Filter
Top Products
Wireless
WPS Setup
Cisco Small Business WAP551 and WAP561 Wireless-N Access Point 99
5
The PIN method of enrollment is potentially vulnerable by way of brute force
attacks. A network intruder could try to pose as an external registrar on the
wireless LAN and attempt to derive the PIN value of the WAP device by
exhaustively applying WPS-compliant PINs. To address this vulnerability, in the
event that a registrar fails to supply a correct PIN in three attempts within 60
seconds, the WAP device prohibits any further attempts by an external registrar to
register with the WAP device on the WPS-enabled VAP for 60 seconds. The
lockdown duration increases upon subsequent failures, up to a maximum of 64
minutes. The WAP devices registration functionality goes into permanent
lockdown after the 10th consecutive failed attempt. Reset the device to restart the
registration functionality.
However, wireless client stations may enroll with the WAP device's built-in
registrar, if enabled, during this lockdown period. The WAP device also continues
to provide proxy services for enrollment requests to external registrars.
The WAP device has an additional security features for protecting its device PIN.
After the WAP device has completed registration with an external registrar, and
the resulting WPS transaction has concluded, the device PIN is automatically
regenerated.
The WPS protocol can configure the following parameters for a WPS-enabled VAP
on a WAP device:
• Network SSID
• Key management options (WPA-PSK, or WPA-PSK and WPA2-PSK)
• Cryptography options (CCMP/AES, or TKIP and CCMP/AES)
• Network (public shared) key
If a VAP is enabled for WPS, these configuration parameters are subject to change,
and are persistent between reboots of the WAP device.
The WAP device supports registration with WPS External Registrars (ER) on the
wired and wireless LAN. On the WLAN, external registrars advertise their
capabilities within WPS-specific Information Elements (IEs) of their beacon frames;
on the wired LAN, external registrars announce their presence through UPnP.
WPS v2.0 does not require registration with an ER through the user interface. The
administrator can register the WAP device with an ER by:
STEP 1 Entering the ER PIN on the WAP device.
STEP 2 Entering the WAP device PIN on the user interface of the ER.