Home > Cisco > Router > Cisco Router 860, 880 Series User Manual

Cisco Router 860, 880 Series User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Router 860, 880 Series User Manual. The Cisco manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 171

    Page 171 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved. Cipher Suites and WEP This document describes how to configure the cipher suites required to use Wireless Protected Access (WPA) and Cisco Centralized Key Management (CCKM), Wired Equivalent Privacy (WEP), WEP features including Advanced Encryption Standard (AES), Message Integrity Check (MIC), Temporal Key Integrity Protocol (TKIP), and broadcast key rotation.... 
    Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2008 Cisco Systems, Inc. All rights reserved.
Cipher Suites and WEP
This document describes how to configure the cipher suites required to use Wireless Protected Access 
(WPA) and Cisco Centralized Key Management (CCKM), Wired Equivalent Privacy (WEP), WEP 
features including Advanced Encryption Standard (AES), Message Integrity Check (MIC), Temporal 
Key Integrity Protocol (TKIP), and broadcast key rotation....

    Page 172

    Page 172 Cipher Suites and WEP Configuring Cipher Suites and WEP 2 Configuring Cipher Suites and WEP OL-15894-01 Cipher suites that contain TKIP provide the best security for your wireless LAN; cipher suites that contain only WEP are the least secure. These security features protect the data traffic on your wireless LAN: AES-CCMP—Based on the Advanced Encryption Standard (AES) defined in the National Institute of Standards and Technology’s FIPS Publication 197, AES-CCMP is a symmetric block cipher that can... 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
2
Configuring Cipher Suites and WEP
OL-15894-01
Cipher suites that contain TKIP provide the best security for your wireless LAN; cipher suites that 
contain only WEP are the least secure. 
These security features protect the data traffic on your wireless LAN:
 AES-CCMP—Based on the Advanced Encryption Standard (AES) defined in the National Institute 
of Standards and Technology’s FIPS Publication 197, AES-CCMP is a symmetric block cipher that 
can...

    Page 173

    Page 173 Cipher Suites and WEP Configuring Cipher Suites and WEP 3 Configuring Cipher Suites and WEP OL-15894-01 Creating WEP Keys NoteYou need to configure static WEP keys only if your wireless device needs to support client devices that use static WEP. If all the client devices that associate to the wireless device use key management (WPA, CCKM, or 802.1x authentication) you do not need to configure static WEP keys. To create a WEP key and set the key properties follow these steps beginning in privileged... 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
3
Configuring Cipher Suites and WEP
OL-15894-01
Creating WEP Keys
NoteYou need to configure static WEP keys only if your wireless device needs to support client devices that 
use static WEP. If all the client devices that associate to the wireless device use key management (WPA, 
CCKM, or 802.1x authentication) you do not need to configure static WEP keys.
To create a WEP key and set the key properties follow these steps beginning in privileged...

    Page 174

    Page 174 Cipher Suites and WEP Configuring Cipher Suites and WEP 4 Configuring Cipher Suites and WEP OL-15894-01 WEP Key Restrictions Ta b l e 11-1 lists WEP key restrictions for various security configurations. Example WEP Key Setup Ta b l e 11-2 shows an example WEP key setup that would work for the wireless device and an associated wireless client devices. Because wireless device WEP key 1 is selected as the transmit key, associated device WEP key 1 must have the same contents. Associated device WEP key 4... 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
4
Configuring Cipher Suites and WEP
OL-15894-01
WEP Key Restrictions 
Ta b l e 11-1 lists WEP key restrictions for various security configurations.
Example WEP Key Setup
Ta b l e 11-2 shows an example WEP key setup that would work for the wireless device and an associated 
wireless client devices.
Because wireless device WEP key 1 is selected as the transmit key, associated device WEP key 1 must 
have the same contents. Associated device WEP key 4...

    Page 175

    Page 175 Cipher Suites and WEP Configuring Cipher Suites and WEP 5 Configuring Cipher Suites and WEP OL-15894-01 NoteIf you enable MIC but you use static WEP (you do not enable any type of EAP authentication), both the wireless device and any devices with which it communicates must use the same WEP key for transmitting data. For example, if a MIC-enabled wireless device configured as an access point uses the key in slot 1 as the transmit key, a client device associated to the access point must use the same... 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
5
Configuring Cipher Suites and WEP
OL-15894-01
NoteIf you enable MIC but you use static WEP (you do not enable any type of EAP authentication), 
both the wireless device and any devices with which it communicates must use the same WEP 
key for transmitting data. For example, if a MIC-enabled wireless device configured as an access 
point uses the key in slot 1 as the transmit key, a client device associated to the access point must 
use the same...

    Page 176

    Page 176 Cipher Suites and WEP Configuring Cipher Suites and WEP 6 Configuring Cipher Suites and WEP OL-15894-01 This example configures a cipher suite for VLAN 22 that enables CKIP (unsupported), CMIC (unsupported), and 128-bit WEP: ap1200# configure terminal ap1200(config)# interface dot11radio 0ap1200(config-if)# encryption vlan 22 mode ciphers ckip-cmic wep128 ap1200(config-if)# exit Matching Cipher Suites with WPA and CCKM If you configure your wireless device to use WPA or CCKM authenticated key... 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
6
Configuring Cipher Suites and WEP
OL-15894-01
This example configures a cipher suite for VLAN 22 that enables CKIP (unsupported), CMIC 
(unsupported), and 128-bit WEP:
ap1200# configure terminal
ap1200(config)# interface dot11radio 0ap1200(config-if)# encryption vlan 22 mode ciphers ckip-cmic wep128
ap1200(config-if)# exit
Matching Cipher Suites with WPA and CCKM
If you configure your wireless device to use WPA or CCKM authenticated key...

    Page 177

    Page 177 Cipher Suites and WEP Configuring Cipher Suites and WEP 7 Configuring Cipher Suites and WEP OL-15894-01 Use the no form of the encryption command to disable broadcast key rotation. This example enables broadcast key rotation on VLAN 22 and sets the rotation interval to 300 seconds: ap1200# configure terminal ap1200(config)# interface dot11radio 0ap1200(config-if)# broadcast-key vlan 22 change 300 ap1200(config-if)# end Step 3broadcast-key change seconds [ vlan vlan-id ] [ membership-termination ]... 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
7
Configuring Cipher Suites and WEP
OL-15894-01
Use the no form of the encryption command to disable broadcast key rotation.
This example enables broadcast key rotation on VLAN 22 and sets the rotation interval to 300 seconds:
ap1200# configure terminal
ap1200(config)# interface dot11radio 0ap1200(config-if)# broadcast-key vlan 22 change 300
ap1200(config-if)# end
Step 3broadcast-key  
change seconds 
[ vlan vlan-id ]  
[ membership-termination ]...

    Page 178

    Page 178 Cipher Suites and WEP Configuring Cipher Suites and WEP 8 Configuring Cipher Suites and WEP OL-15894-01 
    Cipher Suites and WEP
  Configuring Cipher Suites and WEP
8
Configuring Cipher Suites and WEP
OL-15894-01

    Page 179

    Page 179 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved. Authentication Types for Wireless Devices This note describes how to configure authentication types on the access point in the following sections: Understanding Authentication Types, page 1 Configuring Authentication Types, page 8 Matching Access Point and Client Device Authentication Types, page 20 Understanding Authentication Types This section describes the... 
    Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2008 Cisco Systems, Inc. All rights reserved.
Authentication Types for Wireless Devices
This note describes how to configure authentication types on the access point in the following sections:
 Understanding Authentication Types, page 1
 Configuring Authentication Types, page 8
 Matching Access Point and Client Device Authentication Types, page 20
Understanding Authentication Types
This section describes the...

    Page 180

    Page 180 Authentication Types for Wireless Devices Understanding Authentication Types 2 Authentication Types for Wireless Devices OL-15914-01 The access point uses several authentication mechanisms or types and can use more than one at the same time. These sections explain each authentication type: Open Authentication to the Access Point, page 2 Shared Key Authentication to the Access Point, page 2 EAP Authentication to the Network, page 3 MAC Address Authentication to the Network, page 5 Combining... 
          Authentication Types for Wireless Devices
Understanding Authentication Types
2
Authentication Types for Wireless Devices
OL-15914-01
The access point uses several authentication mechanisms or types and can use more than one at the same 
time. These sections explain each authentication type:
 Open Authentication to the Access Point, page 2
 Shared Key Authentication to the Access Point, page 2
 EAP Authentication to the Network, page 3
 MAC Address Authentication to the Network, page 5
 Combining...
    Start reading Cisco Router 860, 880 Series User Manual

    Related Manuals for Cisco Router 860, 880 Series User Manual

    All Cisco manuals