09-22-2009 04:52 AM - edited 07-03-2021 06:04 PM
Good day!
I have a trouble with configuration local mac auth and encrypt WPA.
When works only Mac auth and no encrypts all work. but when added command in ssid and dot 0 for encrypt client not connected((
I founded on cisco faq what after 12.3.8JA2 cisco not supported mac + wpa encrypt . But early version must support it. I use Version 12.3(7)JA5 and other. but not work. Who configured this example?
config:
dot11 ssid test
authentication open mac-address mac_methods
authentication key-management wpa
guest-mode
int dot11radio 0
encryption mode ciphers aes-ccm
username 000102030406 password 7 xxxx
username 000102030406 autocommand exit
09-22-2009 06:02 PM
The abilty to do do both WPA and MAC went away in 12.3(4) according to this
Using WPA Key Management
Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management.
WPA key management supports two mutually exclusive management types: WPA and WPA-Pre-shared key (WPA-PSK). Using WPA key management, clients and the authentication server authenticate to each other using an EAP authentication method, and the client and server generate a pairwise master key (PMK). Using WPA, the server generates the PMK dynamically and passes it to the access point. Using WPA-PSK, however, you configure a pre-shared key on both the client and the access point, and that pre-shared key is used as the PMK.
--------------------------------------------------------------------------------
Note In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.
in this document
MAC authentication is not considered a secure proceedure as the mac address is eaisly spoofed.
Bill
09-22-2009 09:09 PM
Thank you for answer.
I was search in cisco download server IOS early then 12.3(4) and founded only c1130-k9w7-tar.123-2.JA.tar but it not can't download ((( Where i can find this ios?
Release Date: 15/Nov/2004. its very old ios
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: