Wireless configuration issue with CCA

Unanswered Question
Aug 3rd, 2009
User Badges:
  • Silver, 250 points or more

CCA allows you to configure the following with the built-in access point on the UC520:

  • No security
  • WEP
  • WPA with TKIP enabled
  • WPA2 with AES enabled


However, configuring WPA2 with AES only creates problems with some wireless devices. Configuring WPA2 with both the AES and TKIP ciphers does solve the problem for some of the devices. You cannot currently configure WPA2 with both ciphers enabled in CCA on the UC520. However, the AP on the UC520 unit can be configured for WPA with both the TKIP and AES ciphers enabled.


Here is a configuration for WPA2 with both the AES and TKIP ciphers enabled:

dot11 ssid uc520demo-data

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 0 uc520Demo1

!

interface Dot11Radio0/5/0

no ip address

!

! This part of the config is not yet supported by CCA, but will enable both the AES and TKIP ciphers

!

encryption vlan 1 mode ciphers aes-ccm tkip

!

ssid uc520demo-data

!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
!

interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding



Will this problem be fixed in CCA? CCA allows WPA with one or the other cipher enabled to be configured, but does not like configurations with both the AES and TKIP ciphers enabled.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Saurabh Verma Mon, 08/03/2009 - 13:26
User Badges:
  • Silver, 250 points or more

Hi John,


CCA currently does not support TKIP. We will consider adding it on our roadmap. Do a lot of customers require TKIP for wireless security?


Thanks,

Saurabh

John Platts Mon, 08/03/2009 - 13:39
User Badges:
  • Silver, 250 points or more

The problem is that some older WPA devices behave incorrectly without the TKIP cipher enabled. This is even true for some of the devices that allow you to configure WPA2 with AES.


The SPA525G, 7921, and 7925 phones will behave correctly with only the AES cipher enabled.

Saurabh Verma Tue, 08/04/2009 - 07:39
User Badges:
  • Silver, 250 points or more

Thanks for responding John. We will look at the feasibility of including this on our CCA roadmap.


-Saurabh

Actions

This Discussion

Related Content