problem in wep key configuration.

[Jouni Malinen]

On Wed, May 14, 2003 at 03:03:54PM +0530, Dilli Babu Kodamala wrote:

> II) Now I'm trying to use Station specific WEP keys (Different key for
> each end stations of the AP). The
> configuration I did as follows
> 
>     AP
>     1) For STA 1
>         "hostap_crypt_conf wlan0 00:11:22:33:44:55 WEP s:abcde"
>     2) For STA 2
>         "hostap_crypt_conf wlan0 00:66:77:88:99:00 WEP s:ghijkl"

These keys are used for unicast packets to those station. However, AP
will send broadcast and multicast frames only once for all the
associated stations. These will require a different WEP key that is
shared by all stations. You should thus configure an additional
broadcast key and preferably use different key index with it so that
stations do not need to support separate broadcast and unicast keys. You
can set this with following command:

hostap_crypt_conf -2t wlan0 ff:ff:ff:ff:ff:ff WEP s:qwert

>     STA 1
>     "iwconfig wlan0 key s:abcde"
> 
>     STA 2.
>     "iwconfig wlan0 key s:ghijkl"

In addition, you will need to configure the broadcast key with:

iwconfig wlan0 key [2] key s:qwert
iwconfig wlan0 key [1]

(the last one is to make sure that the unicast key will be used when
sending frames).

> With this setup the end stations are able to communicate with AP but
> they are not able to communicate with each other through the Access
> Point.

Since you did not configure broadcast keys properly, the stations were
able to send frames to the AP and receive unicast frames. However,
broadcast frames (e.g., ARP request from STA 1 for STA 2's hwaddr) were
dropped. AP was able to see these, since stations send all frames,
including broadcast, first to the AP which will re-send them back to
wireless medium if needed.

-- 
Jouni Malinen                                            PGP id EFC895FA