Temporal Key Integrity Protocol (Tkip); Broadcast Key Rotation; Synchronizing Security Features - Cisco AIR-PCM352 - Aironet 350 Series 11Mbps Wireless LAN PC Card Adapter Installation And Configuration Manual

Overview of Security Features
Note

Temporal Key Integrity Protocol (TKIP)

This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.
Note

Broadcast Key Rotation

EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or
multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless
client devices using LEAP, EAP-FAST, EAP-TLS, or PEAP authentication can associate to the access
point. Client devices using static WEP (with open or shared key authentication) cannot associate.

Synchronizing Security Features

In order to use any of the security features discussed in this section, both your client adapter and the access
point to which it will associate must be set appropriately.
settings required for each security feature. This chapter provides specific instructions for enabling the security
features on your client adapter. Refer to the documentation for your access point for instructions on
enabling any of these features on the access point.
Table 5-2
Security Feature
Static WEP with open
authentication
Static WEP with shared key
authentication
LEAP authentication
EAP-FAST authentication
Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE
5-16
If you enable MIC on the access point, your client adapter's driver must support MIC; otherwise,
the client cannot associate.
If you enable TKIP on the access point, your client adapter's firmware must support TKIP;
otherwise, the client cannot associate.
Client and Access Point Security Settings
Client Setting
Create a WEP key and enable Static
WEP Keys and Open
Authentication
Create a WEP key and enable Static
WEP Keys and Shared Key
Authentication
Enable LEAP
Enable EAP-FAST and enable
automatic provisioning or import a
PAC file
Chapter 5 Configuring the Client Adapter
Table 5-2 indicates the client and access point
Access Point Setting
Set up and enable WEP and enable
Open Authentication for the SSID
Set up and enable WEP and enable
Shared Key Authentication for the
SSID
Set up and enable WEP and enable
Network-EAP for the SSID
Set up and enable WEP and enable
Network-EAP for the SSID
OL-1375-04