User's Manual Part 1
Table Of Contents
- contents
- Preface
- Product Overview
- Preparing for Installation
- Installing the Client Adapter
- Using the Profile Manager
- Configuring the Client Adapter
- Overview
- Setting System Parameters
- Setting RF Network Parameters
- Setting Advanced Infrastructure Parameters
- Setting Advanced Ad Hoc Parameters
- Setting Network Security Parameters
- Using EAP Authentication
- Performing Diagnostics
BETA DRAFT - CISCO CONFIDENTIAL
5-25
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-03
Chapter 5 Configuring the Client Adapter
Setting Network Security Parameters
Temporal Key Integrity Protocol (TKIP)
This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.
Note If you enable TKIP on the access point, your client adapter’s firmware must support these features;
otherwise, the client cannot associate.
Broadcast Key Rotation
EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or
multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless
client devices using LEAP or EAP-TLS authentication can associate to the access point. Client devices
using static WEP (with open, shared key, or EAP-MD5 authentication) cannot associate.
Synchronizing Security Features
In order to use any of the security features discussed in this section, both your client adapter and the
access point to which it will associate must be set appropriately. Table 5-6 indicates the client and access
point settings required for each security feature. This chapter provides specific instructions for enabling
the security features on your client adapter. Refer to the Cisco Aironet Access Point Software
Configuration Guide for instructions on enabling the features on the access point.
Table 5-6 Client and Access Point Security Settings
Security Feature Client Setting Access Point Setting
Static WEP with open
authentication
Create a WEP key and enable Use
Static WEP Keys and Open
Authentication
Set up and enable WEP and enable
Open Authentication
Static WEP with shared key
authentication
Create a WEP key and enable Use
Static WEP Keys and Shared Key
Authentication
Set up and enable WEP and enable
Shared Key Authentication
LEAP authentication Enable LEAP Set up and enable WEP and enable
Network-EAP
EAP-TLS authentication
If using ACU to
configure card
Enable Host Based EAP in ACU
and enable Smart Card or Other
Certificate in Windows XP
Set up and enable WEP and enable
Network-EAP
If using Windows XP
to configure card
Enable Smart Card or other
Certificate
Set up and enable WEP and enable
Require EAP and Open
Authentication