Cisco Systems
Close Window

 
     
 
   



Main Help Topics

Basic Setting
Security
Filters
QoS Configuration
Radio Configuration
VLAN Configuration
Ethernet Configuration
Server Setup
Proxy Mobile IP
Routing Setup
Network Management
Event Notification
Update Firmware
Distribute Firmware and Configuration
Diagnostics
Hot Standby Setup
Index of Help Topics

Security : Wired Equivalent Privacy (WEP) and Network-EAP

To protect the privacy of transmitted data, you can use Wired Equivalent Privacy (WEP) keys to encrypt the data signals your access point transmits and to decrypt the data signals it receives. WEP keys encrypt both unicast and multicast messages. Unicast messages are addressed to just one device on the network. Multicast messages are addressed to multiple devices on the network.

Main Help Topics

Use the AP Radio Data Encryption page to set up WEP. You can also use the AP Radio Data Encryption page to select an authentication type for the access point.

  1. On the Summary Status page, click Setup.
  2. On the Setup page, click Security.
  3. On the Security Setup page, click Radio Data Encryption (WEP).

Note  Use this page to configure the radio unless you have enabled VLANs. If VLANs are enabled, you must set the radio data encryption for each enabled VLAN through the VLAN Setup page.

Follow these steps to set up WEP keys and enable WEP:

  1. Follow the link path to the AP Radio Data Encryption page.
  2. Before you can enable WEP, you must enter a WEP key in at least one of the Encryption Key fields.

Note If you enable broadcast key rotation and EAP authentication to provide client devices with dynamic WEP keys, you can enable WEP without entering the keys.

For 40-bit encryption, enter 10 hexadecimal digits; for 128-bit encryption, enter 26 hexadecimal digits. Hexadecimal digits include the numbers 0 through 9 and the letters A through F. Your 40-bit WEP keys contain any combination of 10 of these characters; your 128-bit WEP keys can contain any combination of 26 of these characters. The letters are not case sensitive.

You can enter up to four WEP keys. The characters you type for a key's contents appear only when you type them. After you click Apply or OK, you cannot view the key's contents. You cannot delete a WEP key, but you can write new characters over an existing key.

Note If you select Network-EAP as the authentication type, you must select key 1 as the transmit key. The access point uses the WEP key you enter in key slot 1 to encrypt multicast data signals it sends to EAP-enabled client devices. If you enable broadcast key rotation, however, you can select any key as the transmit key or you can enable WEP without entering any keys.

1. Use the Key Size pull-down menu to select 40-bit or 128-bit encryption for each key. The not set option indicates empty key slots but does not disable the key. You cannot disable individual keys, but you can disable WEP altogether by selecting No Encryption in Step 7.

2. Select one of the keys as the transmit key. If you select Network-EAP as the authentication type, select 1 as the transmit key.

Note Client devices that do not use EAP to authenticate to the access point must contain the access point's transmit key in the same key slot in the client devices' WEP key lists. However, the key does not have to be selected as the transmit key in the client devices' WEP key lists.

The table below shows an example WEP key setup that would work for the access point and an associated device.

Key Slot Access Point Associated Device
Transmit? Key Contents Transmit? Key Contents
1 x 12345678901234567890abcdef - 12345678901234567890abcdef
2 - 09876543210987654321fedcba x 09876543210987654321fedcba
3 - not set - not set
4 - not set - FEDCBA09876543211234567890

Because the access point's WEP key 1 is selected as the transmit key, WEP key 1 on the other device must contain the same contents. WEP key 4 on the other device is set, but because it is not selected as the transmit key, WEP key 4 on the access point does not need to be set at all.

The characters you type for the key contents appear only when you type them. After you click Apply or OK, you cannot view the key contents. You cannot delete a WEP key, but you can write new characters over an existing key.

3. Select Optional or Full Encryption from the Use of Data Encryption by Station is pull-down menu.

Note You must set a WEP key before enabling WEP. The options in the Use of Data Encryption by Station is pull-down menu do not appear until you set a key.

The three settings in the pull-down menu include:

No Encryption (default) -- The access point communicates only with client devices that are not using WEP. Use this option to disable WEP.

Optional
-- Client devices can communicate with the access point either with or without WEP.

Full Encryption
-- Client devices must use WEP when communicating with the access point. Devices not using WEP are not allowed to communicate.

4. Click OK. You return automatically to the Security Setup page.

 
 

Copyright (c) 1992-2002 by Cisco Systems, Inc.