Open as PDF
Configuring WEP 299
Configuring WEP Wired-Equivalent Privacy (WEP) is a security protocol defined in the
802.11 standard. WEP uses the RC4 encryption algorithm to encrypt
To provide integrity checking, WEP access points and clients check the
integrity of a frame’s cyclic redundancy check (CRC), generate an integrity
check value (ICV), and append the value to the frame before sending it.
The radio or client that receives the frame recalculates the ICV and
compares the result to the ICV in the frame. If the values match, the
frame is processed. If the values do not match, the frame is discarded.
WEP is either dynamic or static depending on how the encryption keys
are generated. MAPs support dynamic WEP and static WEP.
For dynamic WEP, MSS dynamically generates keys for broadcast,
multicast, and unicast traffic. MSS generates unique unicast keys for
each client session and periodically regenerates (rotates) the broadcast
and multicast keys for all clients. You can change or disable the
broadcast or multicast rekeying interval.
For static WEP, MSS uses statically configured keys typed in the WX
switch’s configuration and on the wireless client and does not rotate
Dynamic WEP encryption is enabled by default. You can disable dynamic
WEP support by enabling WPA and leaving the WEP-40 or WEP-104
cipher suites disabled. If you use dynamic WEP, 802.1X must also be
configured on the client in addition to WEP.
Static WEP encryption is disabled by default. To enable static WEP
encryption, configure the static WEP keys and assign them to unicast and
multicast traffic. Make sure you configure the same static keys on the
To support dynamic WEP in a WPA environment, enable WPA and enable
the WEP-40 or WEP-104 cipher suite. (See “Configuring WPA” on
This section describes how to configure and assign static WEP keys. (To
change other key-related settings, see “Managing 802.1X Encryption
Keys” on page 533.)