WEP & WPA on single SSID

Unanswered Question
Jun 3rd, 2008
User Badges:

How can I configure a SSID that able to support WEP & WPA on the WLAN controller? The reason I ask because we are currently have LEAP/WEP and we want to move forward to PEAP/WPA. I have to use the same SSID with 2 type of encryption to support the transition.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Tue, 06/03/2008 - 13:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You can't.... In this type of situation, you need to migrate new devices to PEAP/WPA using a new SSID. When you finally move or migrate all devices out of the old ssid, you delete it.

Yes. WEP and WPA is allowed on the same SSID as long as you are at 4.0.206 or later. You can do this by creating two WLANs on the same controller.

The controllers will allow each WLAN to have the same SSID *only* as long as they effect a different encryption security policy.

Documented here: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/cont402060rn.html#wp171887

Here is an example (using the text commands since I can't post inline screen caps) I run where I do dynamic WEP along with WPA both using radius. When using radius, you can select any of supported EAP types for both the WEP and WPA WLANs.

wlan create 1 MYSSID MYSSID-wep

! create WLAN 1 ssid "MYSSID"

wlan create 2 MYSSID MYSSID-WPA

! create WLAN 2 ssid "MYSSID"

wlan interface 1 vlan86

wlan interface 2 vlan86

Map them to the same interface. You can map them different ones.

wlan session-timeout 1 1800

wlan session-timeout 2 28800

Set up radius re-auth session timeout. Make WEP with 802.1x shorter. if using static WEP (very very insecure), don't do this.

wlan security 802.1X enable 1

We enable 802.1x on our WEP SSID

wlan radius_server auth add 1 1

wlan radius_server auth add 1 2

wlan radius_server auth add 2 1

wlan radius_server auth add 2 2

wlan radius_server auth add 2 3

Assign the 2 wlans to their respective radius servers - primary and backup

wlan security wpa disable 1

disable wpa on the wep only wlan

wlan security wpa wpa1 enable 2

wlan security wpa wpa1 ciphers tkip enable 2

add wpa1-tkip to wlan 2


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode