WPA & WPA2 PSK – Cisco 1142 AP

Answered Question
May 6th, 2011

Hi,


I’m configuring a Cisco 1142n AP in autonomous mode. The networking part is successfully working, multiple VLANs, SSIDs etc. I would like to configure one of my wireless networks to work with WAP2-PSK and the other with WPA-PSK.


I’m confused as to what encryption to set on each radio and the ciphers to use on the SSID for each vlan to enable the best possible security. I’m not using a RADIUS sever in my network .


Can someone point me in the right direction with the right CLI commands?


Thanks.

I have this problem too.
0 votes
Correct Answer by surbg about 2 years 11 months ago

Hi,


Here is the configuration we need to do for WPA and WPA 2

WPA Uses TKIP as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers TKIP

end

WPA Uses AES as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa version 2

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers aes

end

hers is the document that i have written that does the same as well!! in the below link the SSID TWO uses WPA and SSID THREE uses WPA-2

https://supportforums.cisco.com/docs/DOC-14496

Lemme know if this naswered ur question and please dont forget to rate the useful posts!!

Regards

Surendra

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (3 ratings)
Correct Answer
surbg Fri, 05/06/2011 - 20:01

Hi,


Here is the configuration we need to do for WPA and WPA 2

WPA Uses TKIP as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers TKIP

end

WPA Uses AES as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa version 2

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers aes

end

hers is the document that i have written that does the same as well!! in the below link the SSID TWO uses WPA and SSID THREE uses WPA-2

https://supportforums.cisco.com/docs/DOC-14496

Lemme know if this naswered ur question and please dont forget to rate the useful posts!!

Regards

Surendra

MrPrince1979 Sun, 05/08/2011 - 18:54

Thanks very much Surendra, this was exactly what I was looking for. Nice article too.

EvaldasOu Wed, 08/29/2012 - 09:18

Hi Surendra,

AP#(config-ssid)#authentication key-management wpa ?

  cckm      allow CCKM clients

  optional  allow legacy clients

 

So if I will choose CCKM it means I will be using WPA2? , and if I just press enter there ( ) it means I will be using WPA?

This is on AP model 1240a/g

Thanks!

George Stefanick Wed, 08/29/2012 - 09:25

Evaldas,

Not so.. WPA/TKIP is WPA, WPA2/AES is WPA2. CCKM is used for 802.1X, like EAP-PEAP for example. To be clear, you have 2 type of security

PSK - Preshare Key

802.1X - EAP

CCKM is used for EAP, not PSK. Make sense, if not let me know..

EvaldasOu Wed, 08/29/2012 - 09:31

Hi George,

Thank you very much for your very fast answer!

That's clear. So I think if I want to use WPA2 on this AP ( 1240) I just need to set my encryption as AES-CCM?

dot11 ssid cisco

   vlan 100

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 123456712305051033

interface Dot11Radio0

encryption vlan 100 mode ciphers aes-ccm

I can't find where we should apply command with a version of WPA ( if we want to use WPA 1 or WPA2)

George Stefanick Wed, 08/29/2012 - 10:08

When you select the "key-management" do a ? you will see version 1 or 2. If you dont you need to upgrade your firmware on that ap to support it,

As for AES-CCMP .

 

EvaldasOu Wed, 08/29/2012 - 10:23

AP(config-ssid)#authentication key-management ?

  cckm  allow CCKM clients

  wpa   allow WPA clients

AP(config-ssid)#authentication key-management wpa ?

  cckm      allow CCKM clients

  optional  allow legacy clients

 

So no version 1 or 2 there. That's all that I can see. For sure I will need software upgrade there?

IF I would choose:

AP(config-ssid)#

authentication key-management wpa ( and hit an enter key. Which version of WPA I will be using? If encryption is set like this? :

encryption vlan 100 mode ciphers aes-ccm

George Stefanick Wed, 08/29/2012 - 10:31

yea, looks like you need to upgrade ...

When you hit <?> you will see version 1 or 2 ...

George Stefanick Wed, 08/29/2012 - 10:32

yes, WPA w/ AES-CCMP would be picked.

Which isnt standard, WPA-TKIP and WPA2-AES is standard.

EvaldasOu Wed, 08/29/2012 - 10:38

Thanks George!

These AP's would need a big software upgrade No WPA2-AES also

George Stefanick Wed, 08/29/2012 - 10:51

No worries big guy .. If you find any of this helpful please support the rating system. I'm trying to catch back up to Steve.

Sent from Cisco Technical Support iPhone App

Actions

Login or Register to take actions

This Discussion

Posted May 6, 2011 at 7:23 PM
Stats:
Replies:12 Avg. Rating:5
Views:21510 Votes:0
Shares:0

Related Content

Discussions Leaderboard