WEP Configuration on the Access Point

© 2003, Cisco Systems, Inc. All rights re

AWLF v3.1

© 2003, Cisco Systems, Inc. All rights re

AWLF v3.1

At least one WEP key needs to be set on the access point. This key will be used for multicast packets. After the client has been authenticated with the RADIUS server, the WEP key used for multicasts will be passed to the client and will be encrypted using the session key.

Note It is possible to use EAP without using WEP, but all multicast packets sent by the access point will not be encrypted.

Accept Authentication Type- Check the Network-EAP box to allow clients to authenticate using LEAP (or Host Based EAP).

In order for the access point to require that other types of authentication (Open, Shared Key) use EAP (EAP-TLS, EAP-MD5), check the appropriate box (Open, Shared Key), and then check the Require EAP box below. This will force all clients using that authentication method to authenticate using EAP.

Note This feature is useful in insuring that non-Cisco Aironet devices with EAP enabled can authenticate through the access point.

AWLF v3.1—9-70

Message Integrity Check (MIC)

MIC helps prevent bit-flip attacks.

Note MIC must be set up and WEP enabled with full encryption before MIC takes effect.

Note To use MIC, the Use Aironet Extensions setting on the access point Radio Advanced screen must be set to yes (the default setting).

Note The access point must be set up for WEP with full encryption before MIC becomes active. If

WEP is off or set to optional, MIC is not enabled.

From the access point Radio Advanced screen, select MMH from the Enhanced MIC verification for WEP pull-down menu. Click OK.

MIC is enabled, and only client devices with MIC capability can communicate with the access point.

Was this article helpful?

0 0

Post a comment