User's Manual Part 1
Table Of Contents
- contents
- Preface
- Product Overview
- Preparing for Installation
- Installing the Client Adapter
- Using the Profile Manager
- Configuring the Client Adapter
- Overview
- Setting System Parameters
- Setting RF Network Parameters
- Setting Advanced Infrastructure Parameters
- Setting Advanced Ad Hoc Parameters
- Setting Network Security Parameters
- Using EAP Authentication
- Performing Diagnostics
BETA DRAFT - CISCO CONFIDENTIAL
5-24
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-03
Chapter 5 Configuring the Client Adapter
Setting Network Security Parameters
Note The authentication process is now complete for EAP-MD5. For LEAP or EAP-TLS, the
process continues.
3. If mutual authentication is successful, the client and RADIUS server derive a dynamic,
session-based WEP key that is unique to the client.
4. The RADIUS server transmits the key to the access point using a secure channel on the wired LAN.
5. For the length of a session, or time period, the access point and the client use this key to encrypt or
decrypt all unicast packets that travel between them.
Refer to the “Enabling LEAP” section on page 5-28 for instructions on enabling LEAP or to the
“Enabling Host-Based EAP” section on page 5-31 for instructions on enabling EAP-TLS or EAP-MD5.
Note Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the following
URL for additional information on RADIUS servers:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt2/scrad.htm
Additional WEP Key Security Features
The three security features discussed in this section (MIC, TKIP, and broadcast key rotation) are
designed to prevent sophisticated attacks on your wireless network’s WEP keys. These features are
supported in the following client adapter software releases:
• PCM/LMC/PCI card firmware version 4.25.23 or greater and PCM/LMC/PCI card driver version
8.01 or greater
• Mini PCI card firmware version 5.0 or greater and mini PCI card driver version 2.20 or greater
• PC-Cardbus card firmware version 4.99 or greater and PC-Cardbus driver 3.4.9 or greater
These features do not need to be enabled on the client adapter; they are supported automatically in the
firmware and driver versions listed above. However, they must be enabled on the access point.
Note Access point firmware version 11.10T or greater is required to enable these security features. Refer to
the Cisco Aironet Access Point Software Configuration Guide for instructions on enabling these security
features on the access point.
Message Integrity Check (MIC)
MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an
encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.
The Status screen indicates if MIC is being used, and the Statistics screen provides MIC statistics.
Note If you enable MIC on the access point, your client adapter’s driver must support these features;
otherwise, the client cannot associate.