Additional wep key security features – Cisco 340 User Manual

5-29

Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows

OL-1394-08

Chapter 5 Configuring the Client Adapter

Setting Network Security Parameters

Reporting Access Points that Fail LEAP or EAP-FAST Authentication

The following client adapter and access point firmware versions support a feature that is designed to
detect access points that fail LEAP or EAP-FAST authentication:

•

Client adapter firmware version 5.02.20 or later (for LEAP)

•

Client adapter firmware version 5.40.10 or later (for EAP-FAST)

•

12.00T or later (340, 350, and 1200 series access points)

•

Cisco IOS Release 12.2(4)JA or later (1100 series access points)

An access point running one of these firmware versions records a message in the system log when a
client running one of these firmware versions discovers and reports another access point in the wireless
network that has failed LEAP or EAP-FAST authentication.

The process takes place as follows:

1.

A client with a LEAP or EAP-FAST profile attempts to associate to access point A.

2.

Access point A does not handle LEAP or EAP-FAST authentication successfully, perhaps because
the access point does not understand LEAP or EAP-FAST or cannot communicate to a trusted LEAP
or EAP-FAST authentication server.

3.

The client records the MAC address for access point A and the reason why the association failed.

4.

The client associates successfully to access point B.

5.

The client sends the MAC address of access point A and the reason code for the failure to access
point B.

6.

Access point B logs the failure in the system log.

Note

This feature does not need to be enabled on the client adapter or access point; it is supported
automatically in the firmware of both devices. However, both the client and access point must use these
firmware versions or later.

Additional WEP Key Security Features

The three security features discussed in this section (MIC, TKIP, and broadcast key rotation) are
designed to prevent sophisticated attacks on your wireless network’s WEP keys. These features do not
need to be enabled on the client adapter; they are supported automatically in the firmware and driver
versions included in the Install Wizard file. However, they must be enabled on the access point.

Note

Access point firmware version 11.10T or later is required to enable these security features. Refer to the
documentation for your access point for instructions on enabling these security features.