WSEC   Lab 3   Wireless encryption and testing            Student _________________________________





The purpose of this Lab is to configure data encryption on a WLAN. This is used to encrypt data sent across the AP – WLAN link (to/from WLAN clients). The client/AP link will then be tested to determine whether the encryption will prevent unauthorized WLAN access.


Required devices: 


1.   Minimally two PCs.

·        Infrastructure LAN PC #1 with ethernet NIC configured, and connected to the router/switch.

·        WLAN Laptop PC #2 (WINXP) with Cisco 350 Series WNIC and ACU installed.

More PCs are suggested so that all students can fully participate simultaneously. Laptops recommended.

  1. Router/switch that provides DHCP services and connectivity to LAN #2. Linksys BEFSR41.
  2. One access point (AP). Cisco 350 Series with dual diversity antennas (omni-directional) vertically polarized.


Instructor notes:


  1. This Lab should be conducted with the instructor demonstrating the procedure first and the students following along and taking notes. If there are enough laptops to go around, the students can perform the configurations themselves as the instructor demos.
  2. The Cisco Aironet Client Utility (ACU) must be installed on all WLAN PCs.
  3. The Linksys router/switch must be installed (connected to one or more PCs with ethernet NIC configured) and configured for DHCP. The PCs connected to the router/switch ports represent the infrastructure LAN (also DHCP enabled). Save at least one port for the AP connection.
  4. This Lab requires that you have mastered all previous Labs and can quickly perform configurations of the APs, PCs, and the router/switch unit.
  5. Read through the AP documentation provided by Cisco.
  6. Allow enough time so that all of the students can configure both the laptop and AP for encryption, and experiment with trying to access the WLAN without the proper encryption KEY. It could take over 2 hours for 20 students to perform these activities.




Part 1. Creation of a WEP KEY.


1.      The 40 bit KEY   0123456789   (Hex) will be used. 10 hex characters X 4bits/char = 40 bits.


2.      For practice create three valid 40 bit hex  KEYS here: _____________________ ______________________________                ______________________________

3.      Is   297af013bC    a valid KEY? Explain ____________________________________


4.      Is   9ADE175G14  a valid KEY? Explain ___________________________________



Part 2. Installation of Encryption KEY on the AP.


5.      Turn on all PCs, router/switch, and AP. Use configurations of Lab 5 (BSS infrastructure mode). Allow a minute for the system to stabilize. Check that WLAN laptop (PC #2) is associated to the AP and that it communicates with the LAN (PC #1) via the router/switch. Troubleshoot any problems.


6.      Direct the browser of PC #1 to the IP address of the router/switch ( to open the router’s setup page. Logon. Open the DHCP tab and the DHCP table to obtain the IP address of the AP.


7.      Write the IP address here: _____________________________


8.      Now direct the browser on PC #1 to the IP address of the AP and open the Management Pages:

·        Set the Configuration Server Protocol to “DHCP”

·        Set the Role in Radio Network to “ROOT Access Point”.

·        Set the AP RF power level to “100mW”.

·        Set the SSID to ENT-116A

·        Set the Allow Broadcast SSID to Associate to “NO”

·        Set Radio Channel to “11” with “NO” to Search for less-congested Radio Channel.

·        All other settings should be in the default state


9.      Now open “Setup” Management page, then “Security”, and finally “Radio Data Encryption ” page.


10. Select the following settings:

·        FULL ENCRYPTION       (clients must use WEP to communicate with the AP)

·        OPEN

·        KEY Size of    64 bits        (actually 40 bit encryption plus overhead)

·        Enter for KEY 1 the hex string      0123456789


11. Click “APPLY”, then “OK”. AP is now set for encryption.



PART 3. Configuring the WLAN Client for Encryption.


12. Open “Wireless Network Connection” on the WLAN laptop (PC#2). Open “Wireless Network Connection (2) Properties”, then open the “Wireless Networks” tab.


13. Click on “ENT-116A” as available network. Click on “Properties”.




14. Make the following settings:

·        This network requires a key for the following   Data Encryption 

·        Network KEY     0123456789

·        KEY Format      Hexadecimal digits

·        KEY Length      40 bits  (10 digits)


15. Click “OK” twice to exit. Close the Wireless Network windows. Encryption is now configured on the client.



PART 4.  Testing of  Encryption



16. Open the ACU on the WLAN laptop. You should see that the AP has associated to the laptop. If not, make sure that “Allow windows to configure my wireless network settings” has been selected in the ACU Profile Manager.  Open “Status” tab of ACU and confirm that there is good RF signal between the AP and the laptop. What is the S/N ratio? _______________. What is the data rate? _________________. Authentication type is listed as what? _________________________. Has encryption been enabled? ____________


17. Direct the browser of the WLAN laptop to the IP address of the router’s ethernet interface. Logon. Does the router setup page appear? ________. If not troubleshoot. This insures that data is flowing from laptop via AP to router/switch of the infrastructure LAN.


18. Now we will change the KEY on the WLAN laptop without changing the AP’s KEY. This simulates unauthorized attempted access. Repeat steps 12, and 13. Repeat step 14 but substitute the KEY  0012345678. Perform step 15 again.


19. Open the ACU on the WLAN laptop. Has the AP associated the laptop? ____ Explain. ______________________________________________________________________


20. Repeat step 17. Can you reach the router? ________. Explain ______________________________________________________________________________________________________________________________________________


21. Change the WLAN laptop’s KEY back to  0123456789  and confirm proper operation. Practice configuration on both AP and clients until you are fluent.


22. Does the encryption prevent unauthorized access in this situation? ____. Explain ______________________________________________________________________________________________________________________________________________


23. Is the WEP encryption utilized a “full-proof” security measure that will prevent access from knowledgeable hackers with plenty of access to the RF data transmissions? ______. Explain.  What is the best encryption available currently for WSEC? ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________