Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Aironet Model:  AIR-BR1310G-A-K9-R

IOS: Cisco IOS Software, C1310 Software (C1310-K9W7-M), Version 12.4(10b)JA, RELEASE SOFTWARE (fc2)



Hello:

     I have inherited a WLAN with three AIR-BR1310G-A-K9-R routersconfigured as APs and two other APs

from a different mfg in the same WI-FI HotSpot.  The three Cisco APs have been set to WEP encryption

while the two non-Cisco were set to WPA2-Personal.  There appears to be no particular reason for the WEP-

vs-WPA2 encryption differences other than it is the default for both, apparently.

My question here is, what encryption types does the Aironet 1300 Series support, is it only WEP?   I

would like to have more options than just WEP for the BR1310s, is that possible?   When I log into the

Cisco router's HTML page and look at encryption it only show WEP as an option.  I have been told that there is a later

version of the IOS, Autonomous AP IOS Software-12.4.25d-JA2, does it offer WPA or above encryption?

Thanks in advance for your time and consideration.

Doug

3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

with Cisco IOS Software Release 12.2(15)JA for 1300 it supports WPA version 1 with TKIP.

Link attached:-

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00802134a9.html

VIP Purple

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

With 12.4.25d-JA2 IOS you can configure WPA2/AES on 1310 as well. I had a 1310 AP model & I configured & verified.

Here is the basic config involved.(I have simply configured DHCP on AP it self & you can change it in your case)

1310-1#sh ver

Cisco IOS Software, C1310 Software (C1310-K9W7-M), Version 12.4(25d)JA, RELEASE SOFTWARE (fc1)

ip dhcp excluded-address 192.168.178.1 192.168.178.50

ip dhcp pool TEST

   network 192.168.178.0 255.255.255.0

   default-router 192.168.178.1

!

dot11 ssid TEST

   authentication open

   authentication key-management wpa version 2

   guest-mode

   wpa-psk ascii Cisco123

!

interface Dot11Radio0

encryption mode ciphers aes-ccm

ssid TEST

!

interface BVI1

ip address 192.168.178.1 255.255.255.0

%DOT11-6-ASSOC: Interface Dot11Radio0, Station   04f7.e4ea.5b66 Associated KEY_MGMT[WPAv2 PSK]


Here is the config guide for this IOS release

http://www.cisco.com/en/US/customer/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/cg_12_4_25d_JA.html

HTH

Rasika

**** Pls rate all useful responses ****

VIP Purple

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Hi Doug,

You can configure WPA2/AES with PSK (Pre-Shared Key) without a RADIUS server. If you want to configure WPA2/AES with 802.1X then only you require a RADIUS server.

Regarding monitoring, you can try SNMP  monitoring with Solarwinds (you should be able to do a test with their free trial version) & see whether you can extract that information.

In cisco AP CLI, you can try "show dot11 association" & "show dot11 association " to get more details about client connection.

HTH

Rasika

**** Pls rate all useful responses ****

11 REPLIES
Hall of Fame Super Silver

Re: AIR-BR1310G-A-K9-R WiFI Encryption Configuration

I don't think they will support WPA2, but with v12.4, you will be able to use WPAv1/TKIP.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***
New Member

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Hi Scott

     Thank you for responding and for doing it so quickly.  That does not appear to be an option under my current IOS, Cisco IOS C1310 Software (C1310-K9W7-M), Version 12.4(10b)JA, RELEASE SOFTWARE (fc2), unless I am missing something.  Is it an option under AP IOS Software-12.4.25d-JA2?   Is there detailed documentation available for AP IOS Software-12.4.25d-JA2 or some other version?   I have no idea how much it will cost to upgrade the IOS but I want to be sure before I spend the money. :-)

Regards,

Doug

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

I agree with Scott, you should be able to WPAv1/TKIP with the code you are running. 

you should be able to go to the CLI

dot11 ssid < what it is>

authenticaiton open

authentication key wpa

wpa-psk ascii 0 < your key >

infrastructure-ssid optional

then under the radion

dot11Radio0

encryption mode ciphers tkip

if you are calling a vlan in the SSID config then you would need to do vlan < blah > encryption mode ciphers tkip

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Hi Scott

      One additional consideration, the two non-Cisco APs in at this site give the User the option of selecting WEP, WPA,  & WPA2/Personal.  What I am hoping to do is to get away from WEP and get as many users as I can up to WPA2 or above.

Doug

VIP Purple

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

With 12.4.25d-JA2 IOS you can configure WPA2/AES on 1310 as well. I had a 1310 AP model & I configured & verified.

Here is the basic config involved.(I have simply configured DHCP on AP it self & you can change it in your case)

1310-1#sh ver

Cisco IOS Software, C1310 Software (C1310-K9W7-M), Version 12.4(25d)JA, RELEASE SOFTWARE (fc1)

ip dhcp excluded-address 192.168.178.1 192.168.178.50

ip dhcp pool TEST

   network 192.168.178.0 255.255.255.0

   default-router 192.168.178.1

!

dot11 ssid TEST

   authentication open

   authentication key-management wpa version 2

   guest-mode

   wpa-psk ascii Cisco123

!

interface Dot11Radio0

encryption mode ciphers aes-ccm

ssid TEST

!

interface BVI1

ip address 192.168.178.1 255.255.255.0

%DOT11-6-ASSOC: Interface Dot11Radio0, Station   04f7.e4ea.5b66 Associated KEY_MGMT[WPAv2 PSK]


Here is the config guide for this IOS release

http://www.cisco.com/en/US/customer/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/cg_12_4_25d_JA.html

HTH

Rasika

**** Pls rate all useful responses ****

New Member

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Hi Rasika

    Thank you so much for the help!   I ran into a problem when i tried to access the IOS link in your response, "

http://www.cisco.com/en/US/customer/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/cg_12_4_25d_JA.html", it take me to the following URL with this error message: http://www.cisco.com/msgs/403.html  

Forbidden File or Application

    At that point I can go no farther, so I have been unable to see the document.

VIP Purple

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

,Hi Doug


Try this link, it should work for you

http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/cg_12_4_25d_JA.html

HTH

Rasika

**** Pls rate all useful responses ****

New Member

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Hi Rasika

    When you set the security to WPA2/AES  were you using a Radius server?  I am not using Radius. In my configuration I am using 5 APs (three of which are Cisco AIR-BR1310G-A-K9-R APs and the other two are non-Cisco APs, Authentication is handled locally by each AP.  When I look at the IOS instruction and at the 1310's html admin pages it looks like WPA only works with Radius, but I did not get impression from your response above. I am hoping that this can be done without Radius.

   BTW -  I would like to find an app to use the WLAN or at least with the Cisco APs that would show me data such user Mac, connection type (802.11(a) or (b) or (g),  etc...for each AP.  I am not sure what information logging actually collects and it;s not real time, which would be nice to have.  I also don't know what the overhead and impact of logging is on this Aironet Model, do you?

Thanks!


Doug

VIP Purple

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Hi Doug,

You can configure WPA2/AES with PSK (Pre-Shared Key) without a RADIUS server. If you want to configure WPA2/AES with 802.1X then only you require a RADIUS server.

Regarding monitoring, you can try SNMP  monitoring with Solarwinds (you should be able to do a test with their free trial version) & see whether you can extract that information.

In cisco AP CLI, you can try "show dot11 association" & "show dot11 association " to get more details about client connection.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

Thanks!

Cisco Employee

AIR-BR1310G-A-K9-R WiFI Encryption Configuration

with Cisco IOS Software Release 12.2(15)JA for 1300 it supports WPA version 1 with TKIP.

Link attached:-

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00802134a9.html

1292
Views
5
Helpful
11
Replies