Encryption on 1131AG

Answered Question
May 20th, 2009
User Badges:

Using WEP static now and need something better. Not using a RADIUS server. Whats the best we can do? Can we go to WPA without a RADIUS server? Can someone post a config please?

Correct Answer by JASON BOYERS about 7 years 11 months ago

In particular, WPA-PSK, or Personal mode, is what you are looking for. Here's how to configure it in the CLI (using whatever shared key you want to use in place of passphrase). If your client doesn't support AES, replace it with TKIP.


dot11 ssid Wireless

authentication open

authentication key-management wpa

wpa-psk ascii passphrase


interface Dot11Radio0

encryption mode ciphers aes-ccm

ssid Wireless

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Scott Fella Thu, 05/21/2009 - 03:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Yes... you should go with WPA2-AES if possible. This way you don't have to worry about any radius server setup.


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml


Correct Answer
JASON BOYERS Mon, 05/25/2009 - 19:21
User Badges:

In particular, WPA-PSK, or Personal mode, is what you are looking for. Here's how to configure it in the CLI (using whatever shared key you want to use in place of passphrase). If your client doesn't support AES, replace it with TKIP.


dot11 ssid Wireless

authentication open

authentication key-management wpa

wpa-psk ascii passphrase


interface Dot11Radio0

encryption mode ciphers aes-ccm

ssid Wireless

George Stefanick Fri, 05/29/2009 - 09:45
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

It's great to get away from WEP. Keep in mind PSK is vulnerable to static attacks at the work station, if you are using windows zero config. And a wireless dictionary attack from Co-Patty.


So I wouldn't use windows zero config and make sure you use a crazy key so not to match anything in a dictionary. Also the obvious, anyone who has the key and should they leave may leave with the key.


just 2 cents


Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode