Cisco CISCO1401 Software Guide - Page 118
Understanding WEP, Configuring WEP and WEP Features, Creating WEP Keys
UPC - 746320202785
View all Cisco CISCO1401 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
Understanding WEP Chapter 9 Configuring WEP and WEP Features Understanding WEP Just as anyone within range of a radio station can tune to the station's frequency and listen to the signal, any wireless networking device within range of an bridge can receive the bridge's radio transmissions. Because WEP is the first line of defense against intruders, Cisco recommends that you use full encryption on your wireless network. WEP encryption scrambles the radio communication between bridges to keep the communication private. Communicating bridges use the same WEP key to encrypt and unencrypt radio signals. WEP keys encrypt both unicast and multicast messages. Unicast messages are addressed to just one device on the network. Multicast messages are addressed to multiple devices on the network. Extensible Authentication Protocol (EAP) authentication provides dynamic WEP keys to wireless devices. Dynamic WEP keys are more secure than static, or unchanging, WEP keys. If an intruder passively receives enough packets encrypted by the same WEP key, the intruder can perform a calculation to learn the key and use it to join your network. Because they change frequently, dynamic WEP keys prevent intruders from performing the calculation and learning the key. See Chapter 10, "Configuring Authentication Types," for detailed information on EAP and other authentication types. Two additional security features defend your wireless network's WEP keys: • Message Integrity Check (MIC)-MIC prevents attacks on encrypted packets called bit-flip attacks. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC, implemented on associated bridges, adds a few bytes to each packet to make the packets tamper proof. • TKIP (Temporal Key Integrity Protocol, also known as WEP key hashing)-This feature defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs. Note If VLANs are enabled on your bridges, WEP, MIC, and TKIP are supported only on the native VLAN. Configuring WEP and WEP Features These sections describe how to configure WEP and additional WEP features such as MIC and TKIP: • Creating WEP Keys, page 9-2 • Enabling and Disabling WEP and Enabling TKIP and MIC, page 9-3 WEP, TKIP, and MIC are disabled by default. Creating WEP Keys Beginning in privileged EXEC mode, follow these steps to create a WEP key and set the key properties: Step 1 Step 2 Command configure terminal interface dot11radio 0 Purpose Enter global configuration mode. Enter interface configuration mode for the radio interface. Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 9-2 OL-4059-01