Implementing 802.1x on Wireless Networks with Cisco and Microsoft

Configuration Notes on using Dynamic WEP with Windows XP and Cisco APs

     The only way to ensure strong mutual authentication between Windows XP and the access point is to enable dynamic WEP - without it, your machines are vulnerable to a man in the middle attack. 802.1x port access authentication isn't enough by itself.

    One important note when implementing Dynamic WEP with XP and Cisco Access Points is that XP will not associate to the access point when dynamic wep is enabled unless the AP is set to Full Encryption.  I had this problem for a while because XP will just ignore the access point without even attempting to associate nor issue any kind of error message.  Setting the AP to Optional Encryption or No Encryption will cause the AP to send out 802.11 beacons with its privacy bit set to 0 (or, no wep), thus XP won't associate.


This how-to is still under development, comments, questions, problems and feedback welcomed at mvanopst@cs.umd.edu
 
Last updated January 30th, 2002 by Mike van Opstal