Configuring WEP Authentication on Cisco Aironet
The wireless network you installed for your LAN can mean that you are directly exposing your network to the public.
Anyone can use a wireless sniffer and view all the traffics going between the wireless access point and the clients. That's why you need to add security in your wireless LAN.
This post will talk about WEP or Wired Equivalent Privacy, the name states that your wireless network will be as safe as your wired network but not in reality.
There are many WEP decryption tools available out there. Just capture some packets using wireless sniffer and use the the decryption tool to find out the WEP key.
So we know the WEP is not secure, nevertheless I want to show how to configure WEP authentication for Cisco Aironet wireless access point.
WEP uses 40 bits encryption key (10 hexadecimal characters) or 128 bits (26 hexadecimal characters).
Don't get a false sense of security with the length of the encryption, the longer the encryption key just mean the more packets you need to capture and more time to decrypt them.
There are two types authentication for security according the IEEE 802.11 committee, the shared-key and open authentication.
In a shared-key authentication, the access point will send a challenge packet to the client and the client must encrypt the packet with with the right key (WEP key) then return it to the access point.
This method is not secure since everything sent in clear text.
The other method is open authentication, just like the name the authentication is open or you can say no authentication required.
But when open authentication used with the WEP, the WEP key will be used to encrypt all data before sending them.
I have to admit, I get a little confused when first time configuring authentication in Cisco Aironet wireless access points since no one thought me so I had to browse all the configuration examples.
It's easier to use the web interface of the access point, but I want to configure it through CLI.
To configure WEP authentication you should do this by entering the dot11radio interface:
1240AG> enable
1240AG# configure terminal
1240AG (config)# interface dot11radio 0
Create the SSID and associate it with VLAN if you haven't done it:
1240AG (config-if)# ssid Guest
1240AG (config-if-ssid)# vlan 40
1240AG (config-if-ssid)# authentication open
1240AG (config-if-ssid)# exit
Configure the WEP authentication:
1240AG (config-if)# encryption vlan 40 mode wep mandatory
1240AG (config-if)# encryption vlan 40 key 1 size 128bit 12345678901234567890123456 transmit-key
The above first command tell the Cisco Aironet to do WEP encryption on vlan 40 (SSID Guest) and set it as mandatory.
If you replace mandatory with optional, the use of WEP encryption depends on the client configuration, they can choose to encrypt the packets or not.
The second command tells the access point to use the WEP encryption key of 128 bit with the above 26 characters key. You can use whatever key you choose as long as it is hexadecimal characters (0-9 and A-F).
Anyone can use a wireless sniffer and view all the traffics going between the wireless access point and the clients. That's why you need to add security in your wireless LAN.
This post will talk about WEP or Wired Equivalent Privacy, the name states that your wireless network will be as safe as your wired network but not in reality.
There are many WEP decryption tools available out there. Just capture some packets using wireless sniffer and use the the decryption tool to find out the WEP key.
So we know the WEP is not secure, nevertheless I want to show how to configure WEP authentication for Cisco Aironet wireless access point.
WEP uses 40 bits encryption key (10 hexadecimal characters) or 128 bits (26 hexadecimal characters).
Don't get a false sense of security with the length of the encryption, the longer the encryption key just mean the more packets you need to capture and more time to decrypt them.
There are two types authentication for security according the IEEE 802.11 committee, the shared-key and open authentication.
In a shared-key authentication, the access point will send a challenge packet to the client and the client must encrypt the packet with with the right key (WEP key) then return it to the access point.
This method is not secure since everything sent in clear text.
The other method is open authentication, just like the name the authentication is open or you can say no authentication required.
But when open authentication used with the WEP, the WEP key will be used to encrypt all data before sending them.
I have to admit, I get a little confused when first time configuring authentication in Cisco Aironet wireless access points since no one thought me so I had to browse all the configuration examples.
It's easier to use the web interface of the access point, but I want to configure it through CLI.
To configure WEP authentication you should do this by entering the dot11radio interface:
1240AG> enable
1240AG# configure terminal
1240AG (config)# interface dot11radio 0
Create the SSID and associate it with VLAN if you haven't done it:
1240AG (config-if)# ssid Guest
1240AG (config-if-ssid)# vlan 40
1240AG (config-if-ssid)# authentication open
1240AG (config-if-ssid)# exit
Configure the WEP authentication:
1240AG (config-if)# encryption vlan 40 mode wep mandatory
1240AG (config-if)# encryption vlan 40 key 1 size 128bit 12345678901234567890123456 transmit-key
The above first command tell the Cisco Aironet to do WEP encryption on vlan 40 (SSID Guest) and set it as mandatory.
If you replace mandatory with optional, the use of WEP encryption depends on the client configuration, they can choose to encrypt the packets or not.
The second command tells the access point to use the WEP encryption key of 128 bit with the above 26 characters key. You can use whatever key you choose as long as it is hexadecimal characters (0-9 and A-F).
Quality posts is the secret to invite the visitors to pay a quick visit the site, that's what this site is providing.
ReplyDeleteHere is my blog post ... http://www.daily-wet-tshirt.com/
You actually make it seem really easy along with your presentation however I in finding this matter to be actually something
ReplyDeletethat I feel I would never understand. It sort
of feels too complicated and extremely large for
me. I'm looking forward for your subsequent post, I will attempt to get the dangle of it!
Feel free to visit my blog :: free teen porn
I delight in, lead to I discovered just what I
ReplyDeleteused to be taking a look for. You have ended
my four day lengthy hunt! God Bless you man. Have a nice day.
Bye
Look into my homepage : my web cam live
It's awesome to pay a quick visit this web site and reading the views of all colleagues about this piece of writing, while I am also zealous of getting know-how.
ReplyDeleteLook at my homepage ; contractor Orlando
Link exchange is nothing else but it is just placing the other person's website link on your page at proper place and other person will also do similar in support of you.
ReplyDeleteAlso visit my homepage - android tablet pc
Hi! Someone in my Myspace group shared this website with us so
ReplyDeleteI came to look it over. I'm definitely loving the information. I'm bookmarking and
will be tweeting this to my followers! Fantastic blog and outstanding design.
my blog post; ironmaster adjustable dumbbells
Just wish to say your article is as amazing.
ReplyDeleteThe clearness in your submit is just cool and that i could think you are
a professional in this subject. Fine together
with your permission let me to clutch your RSS
feed to keep up to date with drawing close post. Thank you
1,000,000 and please keep up the rewarding work.
Feel free to visit my homepage Air Jordan
Itís hard to come by experienced people on this subject, but you sound
ReplyDeletelike you know what youíre talking about! Thanks
Also visit my blog post ... Angry Birds Online Spielen
I always spent my half an hour to read this weblog's posts every day along with a cup of coffee.
ReplyDeleteAlso visit my web blog - Air Max