Question about existing radio config

Answered Question
Oct 9th, 2008

All,

I have an AP that was configured like this:

dot11 ssid <ssid-wep>

authen open

Do0

ip address 1.1.1.1 255.255.255.0

encryption key 1 size 128bit <wep key> transmit-key

encryption mode wep mandatory

ssid <SSID>

bridge-group 1

fa0

ip address 1.1.1.1 255.255.255.0 (yes, they are the same on both interfaces)

bridge-group 1

bvi1

ip address 1.1.1.1 255.255.255.0 (yep, again)

Okay, so this configuration works, but I want to convert it to wpa with a broadcasted and secured side. I've created my ssid's, vlans, subinterfaces, and cannot connect.

Current config is this:

dot11 ssid <SSID 1>

vlan 150

authentication open

guest-mode

wpa-psk ...

dot11 ssid <ssid 2>

vlan 151

authen open

wpa-psk

do0

ip address 1.1.1.1 255.255.255.0

encryption key 1 size 128bit <wep key> transmit-key

encryption mode wep mandatory

ssid <ssid-wep>

ssid <ssid-1>

ssid <ssid-2>

bridge-group 1

do0.150

encapsulation dot1q 150

bridge 150

do0.151

encap dot1q 151

bridge 151

fa0

ip address 1.1.1.1 255.255.255.0

bridge 1

fa0.150

encap dot 150

bridge 150

fa0.151

encap dot 151

bridge 151

My question is this: Do I have to remove the current configuration for d0, and create a subinterface for vlan 1 to keep the wep configuration? I'm not able to connect at all. The guest ssid is broadcasted, but it almost immediately says disconnected, so I'm not sure where to look.

Thanks,

John

I have this problem too.
0 votes
Correct Answer by jeff.kish about 8 years 2 months ago

I notice a few things that you can do to fix this configuration:

1. Remove the IP address that's on fa0. This should not have an IP address on it.

2. You are missing a configuration line under your SSIDs. You need "authentication key-management wpa" in addition to "authentication open". Both are needed to make WPA-PSK work.

3. Under dot0, you should remove the WEP encryption commands and WEP SSID since they're no longer used. You'll then need to issue "encryption vlan XXX mode ciphers tkip aes-ccmp". You can pick tkip, aes, or both in that command, use whichever is appropriate.

This is all assuming that you no longer want WEP, which I assume is the case since both SSIDs have wpa-psk configured. Let me know if I'm misunderstanding.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jeff.kish Thu, 10/09/2008 - 08:27

I notice a few things that you can do to fix this configuration:

1. Remove the IP address that's on fa0. This should not have an IP address on it.

2. You are missing a configuration line under your SSIDs. You need "authentication key-management wpa" in addition to "authentication open". Both are needed to make WPA-PSK work.

3. Under dot0, you should remove the WEP encryption commands and WEP SSID since they're no longer used. You'll then need to issue "encryption vlan XXX mode ciphers tkip aes-ccmp". You can pick tkip, aes, or both in that command, use whichever is appropriate.

This is all assuming that you no longer want WEP, which I assume is the case since both SSIDs have wpa-psk configured. Let me know if I'm misunderstanding.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode