Configuring Cipher Suites; Configuring Wep; Configuring Wep With 12.4(3)Jk Or Later Releases - Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module Software Configuration Manual

Configuring Cipher Suites

•
•
•
•
•
Configuring Cipher Suites
These sections describe how to configure cipher suites, WEP and additional WEP features such as MIC
and TKIP:
•
•
Encryption cipher suite and WEP are disabled by default.

Configuring WEP

Configuring WEP with 12.4(3)JK or Later Releases

Cisco 3201 WMICs with 12.4(3)JK or later release move encryption settings from the dot11 interface to
each SSID configuration. Csico 3202 WMIC and 3205WMIC supports this feature change starting
12.4(3)JL release.
To configure WEP encryptions, follow these steps, beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
dot11 ssid sample_ssid
Cisco 3200 Series Wireless MIC Software Configuration Guide
2
AES-CCMP—Based on the Advanced Encryption Standard (AES) defined in the National Institute
of Standards and Technology's FIPS Publication 197, AES-CCMP is a symmetric block cipher that
can encrypt and decrypt data using keys of 128, 192, and 256 bits. AES-CCMP is superior to WEP
encryption and is defined in the IEEE 802.11i standard.
WEP (Wired Equivalent Privacy)—WEP is an 802.11 standard encryption algorithm originally
designed to provide your wireless LAN with the same level of privacy available on a wired LAN.
However, the basic WEP construction is flawed, and an attacker can compromise the privacy with
reasonable effort.
TKIP (Temporal Key Integrity Protocol)—TKIP is a suite of algorithms surrounding WEP that is
designed to achieve the best possible security on legacy hardware built to run WEP. TKIP adds four
enhancements to WEP:
A per-packet key mixing function to defeat weak-key attacks
–
A new IV sequencing discipline to detect replay attacks
–
A cryptographic Message Integrity Check (MIC), called Michael, to detect forgeries such as bit
–
flipping and altering packet source and destination
An extension of IV space, to virtually eliminate the need for rekeying
–
CKIP (Cisco Key Integrity Protocol)—The Cisco WEP key permutation technique based on an early
algorithm presented by the IEEE 802.11i security task group. (CKIP and CKIP-CMIC are supported
only on the 2.4-GHz (802.11b/g) Cisco wireless mobile interface card (WMIC).)
CMIC (Cisco Message Integrity Check)—Like TKIP, the Cisco message integrity check mechanism
is designed to detect forgery attacks.
Configuring WEP, page 2
Enabling Cipher Suite, page 5
Purpose
Enters global configuration mode.
Enters SSID Configuration.
Cipher Suites and WEP