Encrypt traffic between bridges using WPA

Unanswered Question
Jun 19th, 2008
User Badges:

I've been looking through a lot of Cisco documentation, but I can't seem to find a clear-cut answer.

How do I encrypt traffic between two 1310 bridges using WPA2?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
dennischolmes Thu, 06/19/2008 - 14:15
User Badges:
  • Gold, 750 points or more

You don't. That's the answer. Cisco bridges do not support WPA2. WPA2 is only supported in access point roles. This is a big issue for some of my customers and I have to use other vendor solutions where WPA2 is required (Defense contractors and government use).

Bransomar Thu, 06/19/2008 - 14:24
User Badges:

Thanks for clarifying that dennis. We are currently using WEP, but need the strongest encryption solution that is available on the 1310 bridges to encrypt the traffic between the bridges.

Could anyone inform me what the best solution would be and how to implement it?

Configuration examples and or links to documentation would be appreciated.

Thanks :)

dennischolmes Thu, 06/19/2008 - 14:28
User Badges:
  • Gold, 750 points or more

As much as I would love to help you I won't push someone else's product on the Cisco forum page. I would call Tessco or Gigawave and ask for assistance. They will tell you what bridges are out there that support WPA2 in bridge mode.

Georgios Nikitas Wed, 06/25/2008 - 05:29
User Badges:

Try using WPA with TKIP.

It doesn't have any known vulnerabilities like WEP. WPA2 with AES is preferable, but TKIP should have to do unless you have specific requirements from your customers.

Bransomar Wed, 06/25/2008 - 08:36
User Badges:

thanks nikitas - I have actually been working on that as a solution :)

dgroscost Wed, 07/09/2008 - 05:32
User Badges:

This topic is related to my issue. I just verified w/ Cisco that WPA2/AES is supported on Cisco 1310 bridges, however, it is NOT supported on 1400 A radio bridges.

dennischolmes Wed, 07/09/2008 - 07:44
User Badges:
  • Gold, 750 points or more

I went back and checked as well and you are correct. There is also a new 1400 series bridge that will support WPA2 and AES. It will be available shortly.

srosenthal Thu, 07/10/2008 - 08:02
User Badges:

Here is a base config from one of my bridges using AES encryption plus tkip.

Remember that when using WPA-PSK to use a strong PSK, at least 10 characters, numeric and special character to prevent against a dictionary attack.

Hope this helps.

dot11 ssid Wireless

authentication open

authentication key-management wpa


wpa-psk ascii xxx




username admin privilege 15 password xxx


bridge irb



interface Dot11Radio0

no ip address

no ip route-cache


encryption mode ciphers aes-ccm tkip


broadcast-key change 300



ssid Wireless


speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2412

station-role root

cca 75



bridge-group 1

bridge-group 1 spanning-disabled


This Discussion



Trending Topics - Security & Network