Network Authentication Types - Cisco AIR-LAP1252AG-A-K9 - Aironet 1252AG - Wireless Access Point Software Configuration Manual
Software configuration guide
Hide thumbs
Also See for AIR-LAP1252AG-A-K9 - Aironet 1252AG - Wireless Access Point:
- Datasheet (14 pages)
Table of Contents
Advertisement
Security Overview
Network Authentication Types
Cisco Aironet 1200 Series Access Point Software Configuration Guide
4-4
both the access point and all associated client devices, adds a few bytes to
each packet to make the packets tamper-proof. See the
Integrity Check (MIC)" section on page 4-14
MIC.
TKIP (Temporal Key Integrity Protocol, also known as WEP key
•
hashing)—This feature defends against an attack on WEP in which the
intruder uses the unencrypted initialization vector (IV) in encrypted packets
to calculate the WEP key. TKIP removes the predictability that an intruder
relies on to determine the WEP key by exploiting IVs. See the
Temporal Key Integrity Protocol (TKIP)" section on page 4-16
instructions on enabling TKIP.
Broadcast key rotation—EAP authentication provides dynamic unicast WEP
•
keys for client devices but uses static broadcast, or multicast, keys. When you
enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you select. Broadcast key
rotation is an excellent alternative to TKIP if your wireless LAN supports
wireless client devices that are not Cisco devices or that cannot be upgraded
to the latest firmware for Cisco client devices. See the
WEP Key Rotation" section on page 4-18
broadcast key rotation.
Before a wireless client device can communicate on your network through the
access point, it must authenticate to the access point and to your network. The
access point uses four authentication mechanisms or types and can use more than
one at the same time:
Network-EAP—This authentication type provides the highest level of
•
security for your wireless network. By using the Extensible Authentication
Protocol (EAP) to interact with an EAP-compatible RADIUS server, the
access point helps a wireless client device and the RADIUS server to perform
mutual authentication and derive a dynamic unicast WEP key. The RADIUS
server sends the WEP key to the access point, which uses it for all unicast data
signals that it sends to or receives from the client. The access point also
encrypts its broadcast WEP key (entered in the access point's WEP key slot
1) with the client's unicast key and sends it to the client.
Chapter 4
Security Setup
"Enabling Message
for instructions on enabling
"Enabling
for
"Enabling Broadcast
for instructions on enabling
OL-2159-03
Hide quick links:
Advertisement
Table of Contents
