05-20-2009 07:32 PM - edited 07-03-2021 05:37 PM
Using WEP static now and need something better. Not using a RADIUS server. Whats the best we can do? Can we go to WPA without a RADIUS server? Can someone post a config please?
Solved! Go to Solution.
05-25-2009 07:21 PM
In particular, WPA-PSK, or Personal mode, is what you are looking for. Here's how to configure it in the CLI (using whatever shared key you want to use in place of passphrase). If your client doesn't support AES, replace it with TKIP.
dot11 ssid Wireless
authentication open
authentication key-management wpa
wpa-psk ascii passphrase
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid Wireless
05-21-2009 03:55 AM
Yes... you should go with WPA2-AES if possible. This way you don't have to worry about any radius server setup.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
05-25-2009 07:21 PM
In particular, WPA-PSK, or Personal mode, is what you are looking for. Here's how to configure it in the CLI (using whatever shared key you want to use in place of passphrase). If your client doesn't support AES, replace it with TKIP.
dot11 ssid Wireless
authentication open
authentication key-management wpa
wpa-psk ascii passphrase
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid Wireless
05-29-2009 08:50 AM
Thank you, this is just wanted I needed to know!
05-29-2009 09:45 AM
It's great to get away from WEP. Keep in mind PSK is vulnerable to static attacks at the work station, if you are using windows zero config. And a wireless dictionary attack from Co-Patty.
So I wouldn't use windows zero config and make sure you use a crazy key so not to match anything in a dictionary. Also the obvious, anyone who has the key and should they leave may leave with the key.
just 2 cents
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: