Cisco Systems DL-2159-05 manual Enabling Temporal Key Integrity Protocol Tkip

Chapter 8 Security Setup

Enabling Additional WEP Security Features

Follow these steps to enable MIC:

Step 1 Follow the steps in the “Setting Up WEP” section on page 8-7to set up and enable WEP. You must set up and enable WEP with full encryption before MIC becomes active. If WEP is off or if you set it to optional, MIC is not enabled.

Note If you enable MIC but you use static WEP (you do not enable any type of EAP authentication), both the access point radio and any devices with which it communicates must use the same WEP key for transmitting data. For example, if the MIC-enabled access point uses the key in slot 1 as the transmit key, a client device associated to the access point must use the same key in its slot 1, and the key in the client’s slot 1 must be selected as the transmit key.

Step 2 Browse to the AP Radio Advanced page for the internal radio or the radio module.

Step 3 Select MMH from the Enhanced MIC verification for WEP pull-down menu.

Step 4 Make sure yes is selected for the Use Aironet Extensions setting. MIC does not work if Use Aironet Extensions is set to no.

Step 5 Click OK. MIC is enabled, and only client devices with MIC capability can communicate with the access point.

Enabling Temporal Key Integrity Protocol (TKIP)

Temporal Key Integrity Protocol (TKIP), also known as WEP key hashing, defends against an attack on WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs. TKIP protects both unicast and broadcast WEP keys.

Note When you enable TKIP, all WEP-enabled client devices associated to the access point must support WEP key hashing. WEP-enabled devices that do not support key hashing cannot communicate with the access point.

Note To use TKIP, the Use Aironet Extensions setting on the AP Radio Advanced page must be set to yes (the default setting).

Tip When you enable TKIP, you do not need to enable broadcast key rotation. Key hashing prevents intruders from calculating the static broadcast key, so you do not need to rotate the broadcast key.

Follow these steps to enable TKIP:

Step 1 Follow the steps in the “Setting Up WEP” section on page 8-7to set up and enable WEP. Select either optional or full encryption for the WEP level.

Cisco Aironet 1200 Series Access Point Software Configuration Guide