Encrypt traffic between bridges using WPA

Unanswered Question
Jun 19th, 2008

I've been looking through a lot of Cisco documentation, but I can't seem to find a clear-cut answer.

How do I encrypt traffic between two 1310 bridges using WPA2?

THanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
dennischolmes Thu, 06/19/2008 - 14:15

You don't. That's the answer. Cisco bridges do not support WPA2. WPA2 is only supported in access point roles. This is a big issue for some of my customers and I have to use other vendor solutions where WPA2 is required (Defense contractors and government use).

Bransomar Thu, 06/19/2008 - 14:24

Thanks for clarifying that dennis. We are currently using WEP, but need the strongest encryption solution that is available on the 1310 bridges to encrypt the traffic between the bridges.

Could anyone inform me what the best solution would be and how to implement it?

Configuration examples and or links to documentation would be appreciated.

Thanks :)

dennischolmes Thu, 06/19/2008 - 14:28

As much as I would love to help you I won't push someone else's product on the Cisco forum page. I would call Tessco or Gigawave and ask for assistance. They will tell you what bridges are out there that support WPA2 in bridge mode.

Georgios Nikitas Wed, 06/25/2008 - 05:29

Try using WPA with TKIP.

It doesn't have any known vulnerabilities like WEP. WPA2 with AES is preferable, but TKIP should have to do unless you have specific requirements from your customers.

Bransomar Wed, 06/25/2008 - 08:36

thanks nikitas - I have actually been working on that as a solution :)

dgroscost Wed, 07/09/2008 - 05:32

This topic is related to my issue. I just verified w/ Cisco that WPA2/AES is supported on Cisco 1310 bridges, however, it is NOT supported on 1400 A radio bridges.

dennischolmes Wed, 07/09/2008 - 07:44

I went back and checked as well and you are correct. There is also a new 1400 series bridge that will support WPA2 and AES. It will be available shortly.

srosenthal Thu, 07/10/2008 - 08:02

Here is a base config from one of my bridges using AES encryption plus tkip.

Remember that when using WPA-PSK to use a strong PSK, at least 10 characters, numeric and special character to prevent against a dictionary attack.

Hope this helps.

dot11 ssid Wireless

authentication open

authentication key-management wpa

infrastructure-ssid

wpa-psk ascii xxx

!

!

!

username admin privilege 15 password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm tkip

!

broadcast-key change 300

!

!

ssid Wireless

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2412

station-role root

cca 75

concatenation

infrastructure-client

bridge-group 1

bridge-group 1 spanning-disabled

Actions

This Discussion

 

 

Trending Topics - Security & Network