WEP 128 Bit to WPA2 Migration Question

Unanswered Question

We are in the process of migrating our Aironet 1200 12.3(8)JA2 AP's away from 128 WEP to WPA2 Enterprise. I have added an additional SSID to migrate clients to as we can get to them. The SSID cipher has been set to AES+TKIP+WEP 128 and client authentication is set to network EAP (I have setup a IAS box for PEAP) When I try to set the key management to optional WPA it gives an error about the WEP 128 encryption key, and tells me it will have to be removed prior to using WPA key management. How will my legacy WEP clients connect to the network if I remove this key?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Tue, 10/16/2007 - 12:41
User Badges:
  • Silver, 250 points or more

In WPA it is possible to associate WEP clients. But WPA2 which is 802.11i equivalent it is not possible to associate WEP. This is avoid the loop hole created by WEP clients in the network. I suggest you to upgrade the firm ware of WEP client so that it supports TKIP and gets associated to WPA2 network

Thanks for the reply irisrios! Heres hoping I may ask you another question:)

Our current WEP 128 implementation contains a single key in slot 1. All of our standalone Windows XP clients are configured with the same key in slot 1. What options (if any) do I have to run WPA Migration Mode without having to change the WEP key configuration on all the clients. It is my understanding that the WEP key would have to be moved to slot 2 or 3 in order to implement WPA migration mode? The clinets are not domain members so GPO is out of the question.

Any ideas would be much appreciated

Scott Fella Tue, 10/16/2007 - 16:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If you plan on migrating from WEP to WPA or WPA2, you must verify that all devices are capable of doing which ever layer 2 encryption you plan to use. WPA w/TKIP or WPA2 w/AES is the norm. You should test each device before rolling this out, because older devices might not support WPA or WPA2 especially if your are going to do PEAP MSChapv2.


This Discussion



Trending Topics - Security & Network