10-5
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter10 Configuring Cipher Suites and WEP
Configuring Cipher Suites and WEP
WEP Key Restrictions
Table10-1 lists WEP key restrictions based on your security configuration.
Example WEP Key Setup
Table10-2 shows an example WEP key setup that would work for the access point and an associated
device:
Because the access point’s WEP key 1 is selected as the transmit key, WEP key 1 on the other device
must have the same contents. WEP key 4 on the other device is set, but because it is not selected as the
transmit key, WEP key 4 on the access point does not need to be set at all.
Table10-1 WEP Key Restrictions
Security Configuration WEP Key Restriction
CCKM or WPA authenticated key
management
Cannot configure a WEP key in key slot 1
LEAP or EAP authentication Cannot configure a WEP key in key slot 4
Cipher suite with 40-bit WEP Cannot configure a 128-bit key
Cipher suite with 128-bit WEP Cannot configure a 40-bit key
Cipher suite with TKIP Cannot configure any WEP keys
Cipher suite with TKIP and 40-bit WEP or
128-bit WEP
Cannot configure a WEP key in key slot 1 and 4
Static WEP with MIC or CMIC Access point and client devices must use the same WEP
key as the transmit key, and the key must be in the same
key slot on both access point and clients
Broadcast key rotation Keys in slots 2 and 3 are overwritten by rotating
broadcast keys
Note Client devices using static WEP cannot use the
access point when you enable broadcast key
rotation. When you enable broadcast key
rotation, only wireless client devices using
802.1x authentication (such as LEAP, EAP-TLS,
or PEAP) can use the access point.
Table10-2 WEP Key Setup Example
Key
Slot
Access Point Associated Device
Transmit? Key Contents Transmit? Key Contents
1 x 12345678901234567890abcdef 12345678901234567890abcdef
209876543210987654321fedcba x 09876543210987654321fedcba
3not set not set
4not set FEDCBA0987654321123456789
0