10-5
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 10 Configuring Cipher Suites and WEP
Configuring Cipher Suites and WEP
WEP Key Restrictions
Table 10-1 lists WEP key restrictions based on your security configuration.
Example WEP Key Setup
Table 10-2 shows an example WEP key setup that would work for the access point and an associated
device.
Because the access point’s WEP key 1 is selected as the transmit key, WEP key 1 on the other device
must have the same contents. WEP key 4 on the other device is set, but because it is not selected as the
transmit key, WEP key 4 on the access point does not need to be set at all.
Table 10-1 WEP Key Restrictions
Security Configuration WEP Key Restriction
CCKM or WPA authenticated key
management
Cannot configure a WEP key in key slot 1
LEAP or EAP authentication Cannot configure a WEP key in key slot 4
Cipher suite with 40-bit WEP Cannot configure a 128-bit key
Cipher suite with 128-bit WEP Cannot configure a 40-bit key
Cipher suite with TKIP Cannot configure any WEP keys
Cipher suite with TKIP and 40-bit WEP or
128-bit WEP
Cannot configure a WEP key in key slot 1 and 4
Static WEP with MIC Access point and client devices must use the same WEP
key as the transmit key, and the key must be in the same
key slot on both access point and clients.
Broadcast key rotation Keys in slots 2 and 3 are overwritten by rotating
broadcast keys
Note Client devices using static WEP cannot use the
access point when you enable broadcast key
rotation. Broadcast key rotation is supported
only when using key management (such as
dynamic WEP (802.1x), WPA with EAP, or
preshared key).
Table 10-2 WEP Key Setup Example
Key
Slot
Access Point Associated Device
Transmit? Key Contents Transmit? Key Contents
1 x 12345678901234567890abcdef
–
12345678901234567890abcdef
2
–
09876543210987654321fedcba x 09876543210987654321fedcba
3
–
not set
–
not set
4
–
not set
–
FEDCBA09876543211234567890