Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 418

Configuring ScreenOS Devices Guide
394
The Key ID enables WEP key configuration and sets the WEP identification value. When
all WEP keys are stored on the security device, you can assign the default key ID as 1, 2,
3, or 4.
However:
When using WEP keys stored on the security device and dynamic WEP keys created
by an external RADIUS server (RADIUS dynamically creates and distributes a different
key per session for each wireless client), the ID for the default WEP key on the security
device cannot be 1 because the RADIUS server uses 1 as the ID for all its keys. The
security device can use a default WEP key with key ID 2, 3, or 4 for encryption, and a
different WEP key with ID 1, 2, 3, or 4 for authentication and decryption.
When all WEP keys are on an external RADIUS server, the server uses a key ID of 1 for
all its keys (RADIUS dynamically creates and distributes a different key per session for
each wireless client).
An encryption key length specifies the length of the key in bits. Juniper Networks supports
two WEP key lengths: 40 and 104 bits. Because the keys are concatenated with a 24-bit
initialization vector (IV), the resulting lengths are 64 and 128 bits.
Longer keys are more secure than shorter keys, but longer keys take longer to process
and can reduce throughput speeds. Select the key length that is appropriate to the
importance of the wireless traffic you want to protect:
40-bit—A 40-bit encryption length enables you to enter 10 hexadecimal digits or 5
ASCII characters.
104-bit—A 104-bit encryption length enables you to enter 26 hexadecimal digits or 13
ASCII characters.
The encryption method defines the string type (ASCII or hexadecimal) for the WEP key:
ASCII—Plain text string.
When using 40-bit length and ASCII method, enter 5 ASCII characters.
When using a 104-bit length and ASCII method, enter 13 ASCII characters.
Hexadecimal (default)—A hexadecimal string uses only A-F characters and 0-9
numbers. For example, 662ADC918DDD662ADC918DDD66 is a valid hexadecimal
string but CADETS01234567890123456789 is not; the T and S are outside the valid
hexadecimal range. The number of hexadecimal characters you enter depends on the
specified key length:
When using 40-bit length and hexadecimal method, enter 10 hexadecimal characters.
When using a 104-bit length and hexadecimal method, enter 26 hexadecimal
characters.
When using a single key on the security device for encryption, decryption, and
authentication, you must define the default WEP key.
Copyright © 2010, Juniper Networks, Inc.