Key
Authentication
Set up and enable WEP and enable
Shared Key Authentication
LEAP authentication Enable LEAP Set up and enable WEP and enable
Network-EAP
MIC Use driver version 2.2x or greater Set up and enable WEP with full
encryption, set MIC to MMH, and
set Use Aironet Extensions to Yes
TKIP Use firmware version 4.25.23 or
greater
Set up and enable WEP, set TKIP to
Cisco, and set Use Aironet
Extensions to Yes
Broadcast key rotation Use firmware version 4.25.23 or
greater and enable LEAP
Set up and enable WEP and set
Broadcast WEP Key Rotation
Interval to any value other than
zero (0)
To Next Page
Loading...
