06-19-2008 01:13 PM - edited 07-03-2021 04:03 PM
I've been looking through a lot of Cisco documentation, but I can't seem to find a clear-cut answer.
How do I encrypt traffic between two 1310 bridges using WPA2?
THanks
06-19-2008 02:15 PM
You don't. That's the answer. Cisco bridges do not support WPA2. WPA2 is only supported in access point roles. This is a big issue for some of my customers and I have to use other vendor solutions where WPA2 is required (Defense contractors and government use).
06-19-2008 02:24 PM
Thanks for clarifying that dennis. We are currently using WEP, but need the strongest encryption solution that is available on the 1310 bridges to encrypt the traffic between the bridges.
Could anyone inform me what the best solution would be and how to implement it?
Configuration examples and or links to documentation would be appreciated.
Thanks :)
06-19-2008 02:28 PM
As much as I would love to help you I won't push someone else's product on the Cisco forum page. I would call Tessco or Gigawave and ask for assistance. They will tell you what bridges are out there that support WPA2 in bridge mode.
06-25-2008 05:29 AM
Try using WPA with TKIP.
It doesn't have any known vulnerabilities like WEP. WPA2 with AES is preferable, but TKIP should have to do unless you have specific requirements from your customers.
06-25-2008 08:36 AM
thanks nikitas - I have actually been working on that as a solution :)
07-09-2008 05:32 AM
This topic is related to my issue. I just verified w/ Cisco that WPA2/AES is supported on Cisco 1310 bridges, however, it is NOT supported on 1400 A radio bridges.
07-09-2008 07:44 AM
I went back and checked as well and you are correct. There is also a new 1400 series bridge that will support WPA2 and AES. It will be available shortly.
07-10-2008 08:02 AM
Here is a base config from one of my bridges using AES encryption plus tkip.
Remember that when using WPA-PSK to use a strong PSK, at least 10 characters, numeric and special character to prevent against a dictionary attack.
Hope this helps.
dot11 ssid Wireless
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii xxx
!
!
!
username admin privilege 15 password xxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
broadcast-key change 300
!
!
ssid Wireless
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
cca 75
concatenation
infrastructure-client
bridge-group 1
bridge-group 1 spanning-disabled
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: