494Managing 802.1X on the WSS Switch

Managing WEP Keys

Wired-Equivalent Privacy (WEP) is part of the system security of 802.1X. WSS Software uses WEP to provide confidentiality to packets as they are sent over the air. WEP operates on the AP access port.

WEP uses a secret key shared between the communicators. WEP rekeying increases the security of the network. New unicast keys are generated every time a client performs 802.1X authentication.

The rekeying process can be performed automatically on a periodic basis. By setting the Session-Timeout RADIUS attribute, you make the reauthentication transparent to the client, who is unaware that reauthentica- tion is occurring. A good value for Session-Timeout is 30 minutes.

WEP broadcast rekeying causes the broadcast and multicast keys for WEP to be rotated every WEP rekey period for each radio to each connected VLAN. The WSS switch generates the new broadcast and multicast keys and pushes the keys to the clients through EAPoL key messages. WEP keys are case-insensitive.

Use the set dot1x wep-rekeyand the set dot1x wep-rekey-periodcommands to enable WEP key rotation and configure the time interval for WEP key rotation.

Configuring 802.1X WEP Rekeying

WEP rekeying is enabled by default on the WSS switch. Disable WEP rekeying only if you need to debug your 802.1X network.

Use the following command to disable WEP rekeying for broadcast and multicast keys:

23x0# set dot1x wep-rekey disable

success: wep rekeying disabled

Note. Reauthentication is not required for using this command. Broadcast and multicast keys are always rotated at the same time, so all members of a given radio and VLAN receive the new keys at the same time.

To reenable WEP rekeying, type the following command:

23x0# set dot1x wep-rekey enable

success: wep rekeying enabled

Configuring the Interval for WEP Rekeying

The following command sets the interval for rotating the WEP broadcast and multicast keys:

set dot1x wep-rekey-period seconds

The default is 1800 seconds (30 minutes). You can set the interval from 30 to 1,641,600 seconds (19 days). For example, type the following command to set the WEP-rekey period to 900 seconds:

23x0# set dot1x wep-rekey-period 900

success: dot1x wep-rekey-period set to 900

320657-A

Page 493 Page 495
Page 494
Image 494
Nortel Networks 2300 manual Managing WEP Keys, Configuring 802.1X WEP Rekeying, Configuring the Interval for WEP Rekeying
Page 493 Page 495
Top Page Image Contents