Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
9
Replies

What is the best security config. for point-to-point APS

nygenxny123
Level 1
Level 1

‎01-29-2008 09:57 AM - edited ‎07-03-2021 03:17 PM

We are impementing 2 aironet 1400's as a link to a different building. The AP's

are connected to our switch....and users on our local LAN will utilize them to access data between buildings.

We have no authentication or security servers in our network currently.

No other users should be accessting the wireles direclty from a wireless card.

What can I confgiure to lock security between the two AP's so only they speak to each other?

I have WEP generated on one. I will have

to configure WEP on the other. But

will i need to configure more WEP keys so there is two way traffic? What other options do I have to make this secure

Labels:
0 Helpful
9 Replies 9

nygenxny123
Level 1
Level 1

‎01-29-2008 04:20 PM

bmp

0 Helpful

manjesin
Level 1
Level 1

‎01-29-2008 06:20 PM

Hi,

After WEP .. WPA is a good security but cannot done on BR1400 ..

here is a link for your reference:-

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml

Therefore, next we can go for Leap authentication making Root bridge as radius server..

Here is a link for your reference on BR1300 ...it is done in the same way on 1400

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml

Here is one more link about leap

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801764f1_ps5279_Products_Q_and_A_Item.html

Thanks,

Rate if these helps so that other can take benefit of this forum ..

0 Helpful

nygenxny123
Level 1
Level 1
In response to manjesin

‎01-31-2008 07:58 PM

hello-this document appears to show the 1400 is WPA compatible? Im a little confused.

http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15auth.html#wp1044935

0 Helpful

manjesin
Level 1
Level 1
In response to nygenxny123

‎02-01-2008 08:56 AM

Hi,

WPA-PSK is supported .... which define shared secret between the devices ..

WPA2 is no supported the link which i refered ..

You can configured WPA-PSK between the bridges..

0 Helpful

nygenxny123
Level 1
Level 1
In response to manjesin

‎02-01-2008 12:00 PM

great..now ive had a heck of a time trying to configure this.

As I said we have no servers-would this work in the same manner as a WPA at home.

I would simply configure a passphrase on

one bridge and the same on the other and they should authenticate?

0 Helpful

manjesin
Level 1
Level 1
In response to nygenxny123

‎02-01-2008 12:37 PM

Yes, WPA-PSK will be configured as you define in your note..

In future, if you plan to change the security then you can jump to Leap with local authentication server means making Root bridge as server for authentication.

Thanks :)

0 Helpful

nygenxny123
Level 1
Level 1
In response to manjesin

‎02-01-2008 10:16 PM

thanks mangesin,

but everytime i attempt to change one of the

bridges to root and the other non root. I lose

complete association and I dont understand why.

They are configured with the same ssid, basic wep but for some reason i still cant get association up.

0 Helpful

manjesin
Level 1
Level 1
In response to nygenxny123

‎02-02-2008 06:13 AM

Hi,

Try these steps:-

* Open the GUI of Root bridge

Go to Security/SSID Manager/create SSid/map it to the radio

* Under Client Authentication setting

Check the box Open authentication with no Addition ..

* Then click Apply

* Go to Ecryption Manager page

Under Ecryption Modes

Select Cipher ---TKIP

Under Encryption Keys

Select Encryption Key 2 ------Don't put any key ... Leave the box blank and key size be 128bit

Then click Apply

* Come back to SSID Manager page

Under Client Authenticated Key Management ..

Select Key Management:- Mandatory

Check the box:- WPA

Under WPA Pre-shared Key:- Type atleast 8 character key..

Click Apply:-

* Then we need to repeat the same settings on Other bridge except the station role will be non-root.

Now to troubleshoot...

* First make Bridge are able to talk to each when there is on security setup

* Set a simple Pre-shared Key ... example 1234567890 on both bridge .. Bridge will not associate if key mismatch..

Hope this will work for you.

0 Helpful

nygenxny123
Level 1
Level 1
In response to manjesin

‎02-03-2008 06:43 AM

great I will try that...as I said currently we have WEP set up...Im going to see if this works..If I create the new ssid as you stated...will the ssid that is using WEP still be active?

also, if these are set up as root and non root bridges...does this mean that clients, such as a laptop will not be able to direclty connect any of the two bridges? Ideally we do not

want users or somebody off the street to directly connect to any of the two bridges

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card