Filter
Top Products
Wireless
Networks
Cisco Small Business WAP551 and WAP561 Wireless-N Access Point 75
5
If you use Static WEP, these rules apply:
• All client stations must have the Wireless LAN (WLAN) security set to WEP,
and all clients must have one of the WEP keys specified on the WAP device
in order to decode AP-to-station data transmissions.
• The WAP device must have all keys used by clients for station-to-AP
transmit so that it can decode the station transmissions.
• The same key must occupy the same slot on all nodes (AP and clients). For
example, if the WAP device defines abc123 key as WEP key 3, then the
client stations must define that same string as WEP key 3.
• Client stations can use different keys to transmit data to the access point.
(Or they can all use the same key, but using the same key is less secure
because it means one station can decrypt the data being sent by another.)
• On some wireless client software, you can configure multiple WEP keys and
define a client station transfer key index, and then set the stations to encrypt
the data they transmit using different keys. This ensures that neighboring
access points cannot decode other access point transmissions.
• You cannot mix 64-bit and 128-bit WEP keys between the access point and
its client stations.
Dynamic WEP refers to the combination of 802.1x technology and the Extensible
Authentication Protocol (EAP). With Dynamic WEP security, WEP keys are changed
dynamically.
EAP messages are sent over an IEEE 802.11 wireless network using a protocol
called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically
generated keys that are periodically refreshed. An RC4 stream cipher is used to
encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11
frame.
This mode requires the use of an external RADIUS server to authenticate users.
The WAP device requires a RADIUS server that supports EAP, such as the
Microsoft Internet Authentication Server. To work with Microsoft Windows clients,
the authentication server must support Protected EAP (PEAP) and MSCHAP V2.
You can use any of a variety of authentication methods that the IEEE 802.1X mode
supports, including certificates, Kerberos, and public key authentication. You must
configure the client stations to use the same authentication method the WAP
device uses.
These parameters configure Dynamic WEP: