Configuration Guide Configuring RSNA
WEP uses the RC4 algorithm to promote data privacy and implements authentication by using a shared key. WEP does not
specify a key management scheme. Generally, keys are configured and maintained manually. WEP that does not provide a
key distribution mechanism is called manual WEP or static WEP.
A WEP encrypted key may contain 64 bits or 128 bits. The 24-bit Initialization Vector (IV) is generated by the system.
Therefore, a shared key to be configured on an AP and an STA consists of only 40 bits or 104 bits. In practice, the 104-bit
WEP keys are widely used to replace the 40-bit WEP keys. WEP using 104-bit keys are called WEP-104. Although WEP-104
increases the security of WEP encryption, WEP encryption is prone to security risks due to limitations of the RC encryption
algorithm and statically configured keys. WEP encryption cannot ensure the confidentiality and integrity of data or access
authentication.
 TKIP Encryption
Temporal Key Integrity Protocol (TKIP) is a temporary makeshift solution created by the IEEE 802.11 organization for fixing
the WEP encryption mechanism. Like WEP encryption, TKIP encryption also uses the RC4 algorithm. But compared with
WEP encryption, TKIP encryption can provide much safer protection for WLAN services in the following aspects:
A static WEP key is manually configured and all users within the same service area share the same key. A TKIP key is
generated through dynamic negotiation, and each packet has a unique key.
– TKIP increases the key length from 40 bits to 128 bits, and the IV length from 24 bits to 48 bits, thus improving the security
of WEP encryption.
– TKIP supports Message Integrity Check (MIC) and the replay prevention function.
 AES Encryption
The Counter mode with CBC-MAC Protocol (AES-CCMP) is the most advanced wireless security protocol oriented to the
public.
The IEEE 802.11i standard requires that CCMP be used to provide four security services, namely, authentication,
confidentiality, integrity, and replay prevention. CCMP uses the 128-bit Advanced Encryption Standard (AES) to implement
confidentiality and uses the CBC-MAC to ensure data integrity and authentication.
As a new advanced encryption standard, AES uses the symmetrical block encryption technology to provide better encryption
performance than the RC4 algorithm in WEP/TKIP. It is the new-generation encryption technology that replaces WEP and
brings more powerful security protection for WLANs.
1.4 Configuration
(Mandatory) It is used to enable static WEP encryption.
security static-wep-key encryption
Enables static WEP for a WLAN and configures
a static WEP key.
(Optional) It is used to configure the link authentication mode.
To Next Page
Loading...
Need help?
General
