|
|
Security: Encryption
Manager |
|
You use Wired Equivalent Privacy (WEP) to encrypt
radio signals sent by the device and decrypt radio signals received
by the device. This page enables you to select authentication types
for the access point.
Indicate whether clients should use data encryption
when communicating with the device. The three options are:
-
None - The device communicates only
with client devices that are not using WEP.
-
WEP Encryption -
Choose Optional or Mandatory. If optional, client
devices can communicate with this access point or bridge with
or without WEP. If mandatory, client devices must use WEP when
communicating with the access point. Devices not using WEP are
not allowed to communicate. WEP (Wired Equivalent Privacy) is
an 802.11 standard encryption algorithm originally designed
to provide with a level of privacy experienced on a wired LAN.
The standard defines WEP base keys of size 40 bits or 104 bits.
- Cipher-Cipher
suites are sets of encryption and integrity algorithms designed
to protect radio communication on your wireless LAN. You must
use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco
Centralized Key Management (CCKM). Because cipher suites provide
the protection of communication while also allowing the use of
authenticated key management, we recommend that you enable encryption
using using the encryption mode cipher command. Use the drop-down
menu to choose among TKIP, CKIP, CMIC, and WEP. TKIP is the most
secured, and WEP is the least secured cipher suite.
- CKIP-
(Cisco Key Integrity Protocol, also known) - Cisco's WEP key
permutation technique based on an early algorithm presented
in the 802.11i security task group.
- CMIC-
(Cisco Message Integrity Check) - CMIC is Cisco's message
integrity check mechanism designed to detect forgeries attracts.
Transmit Key
Click Transmit Key and select the WEP
key this device will use. Only one key can be selected at a time.
All set keys can be used to receive data.
Note: The
key that you select as the transmit key must also be entered in
the same key slot on client devices that associate with the access
point or bridge, but it does not have to be selected as the transmit
key on the client devices.
Encryption Key
(Hexadecimal) 1-4
Enter a WEP key in one of the Encryption Key
fields. For 40-bit encryption, enter 10 hexadecimal digits; for
128-bit encryption, enter 26 hexadecimal digits. Hexadecimal digits
are a set of characters that includes numbers 0 through 9, lowercase
letters a through f, and uppercase letters A through F. Your WEP
keys can contain combinations of any of these characters. WEP
keys are not case-sensitive.
You can enter up to four WEP keys. The key that
you select as the transmit key must also be entered in the same
key slot on client devices that associate with the access point
or bridge, but it does not have to be selected as the transmit
key on the client devices.
If you have four WEP keys configured and WEP
key 2 is selected as the transmit key, WEP key 2 on the client
device must contain the same contents. If WEP key 4 on the device
client is set, but is not selected as the transmit key, WEP key
4 on the access point does not need to be set at all.
Key Size
Select 40-bit or 128-bit encryption for each
key.
Broadcast Key Rotation
Interval
Allows the access point to generate best possible
random group key and update all the key-management capable stations
periodically. Broadcast key rotation does not work for static
WEP clients. This feature keeps the group key private to currently
active members only. However, it may generate some overhead if
clients in your network roam frequently.
WPA Group Key Update
Check the appropriate checkbox to determine how
frequently the access point changes and distributes the group
key to WPA-enabled client devices.
Enable Group Key Update on Membership Termination
The access point generates and distributes
a new group key when any authenticated station disassociates
from the access point. This feature keeps the group key private
to only currently active members. However, it may generate some
overhead if clients in your network roam frequently. You should
not enable this feature if clients roam frequently among access
points.
Enable Group Key Update on Member's Capability
Change-
The access point generates and distributes
a dynamic group key when the last non-key management (static
WEP) client disassociates, and it distributes the statically
configured WEP key when the first non-key management (static
WEP) client authenticates. In WPA migration mode, this feature
significantly improves the security of the key management capable
clients when there are no legacy clients associated to the access
point.
|
|