01-29-2008 09:57 AM - edited 07-03-2021 03:17 PM
We are impementing 2 aironet 1400's as a link to a different building. The AP's
are connected to our switch....and users on our local LAN will utilize them to access data between buildings.
We have no authentication or security servers in our network currently.
No other users should be accessting the wireles direclty from a wireless card.
What can I confgiure to lock security between the two AP's so only they speak to each other?
I have WEP generated on one. I will have
to configure WEP on the other. But
will i need to configure more WEP keys so there is two way traffic? What other options do I have to make this secure
01-29-2008 04:20 PM
bmp
01-29-2008 06:20 PM
Hi,
After WEP .. WPA is a good security but cannot done on BR1400 ..
here is a link for your reference:-
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
Therefore, next we can go for Leap authentication making Root bridge as radius server..
Here is a link for your reference on BR1300 ...it is done in the same way on 1400
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml
Here is one more link about leap
Thanks,
Rate if these helps so that other can take benefit of this forum ..
01-31-2008 07:58 PM
hello-this document appears to show the 1400 is WPA compatible? Im a little confused.
02-01-2008 08:56 AM
Hi,
WPA-PSK is supported .... which define shared secret between the devices ..
WPA2 is no supported the link which i refered ..
You can configured WPA-PSK between the bridges..
02-01-2008 12:00 PM
great..now ive had a heck of a time trying to configure this.
As I said we have no servers-would this work in the same manner as a WPA at home.
I would simply configure a passphrase on
one bridge and the same on the other and they should authenticate?
02-01-2008 12:37 PM
Yes, WPA-PSK will be configured as you define in your note..
In future, if you plan to change the security then you can jump to Leap with local authentication server means making Root bridge as server for authentication.
Thanks :)
02-01-2008 10:16 PM
thanks mangesin,
but everytime i attempt to change one of the
bridges to root and the other non root. I lose
complete association and I dont understand why.
They are configured with the same ssid, basic wep but for some reason i still cant get association up.
02-02-2008 06:13 AM
Hi,
Try these steps:-
* Open the GUI of Root bridge
Go to Security/SSID Manager/create SSid/map it to the radio
* Under Client Authentication setting
Check the box Open authentication with no Addition ..
* Then click Apply
* Go to Ecryption Manager page
Under Ecryption Modes
Select Cipher ---TKIP
Under Encryption Keys
Select Encryption Key 2 ------Don't put any key ... Leave the box blank and key size be 128bit
Then click Apply
* Come back to SSID Manager page
Under Client Authenticated Key Management ..
Select Key Management:- Mandatory
Check the box:- WPA
Under WPA Pre-shared Key:- Type atleast 8 character key..
Click Apply:-
* Then we need to repeat the same settings on Other bridge except the station role will be non-root.
Now to troubleshoot...
* First make Bridge are able to talk to each when there is on security setup
* Set a simple Pre-shared Key ... example 1234567890 on both bridge .. Bridge will not associate if key mismatch..
Hope this will work for you.
02-03-2008 06:43 AM
great I will try that...as I said currently we have WEP set up...Im going to see if this works..If I create the new ssid as you stated...will the ssid that is using WEP still be active?
also, if these are set up as root and non root bridges...does this mean that clients, such as a laptop will not be able to direclty connect any of the two bridges? Ideally we do not
want users or somebody off the street to directly connect to any of the two bridges
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide