Cisco Systems DL-2159-05 Temporal Key Integrity Protocol, Broadcast WEP Key rotation interval sec

Chapter 3 Radio Configuration and Basic Settings

Radio Configuration

Temporal Key Integrity Protocol

This setting enables the temporal key integrity protocol (TKIP, also known as WEP key hashing), which defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key. WEP key hashing removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs. Select Cisco from the pull-down menu and click Apply to enable WEP key hashing.

Note To use TKIP, the Use Aironet Extensions setting on the AP Radio Advanced page must be set to yes (the default setting).

Note When you enable TKIP, all WEP-enabled client devices associated to the access point must support WEP key hashing. WEP-enabled devices that do not support TKIP cannot communicate with the access point.

Broadcast WEP Key rotation interval (sec)

This option enables broadcast key rotation by setting a key rotation interval. With broadcast, or multicast, WEP key rotation enabled, the access point provides a dynamic broadcast WEP key and changes it at the interval you select. Broadcast key rotation is an excellent alternative to TKIP if your wireless LAN supports wireless client devices that are not Cisco devices or that cannot be upgraded to the latest firmware for Cisco client devices.

To enable broadcast key rotation, enter the rotation interval in seconds in the Broadcast WEP Key rotation interval entry field. If you enter 900, for example, the access point sends a new broadcast WEP key to all associated client devices every 15 minutes. To disable broadcast WEP key rotation, enter 0.

Note When you enable broadcast key rotation, only wireless client devices using LEAP or EAP-TLS authentication can use the access point. Client devices using static WEP (with open, shared key, or EAP-MD5 authentication) cannot use the access point when you enable broadcast key rotation.

Note If you enable Broadcast Key Rotation on one of the radios in a dual-radio access point, Broadcast Key Rotation is automatically enabled on the other radio, also.

Advanced Primary SSID Setup Link

This link takes you to the AP Radio Primary SSID page, from which you can configure the primary SSID settings. From this page, you configure IEEE 802.11x authentication, EAP, unicast address filters, and the maximum number of associations for the radio’s primary SSID.

The more link takes you to the AP Radio Internal Service Set Setup page.

Preferred Access Points

Use these fields to set up a chain of repeater access points (access points without an Ethernet connection; see Figure 3-3). Repeater access points function best when they associate with specific access points connected to the wired LAN. You use these fields to specify the access points that provide the most efficient data transmission link for the repeater.

Cisco Aironet 1200 Seres Access Point Software Configuration Guide