Wireless
Networks
Cisco Small Business WAP371 Wireless Access Point Administration Guide
74
5
-
Both Open System and Shared Key. When you select both authentication
algorithms, client stations configured to use WEP in shared key mode must have a
valid WEP key in order to associate with the WAP device. Also, client stations
configured to use WEP as an open system (shared key mode not enabled) can
associate with the WAP device even if they do not have the correct WEP key.
Static WEP Rules
If you use Static WEP, these rules apply:
•
All client stations must have the Wireless LAN (WLAN) security set to WEP, and all
clients must have one of the WEP keys specified on the WAP device in order to decode
AP-to-station data transmissions.
•
The WAP device must have all keys used by clients for station-to-AP transmit so that it
can decode the station transmissions.
•
The same key must occupy the same slot on all nodes (AP and clients). For example, if
the WAP device defines abc123 key as WEP key 3, then the client stations must define
that same string as WEP key 3.
•
Client stations can use different keys to transmit data to the access point. (Or they can
all use the same key, but using the same key is less secure because it means one station
can decrypt the data being sent by another.)
•
On some wireless client software, you can configure multiple WEP keys and define a
client station transfer key index, and then set the stations to encrypt the data they
transmit using different keys. This ensures that neighboring access points cannot
decode other access point transmissions.
•
You cannot mix 64-bit and 128-bit WEP keys between the access point and its client
stations.
Dynamic WEP
Dynamic WEP refers to the combination of 802.1x technology and the Extensible
Authentication Protocol (EAP). With Dynamic WEP security, WEP keys are changed
dynamically.
EAP messages are sent over an IEEE 802.11 wireless network using a protocol called EAP
Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically generated keys that
are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic
redundancy checking (CRC) of each 802.11 frame.
This mode requires the use of an external RADIUS server to authenticate users. The WAP
device requires a RADIUS server that supports EAP, such as the Microsoft Internet
Authentication Server. To work with Microsoft Windows clients, the authentication server
must support Protected EAP (PEAP) and MSCHAP V2.