Enterasys WiFi Protected access Config Allow Legacy Clients

1.3.6.1.4.1.5624.1.2.32.1.1.1.22

This object provides a way to indicate that an access point in WPA mode should accept associations from both WPA clients and legacy (pre-WPA, pre-RSN) clients. When this object is true(1), the etsysWPAConfigMulticastCipher must be WEP-40 or WEP-104 (a.k.a. 128-bit WEP). Using WEP Group keys and letting legacy clients associate may weaken security. To minimize this, 1. Enable legacy associations only on radios that support Pairwise keys. 2. Enable frequent Group key rekeying. With TKIP and AES, there's much less threat of key cracking than with WEP, so the default is 'once in a blue moon'. With WEP, you need to think more in terms of Rapid Rekeying. Access points implementing this feature are under no obligation to support non-802.1X clients. For instance, an access point might use one-time dynamic WEP keys when WPA Group key rotation is disabled. Static WEP clients would not know these keys.