Cisco Systems CB21AG Synchronizing Security Features, Additional WEP Key Security Features, Ssid

Page 86

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Additional WEP Key Security Features

The three security features discussed in this section (MIC, TKIP, and broadcast key rotation) are designed to prevent sophisticated attacks on your wireless network’s WEP keys. These features do not need to be enabled on the client adapter; they are supported automatically in the client adapter software. However, they must be enabled on the access point.

Note Refer to the documentation for your access point for instructions on enabling these security features.

Message Integrity Check (MIC)

MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.

The Advanced Status window indicates if MIC is being used, and the Advanced Statistics window provides MIC statistics.

Temporal Key Integrity Protocol (TKIP)

This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both unicast and broadcast WEP keys.

Note TKIP is enabled automatically when WPA is enabled, and it is disabled when WPA is disabled.

Broadcast Key Rotation

When you enable broadcast WEP key rotation, the access point provides a dynamic broadcast WEP key and changes it at the interval you select.

Synchronizing Security Features

In order to use any of the security features discussed in this section, both your client adapter and the access point to which it will associate must be set appropriately. Table 5-4indicates the client and access point settings required for each security feature. This chapter provides specific instructions for enabling the security features on your client adapter. Refer to the documentation for your access point for instructions on enabling any of these features on the access point.

 

 

 

 

Table 5-4

Client and Access Point Security Settings

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Security Feature

Client Setting

Access Point Setting

 

 

 

 

 

 

 

 

 

 

 

 

Static WEP with open

Choose Open authentication and

Set up and enable WEP and enable

 

 

 

 

authentication

 

Pre-Shared Key (Static WEP) and

Open Authentication for the SSID

 

 

 

 

 

 

create a WEP key

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Static WEP with shared key

Choose Shared authentication and

Set up and enable WEP and enable

 

 

 

 

authentication

 

Pre-Shared Key (Static WEP) and

Shared Key Authentication for the

 

 

 

 

 

 

create a WEP key

SSID

 

 

 

 

 

 

 

 

 

 

 

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

 

 

 

 

5-20

 

 

 

 

 

OL-4211-03

 

 

 

 

 

 

 

 

Image 86
Contents Corporate Headquarters Customer Order Number Text Part Number OL-4211-03Copyright 2005 Cisco Systems, Inc All rights reserved N T E N T S IiiAssembling the Antenna Overview Pop-Up Menu Help Exit Select Profile ViiAntenna Installation Warning B-3 ViiiWPA OL-4211-03 Preface Following topics are covered in this sectionOrganization AudiencePurpose XiiConventions XiiiXiv Cisco.com Related PublicationsObtaining Documentation Documentation DVDDocumentation Feedback Cisco Product Security OverviewOrdering Documentation XviCisco Technical Support Website Reporting Security Problems in Cisco ProductsObtaining Technical Assistance An emergency, you can also reach Psirt by telephone 877 408Xviii Submitting a Service RequestDefinitions of Service Request Severity Obtaining Additional Publications and Information XixOL-4211-03 Product Overview Client Adapter Model Number Description Introduction to the Client AdaptersTerminology AIR-CB21AGRadio Antenna Hardware ComponentsRadio LEDsClient Utilities Software ComponentsDriver Network Configurations Using Client Adapters Ad Hoc Wireless LANAccess Point Root Unit Wired LAN Preparing for Installation Safety Guidelines Safety informationFCC Safety Compliance Statement Package Contents Unpacking the Client AdapterSystem Requirements For Client Devices Site RequirementsFor Infrastructure Devices OL-4211-03 Installing the Client Adapter Inserting a Client Adapter Inserting a PC-Cardbus CardBracket screws Inserting a PCI CardChanging the Bracket Inserting the Card Assembling the Antenna Inserting a PCI Card into a PCMounting the Antenna Inserting the Antenna into Its BaseBottom of Antenna Base Mounting the Antenna Installing the Client Adapter Software Preparing Setup Window Click Next. The Setup Type window appears see Figure Cisco Aironet Installation Program Window10 Setup Type Window 11 Install Cisco Aironet Site Survey Utility Window 12 Choose Destination Location Window 13 Select Program Folder Window 14 Important Please Read! Window Feature 15 Choose Configuration Tool WindowSecurity Static WEP Yes Leap or EAP-FAST authenticationWith dynamic WEP EAP-TLS or Peap authentication Yes ReceiveClick Properties Installing a Microsoft Hot Fix for Group Policy Delay Page OL-4211-03 Using the Profile Manager Overview of Profile Manager Opening Profile ManagerSSID2 Field DescriptionSSID1 SSID3Creating a New Profile Available Infrastructure and Ad Hoc Networks WindowSNR Profile Management General Window Including a Profile in Auto Profile Selection Auto Profile Selection Management WindowOL-4211-03 Selecting the Active Profile Editing a Profile Modifying a ProfileImporting and Exporting Profiles Deleting a ProfileImporting a Profile Exporting a ProfileExport Profile Window Configuring the Client Adapter Overview Parameter Category NumberSetting General Parameters Parameter Description Client adapter to roam to that network without having to be ReconfiguredAuto profile selection or configured for use in an ad hoc Auto profile selectionSetting Advanced Parameters Profile Management Advanced WindowRadio Band Transmit Power Level Profile Management Advanced Parameters Network Type Description Parameter Description Parameter Description Default Open Setting Security Parameters Preferred Access Points WindowOverview of Security Features Profile Management Security WindowStatic WEP Keys EAP with Dynamic WEP KeysConfiguring the Client Adapter Setting Security Parameters LEAP, EAP-FAST, EAP-TLS, Peap EAP-GTC, or Peap EAP-MSCHAP V2,WPA and WPA2 Cckm Fast Secure RoamingReporting Access Points that Fail Leap Authentication Security Feature Client Setting Access Point Setting Synchronizing Security FeaturesAdditional WEP Key Security Features SsidWPA Security Feature Client Setting Access Point Setting WPA/WPA2/CCKM LEAP, EAP-FAST, EAP-TLSOr later, choose a cipher suite that is MICPeap EAP-MSCHAP Enabling Static WEPTkip Interval to any value other thanConfiguring the Client Adapter Setting Security Parameters Enabling WPA/WPA2 Passphrase Define WPA/WPA2 Pre-Shared Key WindowEnabling Leap Leap Settings Window Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Enabling EAP-FAST EAP-FAST Settings Window Configuring the Client Adapter Setting Security Parameters Click Select More Select EAP-FAST PAC Window 10 Import EAP-FAST PAC File Window Configuring the Client Adapter Setting Security Parameters Deleting a Manually Provisioned PAC File Enabling EAP-TLS or Peap Enabling EAP-TLS 12 Define Certificate WindowConfiguring the Client Adapter Setting Security Parameters Enabling Peap EAP-GTC 13 Define Peap EAP-GTC Configuration Window 14 Configuration Settings Window Configuring the Client Adapter Setting Security Parameters 15 Define Peap EAP-MSCHAP V2 Configuration Window Enabling Peap EAP-MSCHAP16 Configuration Settings Window Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Enabling the QoS Packet Scheduler on Windows Enabling Wi-Fi MultimediaDisabling Static WEP, WPA/WPA2 Passphrase, or EAP 17 Wireless Cisco Connection Properties Window 18 Select Network Component Type Window Enabling the QoS Packet Scheduler on Windows XP Click Control Panel Double-clickNetwork ConnectionsSetting Roaming Parameters in the Windows Control Panel Follow these steps to access the roaming parametersWireless Mode Using EAP Authentication Using Leap or EAP-FAST Leap or EAP-FAST Authentication Status WindowAfter Profile Activation or Card Insertion Stage ExplanationAfter a Reboot or Logon After Your EAP-FAST Password ExpiresUsing Leap or EAP-FAST with an Automatically Prompted Login Enter Wireless Network Password Window After Your EAP-FAST Password Expires Using Leap or EAP-FAST with a Manually Prompted Login After Profile ActivationAfter a Reboot, Logon, or Card Insertion Action Drop-Down Menu After Your EAP-FAST Password Expires Using Leap or EAP-FAST with a Saved Username and Password Using EAP-TLS 10 Please Change Password WindowOTP Databases Only Using Peap EAP-GTCWindows NT or 2000 Domain Databases or Ldap Databases Only Using Peap EAP-MSCHAP Restarting the Authentication ProcessOL-4211-03 Viewing Status and Statistics Status Statistics Overview of ADU Status and Statistics ToolsTool NumberDisplays the signal strength Signal-to-noise ratio as a percentageViewing the Current Status of Your Client Adapter 3interprets each element of the Current Status windowStatus Description Status Description Details on these server-based authentication types 4interprets each element of the Advanced Status windowMichael MIC is enabled and is being used with WPA and Tkip None MIC is disabledMIC is enabled and is being used with MMHWMM Status Description Status Description Cisco Aironet Desktop Utility Diagnostics Window Viewing Statistics for Your Client AdapterStatistic Description Advanced Statistics Window6interprets each element of the Advanced Statistics window Point Integrity check MIC value when Ckip was being usedCkip MIC OK OL-4211-03 Using the Aironet System Tray Utility Astu Astu Icon Infrastructure mode or another client in ad hoc modeOverview of Astu Icon DescriptionTool Tip Window Status Element DescriptionConnection Status Description Help This option enables you to access the online helpPop-Up Menu Following sections describe each Astu pop-up menu optionOpen Aironet Desktop Utility TroubleshootingExit PreferencesEnable/Disable Radio Select Profile Manual LoginReauthenticate Show Connection Status Connection Status WindowConnection Status Window Elements Ssid OL-4211-03 Routine Procedures Removing a PCI Card Removing a Client AdapterRemoving a PC-Cardbus Card Client Adapter Software Procedures Upgrading the Client Adapter SoftwarePrevious Installation Detected Window Choose Update the previous installation and click Next Uninstalling the Client Adapter Software Choose Uninstall the previous installation and click NextExiting ADU ADU ProceduresOpening ADU Finding the Version of ADU Viewing Client Adapter InformationRefer to for instructions on using Astu Astu ProceduresAccessing Online Help Enabling or Disabling Your Client Adapter’s RadioOL-4211-03 Troubleshooting 10-1Status LED green Activity LED amber Condition Accessing the Latest Troubleshooting InformationInterpreting the Indicator LEDs 10-2Troubleshooting Information Number Troubleshooting the Client AdapterUsing the Troubleshooting Utility Diagnosing Your Client Adapter’s OperationTroubleshooting Utility Window 10-4Troubleshooting Utility Window with Test Results 10-5Troubleshooting Utility Window Detailed Report 10-6Saving the Detailed Report to a Text File 10-710-8 Client Adapter Recognition ProblemsDisabling the Microsoft 802.1X Supplicant Windows 2000 Only Resolving Resource Conflicts in Windows Reboot your computerResolving Resource Conflicts 10-910-10 Problems Associating to an Access PointResolving Resource Conflicts in Windows XP Parameters Missing from Profile Management Windows Problems Connecting to the NetworkPrioritizing Network Connections 10-11Error Messages 10-1210-13 10-14 10-15 10-16 10-17 10-18 10-19 10-20 10-21 10-22 10-23 10-24 Technical Specifications ESD Physical SpecificationsRadio Specifications KV human body modelAppendix a Technical Specifications DBm @ 24 Mbps Receiver sensitivity 802.11aDBm @ 6, 9, 12, and 18 Mbps DBm @ 36 MbpsIndoor typical Outdoor typical Power Specifications Safety and Regulatory Compliance SpecificationsTranslated Safety Warnings Explosive Device Proximity Warning Antenna Installation Warning Appendix B Translated Safety Warnings Appendix B Translated Safety Warnings Appendix B Translated Safety Warnings Declarations of Conformity and Regulatory Information Models AIR-CB21AG-A-K9, AIR-PI21AG-A-K9 USADepartment of Communications Canada Canadian Compliance StatementOL-4211-03 Cisco Aironet CB21AG Wireless LAN Client Adapter Declaration of Conformity StatementCisco Aironet PI21AG Wireless LAN Client Adapter English Translation Declaration of Conformity for RF ExposureJapanese Translation English Translation 5-GHz Client AdaptersChinese Translation Communication ACTGHz Client Adapters This equipment is limited for indoor useOL-4211-03 Channels, Power Levels, and Antenna Gains Regulatory Domains ChannelsIeee 802.11a Ieee 802.11b/g Data Rate Maximum Power Levels and Antenna GainsIeee 802.11b With 1-dBi Antenna GainIeee 802.11g Mbps 31.6OL-4211-03 P E N D I X E Overview EAP with Dynamic WEP Keys WPA Configuring the Client Adapter Configuring the Client Adapter Page Configuring the Client Adapter Page Enabling EAP-TLS Authentication For EAP type, choose Smart Card or other Certificate Configuring the Client Adapter Enabling Peap Authentication Figure E-6 Protected EAP Properties Window Figure E-7 EAP MSCHAPv2 Properties Window Figure E-8 Peap Properties Window Figure E-9 Generic Token Card Properties Window Associating to an Access Point Using Windows XP Figure E-10 Wireless Network Connection Status WindowPerforming a Site Survey Guidelines Additional InformationOpening the Site Survey Utility Selecting the Client AdapterUsing the Associated AP Status Tab Specifying Display UnitsViewing the Access Point’s Status Table F-1 Site Survey Utility Associated AP Status Description Using the AP Scan List Tab Viewing the AP Scan List Figure F-5 Site Survey Utility AP Scan ListRssi Value 1, 2, 3, or Pausing the AP Scan ListCCX Detailed Information Parameter Description Access point’s wireless networkViewing AP Details Rssi Generating an AP Scan Log File Figure F-7 Site Survey Utility Log FileFinding the Version of the Site Survey Utility Accessing Online HelpUninstalling the Site Survey Utility Exiting the Site Survey UtilityPage Standard Wireless network composed of stations without access pointsStations Set of characters that contains both letters and numbersGL-2 Setting must be within the range of 64 to 2312 bytes GL-3Ethernet 802.3 and wireless LAN 802.11 specifications GL-4GL-5 GL-6 802.1X for authenticated key management Computing device with an installed client adapterProtection and 802.1X for authenticated key management GL-7GL-8 IN-1 Authentication Mode parameterSelecting in ADU Selecting the active profile Pausing ViewingADU IN-2IN-3 AstuCAM FCC C-2 ADU Windows XPData encryption ADU Site survey utility IN-4IN-5 ACK CTS CRCFCC RTSIN-7 Status With Leap Modify button Disabling EnablingMMH MIC IN-8IN-9 IN-10 IN-11 IN-12 IN-13 Regulatory compliance Safety Spread spectrumSetting Viewing ADU With test results Third-party tool, enabling in Install WizardInitial window IN-14Security features IN-15IN-16
Related manuals
Manual 34 pages 15 Kb Manual 22 pages 28.37 Kb Manual 170 pages 950 b Manual 22 pages 55.14 Kb