10-9
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter10 Configuring WLAN Authentication and Encryption
Configuring Encryption Modes
This example shows how to create a 128-bit WEP key in slot 3 for VLAN 22 and sets the key as the
transmit key:
ap1200# configure terminal
ap1200(config)# interface dot11radio 0
ap1200(config-if)# encryption vlan 22 key 3 size 128 12345678901234567890123456
transmit-key
ap1200(config-if)# end
WEP Key Restrictions
Table10-1 lists WEP key restrictions based on your security configuration.
Example WEP Key Setup
Table10-2 shows an example WEP key setup that would work for the access point and an associated
device.
Table10-1 WEP Key Restrictions
Security Configuration WEP Key Restriction
CCKM or WPA authenticated key
management
Cannot configure a WEP key in key slot 1
LEAP or EAP authentication Cannot configure a WEP key in key slot 4
Cipher suite with 40-bit WEP Cannot configure a 128-bit key
Cipher suite with 128-bit WEP Cannot configure a 40-bit key
Cipher suite with TKIP Cannot configure any WEP keys
Cipher suite with TKIP and 40-bit WEP or
128-bit WEP
Cannot configure a WEP key in key slot 1 and 4
Static WEP with MIC Access point and client devices must use the same WEP
key as the transmit key, and the key must be in the same
key slot on both access point and clients.
Broadcast key rotation Keys in slots 2 and 3 are overwritten by rotating
broadcast keys
Note Client devices using static WEP cannot use the
access point when you enable broadcast key
rotation. Broadcast key rotation is supported
only when using key management (such as
dynamic WEP (802.1x), WPA with EAP, or
pre-shared key).
Table10-2 WEP Key Setup Example
Key
Slot
Access Point Associated Device
Transmit? Key Contents Transmit? Key Contents
1 x 12345678901234567890abcdef 12345678901234567890abcdef
209876543210987654321fedcba x 09876543210987654321fedcba