Cisco 350 ACU - 128-bit WEP & SSID broadcast disabled at the AP

Discussion in 'Cisco' started by Peter, Apr 22, 2005.

  1. Peter

    Peter Guest

    Can anyone confirm this?

    I have several laptops using the Cisco 350 PCMCIA or mini-PCI adapter.

    The ACU is the latest version 6.4 from the Cisco website.

    I have profiles pre-configured, with the SSID, the encryption key,
    etc. So if the AP is available, the ACU supplicant should just find
    it.

    With "64-bit" WEP, the ACU finds the access point even if its SSID is
    disabled.

    With "128-bit" WEP, it doesn't find it.

    If I use the Windows XP (SP2) supplicant instead of the Cisco ACU,
    that finds the AP OK but it doesn't appear to support the 128-bit
    mode; I cannot find the config for the key length anywhere.

    I know that 128-bit WEP is barely more secure than 64-bit WEP but it's
    an interesting problem.

    This is the same setup on which I never got WPA/PSK working, with XP
    or even with the Funk Odyssey client.

    The AP is a Draytek 2900.


    Peter.
    --
    Return address is invalid to help stop junk mail.
    E-mail replies to but remove the X and the Y.
    Please do NOT copy usenet posts to email - it is NOT necessary.
    Peter, Apr 22, 2005
    #1
    1. Advertising

  2. Peter

    Uli Link Guest

    Re: Cisco 350 ACU - 128-bit WEP & SSID broadcast disabled at theAP


    >
    > With "64-bit" WEP, the ACU finds the access point even if its SSID is
    > disabled.
    >
    > With "128-bit" WEP, it doesn't find it.



    Are you absolutely sure, both sides support WEP 104?
    AFAIR Cisco sold even the early 350 cards (without encryption "350" and
    with 40bit only as "351"). Only the 352 cards do 104 bit WEP.

    > If I use the Windows XP (SP2) supplicant instead of the Cisco ACU,
    > that finds the AP OK but it doesn't appear to support the 128-bit
    > mode; I cannot find the config for the key length anywhere.


    If you setup a 104bit key on a 40bit only card usually the entered key
    is simply truncated. With the result, the it doesn't match.


    > The AP is a Draytek 2900.


    How dow you enter the WEP Keys? The only reliable way is entering the
    WEP key in hex digits. Some http interfaces interpret some characters
    like "?" or "!" or ":" so the used key is different from what you think
    you have entered.

    --
    Uli

    These opinions are mine. All found typos are yours.
    Uli Link, Apr 22, 2005
    #2
    1. Advertising

  3. Peter

    Peter Guest

    Uli Link <> wrote:

    >
    >>
    >> With "64-bit" WEP, the ACU finds the access point even if its SSID is
    >> disabled.
    >>
    >> With "128-bit" WEP, it doesn't find it.

    >
    >
    >Are you absolutely sure, both sides support WEP 104?
    >AFAIR Cisco sold even the early 350 cards (without encryption "350" and
    >with 40bit only as "351"). Only the 352 cards do 104 bit WEP.


    Yes, the PCMCIA card is an AIR-LMC352. The mini-PCI version looks like
    an AIR-MPI-350-U58H004.

    Presumably, if the adapter didn't support the longer WEP mode, the ACU
    would not offer it?

    When the ACU is set to 128-bit WEP (104 if you like :)) the wifi
    connection is picked up the moment I enable SSID broadcast on the
    Draytek router.

    Afterwards, it continues to work fine. But if the client is powered
    down/up it won't reconnect unless the AP is visible.

    >> If I use the Windows XP (SP2) supplicant instead of the Cisco ACU,
    >> that finds the AP OK but it doesn't appear to support the 128-bit
    >> mode; I cannot find the config for the key length anywhere.

    >
    >If you setup a 104bit key on a 40bit only card usually the entered key
    >is simply truncated. With the result, the it doesn't match.


    The router does however have explicit support for 64 or 128 bits, so
    if I set the router to 128 bit WEP it shouldn't work with a 64/WEP
    card, and it reliably doesn't.

    >> The AP is a Draytek 2900.

    >
    >How dow you enter the WEP Keys? The only reliable way is entering the
    >WEP key in hex digits. Some http interfaces interpret some characters
    >like "?" or "!" or ":" so the used key is different from what you think
    >you have entered.


    For testing, I am using short alpha words.


    Peter.
    --
    Return address is invalid to help stop junk mail.
    E-mail replies to but remove the X and the Y.
    Peter, Apr 22, 2005
    #3
  4. Peter

    Uli Link Guest

    Re: Cisco 350 ACU - 128-bit WEP & SSID broadcast disabled at theAP


    > When the ACU is set to 128-bit WEP (104 if you like :)) the wifi
    > connection is picked up the moment I enable SSID broadcast on the
    > Draytek router.
    >
    > Afterwards, it continues to work fine. But if the client is powered
    > down/up it won't reconnect unless the AP is visible.


    The Aironet cards work reliable with *disabled SSID broadcast* against
    Intermec 2101, Avaya AP-3,4,5,6, ORiNOCO AP-500,AP-1000, AP-2000, Proxim
    AP-3 through 8 and even Symbol 4131, and all Aironet APs back 'till 1998.
    There is no single installation I had man hands on, that's broadcasting
    the SSID.

    What's the authentication mode with WEP? Choose "open". The often
    recommended "shared key" compromises the WEP key and is therefore more
    insecure. The WiFi compatible mode is "open".

    An AP that doesn't work with a Aironet 350 card isn't WIFI compatible.
    It is one of the reference cards. Period.

    Stop wasting more time and simply buy working APs.


    --
    Uli

    These opinions are mine. All found typos are yours.
    Uli Link, Apr 22, 2005
    #4
  5. Peter

    Peter Guest

    Uli Link <> wrote:

    >What's the authentication mode with WEP? Choose "open". The often
    >recommended "shared key" compromises the WEP key and is therefore more
    >insecure. The WiFi compatible mode is "open".


    It's Open.

    >An AP that doesn't work with a Aironet 350 card isn't WIFI compatible.
    >It is one of the reference cards. Period.
    >
    >Stop wasting more time and simply buy working APs.


    Very true - the Cisco APs that regularly appear on Ebay do fetch good
    prices :)


    Peter.
    --
    Return address is invalid to help stop junk mail.
    E-mail replies to but remove the X and the Y.
    Peter, Apr 22, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex
    Replies:
    1
    Views:
    998
    Jerry Peterson[MSFT]
    Nov 3, 2004
  2. Ray
    Replies:
    8
    Views:
    9,286
  3. Peter
    Replies:
    1
    Views:
    373
    Uli Link
    Mar 11, 2005
  4. superlazy
    Replies:
    0
    Views:
    839
    superlazy
    Nov 5, 2006
  5. RC
    Replies:
    2
    Views:
    1,386
Loading...

Share This Page