Configuring WEP Security on cnPilot E-series device

Note: WEP can be configured only through CLI on E-series device. And WEP security will override the other securities like WPA2-PSK and WPA2-Enterprise if configured in WLAN profile.

Support for WEP has only been added to allow backwards-compatibility: connections from legacy devices that do not support any security mechanism such as WPA2. WEP is insecure, we recommend the use of WPA2 on your WLAN.

This feature is available from 3.2.2 r3 release build.

WEP Security Overview

WEP is an old encryption algorithm built into the 802.11 (Wi-Fi) standards. WEP uses the stream cipher RC4 for confidentiality, and the Cyclic Redundancy Check-32(CRC-32) checksum for integrity. WEP has been superceded by WPA2 (AES-CCMP).

Authentication Methods

Two methods of authentication can be used with WEP: Open System Authentication and Shared Key Authentication.

With Open System Authentication, the WLAN client does not need to provide credentials to the AP for authentication. Any client can authenticate with the AP, and then attempt to associate.

With Shared Key Authentication, the WEP key is used for authentication in a four-step, challenge-response handshake:

  1. The client sends an authentication request to the AP.
  2. The AP replies with a clear-text  challenge.
  3. The client encrypts the challenge-text with the configured WEP key, and responds with another authentication request.
  4. The AP decrypts the response. If the response matches the challenge-text, the AP sends a positive reply.

After the authentication and association, the pre-shared WEP key is also used in order to encrypt the data frames with RC4.

Configuration

1. Get access to the AP shell command prompt using SSH.

2. Open WEP Settings: Goto particular WLAN profile where you want to enable Open WEP security and Issue commands as shown below.

Connect Wireless client with open security.

Please find the wireshark trace of connected wireless client . This contains 2 Authentication frame with Authentication Algorithm as Open System and Authentication Sequence as 1 & 2.And followed by Association request and Association Response frames.

3. Shared WEP Settings:

a. Go to particular WLAN profile where you want to enable Shared WEP security and specify the key-index within range (0-3) and also specify the key for specified index.Issue commands as shown below.WEP_Key_0.jpg

Note: In AP Key-Index starts with “0”, but in clients key-index starts with “1”.

b. Want to change the key-index, then specify the new key-index from range (0-3) and also specify the key for  newly specified index.Issue commands as shown below.WEP_Key_1.JPG

4. Connect Wireless client with Shared WEP security as shown below

Wep_client_shared.jpg

Please find the Wireshark trace of wireless client with Shared WEP security. This contains 4 Authentication frame with Authentication Algorithm as Shared Key and Authentication Sequence as 1, 2, 3 & 4.And followed by Association request and Association Response frames.

11 Likes

Is there a way to have this when using cnMaestro OnPremise?

Or at least avoid cnMaestro to override it on next sync?

Yes. Please use User-Overide functionality available in AP Group.