WEP Key decrypt Error

0 Fri Mar 31 10:14:28 2006 WEP Key decrypt error. Station MAC Address is XXXX, AP MAC is OOOO and Slot ID is 1.
1 Fri Mar 31 10:14:28 2006 WEP Key decrypt error. Station MAC Address is XXXX, AP MAC is OOOO and Slot ID is 1.
2 Fri Mar 31 10:13:44 2006 Load Profile Updated to Pass for AP MACAddr: XXXX and slotNo: 1  

I'm getting these errors showing up in my trap log on my wireless aeronet cisco router. Its also stating it found a coverage hole. Any idea's on what is causing this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sam PanwarSr. Server AdministratorCommented:

I have posted here the encrption of the wep key so i think its help you in your wep error troubleshooting

It's really pretty simple. The AP has a list of up to 4 keys. Each client has a list of up to 4 keys. The trick is that, if all lists are identical in content AND order, then it doesn't matter which keys are selected for transmit at any endpoint. Each WEP-encrypted frame contains an index number with a value from 0-3 that designates which key was used to encrypt the payload. If the receiver has the same last as the sender (in the same order), then the index allows it to find the same key for decryption.

It's that simple. If the lists are different, or differently ordered, then decryption will only work if the sender happens to encrypt with a key that is in the same position on the receiver's list. Using identical lists, all endpoints are free to choose arbitrary different transmit keys.

How the system breaks if encryption isn't working depends on the  authentication method you choose, and to some extent on how the vendor implemented the AP firmware and the client driver. WEP has two forms of
authenticaton: open system, and shared key authentication (only used with WEP). With shared key authentication, the AP sends out a random text string as a challenge, and the client must encrypt it and return it to the AP. If
the AP understands the decrypted frame, then authentication completes. With open system, this step is skipped. Any client that knows the SSID can associate successfully under open system even if it does not use WEP,
because encryption is not used for association except during the challenge step.

So, with open system but broken WEP, your driver might tell you that your client connected to the network - but will not get a DHCP address. With shared key authentication, the driver will probably not indicate a
successful network connection if WEP is not working.

I recommend against using shared key authentication. It provides no additional security over open system (if WEP is enabled, the client still must have the key to do anything, whether it is associated or not). Using
shared key authentication provides any eavesdropper a freebee for key-cracking - one frame from the AP with a couple of hundred bytes of plaintext, followed by a frame from the client with the same text encrypted,
plus the IV and key index use for the encryption. This is a big help.

The only real authentication is provided by WPA using an authentication server (and the client also gets to authenticate the AP, making man-in-the-middle attacks much harder).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple Networking

From novice to tech pro — start learning today.