WPA or WPA2 + mac auth trouble

Unanswered Question
Sep 22nd, 2009

Good day!

I have a trouble with configuration local mac auth and encrypt WPA.

When works only Mac auth and no encrypts all work. but when added command in ssid and dot 0 for encrypt client not connected((

I founded on cisco faq what after 12.3.8JA2 cisco not supported mac + wpa encrypt . But early version must support it. I use Version 12.3(7)JA5 and other. but not work. Who configured this example?

config:

dot11 ssid test

authentication open mac-address mac_methods

authentication key-management wpa

guest-mode

int dot11radio 0

encryption mode ciphers aes-ccm

username 000102030406 password 7 xxxx

username 000102030406 autocommand exit

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bcolvin Tue, 09/22/2009 - 18:02

The abilty to do do both WPA and MAC went away in 12.3(4) according to this

Using WPA Key Management

Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management.

WPA key management supports two mutually exclusive management types: WPA and WPA-Pre-shared key (WPA-PSK). Using WPA key management, clients and the authentication server authenticate to each other using an EAP authentication method, and the client and server generate a pairwise master key (PMK). Using WPA, the server generates the PMK dynamically and passes it to the access point. Using WPA-PSK, however, you configure a pre-shared key on both the client and the access point, and that pre-shared key is used as the PMK.

--------------------------------------------------------------------------------

Note In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.

in this document

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37auth.html#wp1048646

MAC authentication is not considered a secure proceedure as the mac address is eaisly spoofed.

Bill

konstantin.nikitin Tue, 09/22/2009 - 21:09

Thank you for answer.

I was search in cisco download server IOS early then 12.3(4) and founded only c1130-k9w7-tar.123-2.JA.tar but it not can't download ((( Where i can find this ios?

Release Date: 15/Nov/2004. its very old ios

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode