$GYDQFHG6HFXULW\0DLQWHQDQFH
184 Industrial Ethernet Wireless LAN RLM Manager, CP 1515 Manager
C79000-G8976-C171-01
127(
i
The 802.11 standard also defines the possibility for having a unique
key per Station, tied to the station’s MAC Address. SIMATIC NET
Industrial Wireless LAN currently does not support that feature of
the standard WEP function.
When planning the usage of different keys over time a number of aspects
have to be considered:
the length of time one key stays in use;
this is a direct trade-off between security level (= the chance of
someone finding out what the key value is) and operational overhead
(= the efforts to reconfigure Access Point RLM and SIMATIC NET IWL
stations)
the requirements for smooth transition from one key to another
the minimization of end user exposure to key values
The key roll-over possibilities built in the 802.11 standard and offered by
SIMATIC NET Industrial Wireless LAN allow for a number of scenarios, each
with different values for the above aspects.
The sequence of key configuration settings at Radio Link Module (shown as
AP=Access Point) and SIMATIC NET IWL Station (shown as STA) over time
is shown in a number of tables below. Each table reflects a certain key roll-
over strategy. Notice that the column “Outward Key” shows which key is
used to encrypt traffic from AP to STA and the column “Inward Key(s)”
indicates the key(s) that are allowed and possibly used to encrypt traffic from
STA to AP. The WEP Keys that are configured are shown in order of index
number 1-2-3-4; the column “Tx” is the index number configured for