WPA and WEP on AP1200

Unanswered Question
May 22nd, 2008
User Badges:

I have a number of wireless clients which connect to Cisco 1200 AP's. They currently connect using WEP but we want to connect clients using both WEP and WPA at the same time (until we start phasing out WEP devices).


I have tried WPA migration mode but this is not suitable as you cannot enter the WEP key in key position 1 (which the WEP devices are on). Migration mode only allows you to use 2 and 3. I am not in the position to reconfigure the WEP clients to key 2 or 3 unfortunately as they are located in public transport vehicles.


We have also tried setting up two SSID's and configure one for WPA and one for WEP. The only way of doing this though is by setting up two VLANs, one for each method of encryption. This does get devices connecting using WPA or WEP but only one set of devices can see the 1200 access points (the devices which are in the native VLAN of the AP). We need the AP to see both.


In summary is the Cisco AP 1200 is capable of allowing connections from both WEP and WPA wireless clients at the same time? This would allow us to migrate clients from WEP to WPA at our leisure.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Jonathan,


You are going on the right track with:-


"We have also tried setting up two SSID's and configure one for WPA and one for WEP. The only way of doing this though is by setting up two VLANs, one for each method of encryption. This does get devices connecting using WPA or WEP but only one set of devices can see the 1200 access points (the devices which are in the native VLAN of the AP). We need the AP to see both" it sounds like you are only broadcasting the SSID of the WEP SSID. You need to enable MBSSID, something like:-


dot11 ssid TEST1

mbssid guest-mode


dot11 ssid TEST2

mbssid guest-mode


interface Dot11Radio0

mbssid

ssid TEST1

ssid TEST2


The the devices will see the two SSID's the WEP and WPA - then you can connect to either.


HTH.



jonathanmayhew Fri, 05/23/2008 - 07:13
User Badges:

Thank you for your suggestion. It looks like the VLAN method is the way to go. I will try your commands and see where I get with it. I will post my findings at the end of next week.

Actions

This Discussion