Unified Access Point Administrator’s Guide
Unified Access Point Administrator’s Guide
Page 51
January 2015
Section 4 - Managing the Access Point
Field
Description
WEP Keys
You can specify up to four WEP keys. In each text box, enter a string of characters for each
key. The keys you enter depend on the key type selected:
•)
ASCII — Includes upper and lower case alphabetic letters, the numeric digits, and
special symbols such as @ and #.
•) Hex — Includes digits 0 to 9 and the letters A to F.
Use the same number of characters for each key as specified in the Characters Required
field. These are the RC4 WEP keys shared with the stations using the AP.
Each client station must be configured to use one of these same WEP keys in the same slot
as specified here on the AP.
Characters Required:
The number of characters you enter into the WEP Key fields is
determined by the Key length and Key type you select. For example, if you use 128-bit
ASCII keys, you must enter 26 characters in the WEP key. The number of characters
required updates automatically based on how you set Key Length and Key Type.
Authentication
The authentication algorithm defines the method used to determine whether a client station
is allowed to associate with an AP when static WEP is the security mode.
Specify the authentication algorithm you want to use by choosing one of the following
options:
•) Open System
authentication allows any client station to associate with the AP whether
that client station has the correct WEP key or not. This algorithm is also used in
plaintext, IEEE 802.1X, and WPA modes. When the authentication algorithm is set to
Open System, any client can associate with the AP.
Note:
Just because a client station is allowed to associate does not ensure it can exchange
traffic with an AP. A station must have the correct WEP key to be able to successfully access
and decrypt data from an AP, and to transmit readable data to the AP.
•) Shared Key
authentication requires the client station to have the correct WEP key in
order to associate with the AP. When the authentication algorithm is set to Shared
Key, a station with an incorrect WEP key will not be able to associate with the AP.
•) Both Open System and Shared Key
. When you select both authentication
algorithms:
•) Client stations configured to use WEP in shared key mode must have a valid WEP
key in order to associate with the AP.
•) Client stations configured to use WEP as an open system (shared key mode not
enabled) will be able to associate with the AP even if they do not have the correct
WEP key.
Table 23 -
Static WEP
Static WEP Rules
If you use Static WEP, the following rules apply:
•) All client stations must have the Wireless LAN (WLAN) security set to WEP, and all clients must have one of the
WEP keys specified on the AP in order to de-code AP-to-station data transmissions.
•)
The AP must have all keys used by clients for station-to-AP transmit so that it can de-code the station
transmissions.
•) The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines
abc123
key as WEP key 3, then the client stations must define that same string as WEP key 3.
•)
Client stations can use different keys to transmit data to the access point. (Or they can all use the same key, but
this is less secure because it means one station can decrypt the data being sent by another.)
•) On some wireless client software, you can configure multiple WEP keys and define a client station “transfer
key index”, and then set the stations to encrypt the data they transmit using different keys. This ensures that
neighboring APs cannot decode each other’s transmissions.
•) You cannot mix 64-bit and 128-bit WEP keys between the access point and its client stations.
IEEE 802.1X
IEEE 802.1X is the standard defining port-based authentication and infrastructure for doing key management.
Extensible Authentication Protocol (EAP) messages sent over an IEEE 802.11 wireless network using a protocol
called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically-generated keys that are
periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking
(CRC) of each 802.11 frame.