Optional Pre-Shared Key?

Unanswered Question
Jun 3rd, 2008

I have 7 Cisco 1231G Access Points in my warehouse. Currently they are void of any kind of security other than not broadcasting their SSID. Our current equipment on the warehouse floor does not work with any of the security protocols. However, we are slowly starting to replace these systems out with newer Windows CE devices. Is there a way to set up the access points with a Pre-Shared Key but make it optional. That way systems that do not support the PSK can still connect but newer system with the PSK can connect as well. This way I can configure the new systems as they come in with the PSK and not have to wait until they are all replaced and then have to go to each system and update them later.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Tue, 06/03/2008 - 13:30

What you should do is configure a new ssid with what ever security you want to use in the future, but keep the existing ssid for the old clients. All new devices will be configured with the new ssid and eventually once you migrate all the users off, you delete the old ssid.

prioritywire Wed, 06/04/2008 - 05:20

That is a great idea. Will the Aironet 1200 Series support multiple SSID on the AP? Is it possible to have 2 SSID's and have one use security and the other be unsecure?

Scott Fella Wed, 06/04/2008 - 05:58

Yes you can has multiple ssid's confiugred on the ap's... I think the 1200 can support up to eight or sixteen.... can't remember.

prioritywire Wed, 06/04/2008 - 06:07

OK, but is it possible to have 2 SSID's where one is secure using a pre-shared key and the other SSID is open? I went ahead and set up a second SSID on one of the AP's. In order to get the new SSID to use the pre-shared key, I have to set the encryption to TKIP. Once I do that both SSID's show up as secure. Am i missing something? I know enough about these Cisco AP's to be dangerous. LOL

Thanks for your help.


prioritywire Wed, 06/04/2008 - 17:39

I spoke with Cisco TAC earlier and they said that this is possible but you must assign a VLAN to each SSID. Once each SSID has it's own VLAN, then you can assign encryption to an individual VLAN rather than the entire radio. They sent me a link to this white paper:


Thanks for your help.

Scott Fella Wed, 06/04/2008 - 17:42

Let me know if it actually works well. I would think the client would have issues since you have two of the same ssid's.... Just curious to see if it works.



This Discussion



Trending Topics - Security & Network