8-12
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter8 Security Setup
Enabling Additional WEP Security Features
Follow these steps to enable MIC:
Step1 Follow the steps in the “Setting Up WEP” section on page8-7 to se t up and enable WEP. You must set
up and enable WEP with full encryption before MIC becomes active. If WEP is off or if you set it to
optional, MIC is not enabled.
Note If you enable MIC but you use static WEP (you do not enable any type of EAP au thentication),
both the access point radio and any devices with which it communicates must use the same WEP
key for transmitting data. For example, if the MIC-enabled access point uses the key in slot 1 as
the transmit key, a client device associated to the access point must use the same key in its slot
1, and the key in the client’s slot 1 must be selected as the transmit key.
Step2 Browse to the AP Radio Advanced page for the internal radio or the radio module.
Step3 Select MMH from the Enhanced MIC verification for WEP pull-down menu.
Step4 Make sure yes is selected for the Use Aironet Extensions setting. MIC does not work if Use Aironet
Extensions is set to no.
Step5 Click OK. MIC is enabled, and only client devices with MIC capability can communicate with the access
point.
Enabling Temporal Key Integrity Protocol (TKIP)Temporal Key Integrity Protocol (TKIP), also known as WEP key hashing, defends against an attack on
WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted
packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine
the WEP key by exploiting IVs. TKIP protects both unicast and broadcast WEP keys.
Note When you enable TKIP, all WEP-enabled client devices associated to the access point must support WEP
key hashing. WEP-enabled devices that do not support key hashing cannot communicate with the access
point.
Note To use TKIP, the Use Aironet Extensions setting on the AP Radio Advanced page must be set to yes (the
default setting).
Tip When you enable TKIP, you do not need to enable broadcast key rotation. Key hashing prevents intruders
from calculating the static broadcast key, so you do not need to rotate the broa dcast key.
Follow these steps to enable TKIP:
Step1 Follow the steps in the “Setting Up WEP” section on page 8-7 to set up and enable WEP. Select either
optional or full encryption for the WEP level.