WPA on CIsco 1120

Answered Question
Oct 26th, 2008

Hi All, new to the wireless world, I have a config that a co-worker that swears works to enable WPA-PSK on the WAP heres what he laid out for me:


dot11 ssid SUSD-LAB

authentication open

authentication key-management wpa

guest-mode

infrastructure-ssid optional

wpa-psk ascii fakepassword


interface Dot11Radio0

encryption mode ciphers aes-ccm tkip

ssid SUSD-LAB


Unfortunately it seems that aes is not an option on the 1120. When I substitute the "aes-ccm" for "tkip wep128" I get the following statement from the WAP:


"WPA mandatory key mgmt requires TKIP only no WEP delete key mgmt under ssid before changing cipher"


Any suggestions I have configured this offsite so I have not have a chance to see if this will still work.


thanks,

Mike





Correct Answer by jeff.kish about 8 years 4 months ago

You should also eliminate the infrastructure command under the SSID. Not a big deal, but you don't need that unless you're planning to perform bridging connections with this AP.


You can perform both TKIP and WEP, but it's not recommended since this provides a backdoor into your wireless network. The only reason you should do that is if you have clients that only support WEP.


Other than that, just do what Gerald says.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gerald Vogt Mon, 10/27/2008 - 01:02

If the 1120 does not support WPA2/AES-CCM then only set up TKIP. Leave out the aes-ccm for WPA2 connections, i.e.


encryption mode ciphers tkip


aes-ccm is used in WPA2.

Correct Answer
jeff.kish Mon, 10/27/2008 - 05:50

You should also eliminate the infrastructure command under the SSID. Not a big deal, but you don't need that unless you're planning to perform bridging connections with this AP.


You can perform both TKIP and WEP, but it's not recommended since this provides a backdoor into your wireless network. The only reason you should do that is if you have clients that only support WEP.


Other than that, just do what Gerald says.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode