Configuring WEP Authentication on Cisco Aironet

The wireless network you installed for your LAN can mean that you are directly exposing your network to the public.

Anyone can use a wireless sniffer and view all the traffics going between the wireless access point and the clients. That's why you need to add security in your wireless LAN.

This post will talk about WEP or Wired Equivalent Privacy, the name states that your wireless network will be as safe as your wired network but not in reality.
There are many WEP decryption tools available out there. Just capture some packets using wireless sniffer and use the the decryption tool to find out the WEP key.

So we know the WEP is not secure, nevertheless I want to show how to configure WEP authentication for Cisco Aironet wireless access point.

WEP uses 40 bits encryption key (10 hexadecimal characters) or 128 bits (26 hexadecimal characters).
Don't get a false sense of security with the length of the encryption, the longer the encryption key just mean the more packets you need to capture and more time to decrypt them.

There are two types authentication for security according the IEEE 802.11 committee, the shared-key and open authentication.

In a shared-key authentication, the access point will send a challenge packet to the client and the client must encrypt the packet with with the right key (WEP key) then return it to the access point.
This method is not secure since everything sent in clear text.

The other method is open authentication, just like the name the authentication is open or you can say no authentication required.
But when open authentication used with the WEP, the WEP key will be used to encrypt all data before sending them.

I have to admit, I get a little confused when first time configuring authentication in Cisco Aironet wireless access points since no one thought me so I had to browse all the configuration examples.

It's easier to use the web interface of the access point, but I want to configure it through CLI.
To configure WEP authentication you should do this by entering the dot11radio interface:

1240AG> enable
1240AG# configure terminal
1240AG (config)# interface dot11radio 0

Create the SSID and associate it with VLAN if you haven't done it:

1240AG (config-if)# ssid Guest
1240AG (config-if-ssid)# vlan 40
1240AG (config-if-ssid)# authentication open
1240AG (config-if-ssid)# exit

Configure the WEP authentication:

1240AG (config-if)# encryption vlan 40 mode wep mandatory
1240AG (config-if)# encryption vlan 40 key 1 size 128bit 12345678901234567890123456 transmit-key

The above first command tell the Cisco Aironet to do WEP encryption on vlan 40 (SSID Guest) and set it as mandatory.
If you replace mandatory with optional, the use of WEP encryption depends on the client configuration, they can choose to encrypt the packets or not.

The second command tells the access point to use the WEP encryption key of 128 bit with the above 26 characters key. You can use whatever key you choose as long as it is hexadecimal characters (0-9 and A-F).

Comments

  1. AnonymousDecember 5, 2012 at 8:06 AM

    Quality posts is the secret to invite the visitors to pay a quick visit the site, that's what this site is providing.
    Here is my blog post ... http://www.daily-wet-tshirt.com/

    ReplyDelete
  2. AnonymousDecember 10, 2012 at 10:03 AM

    You actually make it seem really easy along with your presentation however I in finding this matter to be actually something
    that I feel I would never understand. It sort
    of feels too complicated and extremely large for
    me. I'm looking forward for your subsequent post, I will attempt to get the dangle of it!
    Feel free to visit my blog :: free teen porn

    ReplyDelete
  3. AnonymousDecember 12, 2012 at 12:14 PM

    I delight in, lead to I discovered just what I
    used to be taking a look for. You have ended
    my four day lengthy hunt! God Bless you man. Have a nice day.

    Bye
    Look into my homepage : my web cam live

    ReplyDelete
  4. AnonymousDecember 24, 2012 at 2:20 AM

    It's awesome to pay a quick visit this web site and reading the views of all colleagues about this piece of writing, while I am also zealous of getting know-how.
    Look at my homepage ; contractor Orlando

    ReplyDelete
  5. AnonymousDecember 27, 2012 at 12:52 AM

    Link exchange is nothing else but it is just placing the other person's website link on your page at proper place and other person will also do similar in support of you.
    Also visit my homepage - android tablet pc

    ReplyDelete
  6. AnonymousMarch 6, 2013 at 5:35 PM

    Hi! Someone in my Myspace group shared this website with us so
    I came to look it over. I'm definitely loving the information. I'm bookmarking and
    will be tweeting this to my followers! Fantastic blog and outstanding design.


    my blog post; ironmaster adjustable dumbbells

    ReplyDelete
  7. AnonymousApril 15, 2013 at 4:52 PM

    Just wish to say your article is as amazing.
    The clearness in your submit is just cool and that i could think you are
    a professional in this subject. Fine together
    with your permission let me to clutch your RSS
    feed to keep up to date with drawing close post. Thank you
    1,000,000 and please keep up the rewarding work.



    Feel free to visit my homepage Air Jordan

    ReplyDelete
  8. AnonymousMay 13, 2013 at 10:00 AM

    Itís hard to come by experienced people on this subject, but you sound
    like you know what youíre talking about! Thanks

    Also visit my blog post ... Angry Birds Online Spielen

    ReplyDelete
  9. AnonymousMay 27, 2013 at 4:47 PM

    I always spent my half an hour to read this weblog's posts every day along with a cup of coffee.

    Also visit my web blog - Air Max

    ReplyDelete

Post a Comment

Popular posts from this blog

Cable Labeling

Image
It is very important to give labels to your cables . Labels make your network troubleshooting less painful. In case of problem, you don't want to trace every cable end to end. Each end of cable should be labeled, the label should give information about where the cable is connected to. It is really up to you or your company policy how the description format of the labels should be written. The most important thing is to keep the writings not too long, and easy to be interpreted. For example, I have a fiber optic cable at the IDF going to the MDF , I like to name it like this: for the IDF cable: MDF_Core1_23 -> it tells that the cable is going to the MDF Core Switch 1 at port 23. for the MDF cable: IDF_2Fl_1_1 -> it tells that the cable is going to the IDF at second floor, switch 1 and port1. Well I suggest try designing your own labeling scheme and don't forget to write it down and give the description to fellow network installers and the project owner. You
Read more

Handy Cisco Command - Interface Range

Image
There are many handy Cisco commands that you can use to help you in configuring Cisco devices , these commands well not exactly secret commands but you might not get it from the CCNA curriculum. One of these handy commands I already posted it at my previous post . But I want to cover it again in case you missed the post. This one is the interface range command. What this command does is to select a range of interfaces and apply the same commands to them. This is very handy especially in a Cisco switch environment where you might want to set some ports to be access ports or apply the same security to those ports instead of doing it one by one for each interface. For example, I want to select the interfaces fastethernet 0/2 to 0/8, with the interface range command I'd just do it like this: 2950> enable 2950# configure terminal 2950 (config)# interface range fa0/2 - 8 2950 (config-if-range)# There, you notice that instead of displaying 2950 (config-if)# where you c
Read more