>
> Hello everyone. I have for some time been trying to get dynamic WEP keys on
> Cisco's 340 AP to work with a Windows 2000 RADIUS server without the use of
> Cisco's ACS. I've gotten conflicting information from people as to whether
> this will work or not, and I'd really like to have input from anyone who has
> experience with this. Is there an alternative to Cisco's ACS if I want to
> use dynamic WEP keys? Thank you!!

i don't know that this will necessarily help you directly, since you
need a windows solution, plus you have an AP instead of a two client
ad hoc system like i do, but i've been meaning to send this out anyway
since it's been working well for me.

i do dynamic wep (changing hourly) on my systems by picking keys
based on time of day, and keeping the clocks synchronized.

perhaps this principle can be translated to something that would suit
your requirements...

script attached... i did a couple of last minute edits so as not
to publish my exact algorithm :-), but i think it will work correctly...

paul
=---------------------
 paul fox, pgffoxharp.boston.ma.us (arlington, ma, where it's 63.9 degrees)

----------cut here-----------
#!/bin/sh

# this script implements a two-key rollover for WEP keys, useful for
# two cisco aironet devices in ad hoc mode, both on linux machines.
# uses the /proc interface for configuring the cards

# we use two key slots, one for even hours, and one for odd.
# generate a fresh key every hour, on the hour, and put it into the
# appropriate key "slot".

# start transmitting with the current hourly key every hour on
# the _half_ hour. this allows up to 30 minutes of clock skew
# between the machines, where each is accepting both the old and
# new keys, before starting to transmit using the new.

# of course at boot time or card config time, set the key for
# both the current hour _and_ the previous hour, in case this clock
# is ahead of the peer's clock.

# - install in /usr/local/bin, preferably mode 711
#
# - at boot time (/etc/rc.local), or card insertion time
# (/etc/pcmcia/wireless), run "airoconfig config"
#
# - in cron:
# # start accepting the new hourly key as soon as possible
# 0 * * * * /usr/local/bin/airoconfig accepthourly
# # be a little more careful about _sending_ it. wait half an hour.
# 30 * * * * /usr/local/bin/airoconfig sethourly
#
# - when confused: "airoconfig safe" on both hosts will set
# them both to a known constant key.

SSID_STRING="Your SSID Here"
SAFESTRING="Some String of your Choosing Here"
HOURLYSTRING="Another String of your Choosing -- Can be the Same"

EVENHOURKEY=0
ODDHOURKEY=1
SAFEKEY=2

if [ -d /proc/driver ]
then
    PROC=$(ls -d /proc/driver/aironet/eth?)
else
    PROC=$(ls -d /proc/aironet/eth?)
fi

function keyseed()
{
    date +%k
}

function genkey()
{

# generate some Secret Stuff here. change the variables for your
# installation.

    case $1 in
    safe)
        echo "$SAFEWORD"
        ;;
    hourly)
        echo "$HOURLYSTRING" $( keyseed )
        ;;
    prevhourly)
        echo "$HOURLYSTRING" $( echo $(( $(keyseed) - 1 )) )
        ;;
    esac
}

# turn arbitrary data on stdin into a WEP key suitable for jamming
# into /proc
function mkwepkey()
{
    md5sum - | sed -e 's/ .*//' -e 's/../&:/g' -e 's/:..:..:..:$//'
}

# set a key that we're willing to accept
function acceptkey()
{
    # echo "$1" "$2"
    echo "$1" "$2" > $PROC/WepKey
}

# set the key that we'll transmit with -- the other side must accept it
function setkey()
{
    # echo "$1"
    echo "$1" > $PROC/WepKey
}

function config()
{
    echo "NodeName: `hostname`" > $PROC/Config
    echo "Mode: ad hoc" > $PROC/Config
    echo "Radio: on" > $PROC/Config
    echo "PowerMode: CAM" > $PROC/Config
    echo "$SSID_STRING" > $PROC/SSID
    echo "WEP: open" > $PROC/Config

    safe
    accepthourly
    sethourly
}

function safe()
{
    acceptkey $SAFEKEY $(genkey safe | mkwepkey)
    setkey $SAFEKEY
}

function accepthourly()
{
    let whichkey=$(( $(date +%k) % 2 ))
    acceptkey $whichkey $(genkey hourly | mkwepkey)
    acceptkey $(( 1 - $whichkey )) $(genkey prevhourly | mkwepkey)
}

function sethourly()
{
    let whichkey=$(( $(date +%k) % 2 ))
    setkey $whichkey
}

case $1 in
config)
    config
    ;;

safe)
    safe
    ;;

accepthourly)
    accepthourly
    ;;

sethourly)
    sethourly
    ;;

test)
    keyseed
    ;;

*)
    echo "usage: $0 [config|safe|accepthourly|sethourly]" >&2
    ;;

esac
----------cut here-----------
_______________________________________________
Aironet mailing list - Aironetcsl.cse.ucsc.edu
http://csl.cse.ucsc.edu/mailman/listinfo/aironet

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]