security wep

Function

The security wep command configures the WEP authentication mode.

The undo security command restores the default security policy.

By default, the security policy is open system.

Format

security open

security wep [ share-key | dynamic ]

undo security

Parameters

Parameter	Description	Value
security open	Sets the WEP authentication mode to open and no encryption for service packets.	-
security wep	Sets the WEP authentication mode to open and encrypts service packets using WEP.	-
security wep share-key	When the WEP authentication mode is set to shared-key authentication: If the parameter is present, WEP uses the configured shared key to authenticate wireless terminals and encrypt service packets. If the parameter is not present, WEP only uses the configured shared key to encrypt the service packets. A shared key is configured on the wireless terminals regardless of whether the parameter is present.	-
security wep dynamic	Sets the WEP authentication mode to dynamic WEP.	-

Views

Security profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can select security policies on a WLAN based on the security level. WEP is a security policy used earlier and has security risks. It can be used in open scenarios that do not require high security.

**Table 1** Comparing authentication modes
Configuration	Link Authentication Mode	Encryption Mode	Advantage	Disadvantage
security open	open	Not encrypted	Wireless devices can connect to a network without authentication.	STA identities are not checked, bringing security risks. Service data is not WEP-encrypted.
security wep	open	Static WEP encryption	Service data is WEP-encrypted.	STA identities are not checked, bringing security risks.
security wep share-key	Shared key authentication	Static WEP encryption	A shared key is used to enhance security. Service data is WEP-encrypted.	A long key string must be configured on each device and is difficult to expand. A static key is used, which is easy to decipher.
security wep dynamic	open	Dynamic WEP encryption	Dynamic WEP encryption for service data provides higher security.	802.1X authentication is also required. The configuration is complex.

Precautions

If the security wep [ share-key ] command is executed, you can run the wep key command to configure the pre-shared key. Otherwise, the default pre-shared key is used.
If the security open command is executed, you do not need to configure the pre-shared key. The configured pre-shared key will not take effect.
If the security wep dynamic command is executed to configure dynamic WEP, you also need to configure 802.1X authentication. Otherwise, dynamic WEP does not take effect.
Each AP can have at most four key indexes configured. The key indexes used by different VAPs cannot be the same.
The system displays the message only when the security profile has been bound to the other profiles.
If WEP shared key authentication mode is configured, the access of non-HT STAs fails to be denied.
Only AP7060DN, AirEngine 5760-10, and APs in compliance with 802.11ax support dynamic WEP.
Mobile phones do not support dynamic WEP.
RUs do not support dynamic WEP.
The WEP encryption algorithm is insecure. WPA2 is recommended in scenarios that have high security requirements.

Example

# Create security profile p1 and set the authentication mode to share-key.

<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] security-profile name p1
[HUAWEI-wlan-sec-prof-p1] security wep share-key