Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WPA & WPA2 PSK – Cisco 1142 AP

Hi,


I’m configuring a Cisco 1142n AP in autonomous mode. The networking part is successfully working, multiple VLANs, SSIDs etc. I would like to configure one of my wireless networks to work with WAP2-PSK and the other with WPA-PSK.


I’m confused as to what encryption to set on each radio and the ciphers to use on the SSID for each vlan to enable the best possible security. I’m not using a RADIUS sever in my network .


Can someone point me in the right direction with the right CLI commands?


Thanks.

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: WPA & WPA2 PSK – Cisco 1142 AP

Hi,


Here is the configuration we need to do for WPA and WPA 2

WPA Uses TKIP as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers TKIP

end

WPA Uses AES as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa version 2

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers aes

end

hers is the document that i have written that does the same as well!! in the below link the SSID TWO uses WPA and SSID THREE uses WPA-2

https://supportforums.cisco.com/docs/DOC-14496

Lemme know if this naswered ur question and please dont forget to rate the useful posts!!

Regards

Surendra

12 REPLIES
Cisco Employee

Re: WPA & WPA2 PSK – Cisco 1142 AP

Hi,


Here is the configuration we need to do for WPA and WPA 2

WPA Uses TKIP as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers TKIP

end

WPA Uses AES as the Encryption

===========================

en

conf t

dot11 ssid

auth open

auth key-man wpa version 2

wpa-psk ascii

vlan #

end

en

int dot11 0/1

encryption vlan # mode ciphers aes

end

hers is the document that i have written that does the same as well!! in the below link the SSID TWO uses WPA and SSID THREE uses WPA-2

https://supportforums.cisco.com/docs/DOC-14496

Lemme know if this naswered ur question and please dont forget to rate the useful posts!!

Regards

Surendra

New Member

Re: WPA & WPA2 PSK – Cisco 1142 AP

Thanks very much Surendra, this was exactly what I was looking for. Nice article too.

New Member

WPA & WPA2 PSK – Cisco 1142 AP

Thanks for this.

New Member

WPA & WPA2 PSK – Cisco 1142 AP

Hi Surendra,

AP#(config-ssid)#authentication key-management wpa ?

  cckm      allow CCKM clients

  optional  allow legacy clients

 

So if I will choose CCKM it means I will be using WPA2? , and if I just press enter there ( ) it means I will be using WPA?

This is on AP model 1240a/g

Thanks!

WPA & WPA2 PSK – Cisco 1142 AP

Evaldas,

Not so.. WPA/TKIP is WPA, WPA2/AES is WPA2. CCKM is used for 802.1X, like EAP-PEAP for example. To be clear, you have 2 type of security

PSK - Preshare Key

802.1X - EAP

CCKM is used for EAP, not PSK. Make sense, if not let me know..

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

WPA & WPA2 PSK – Cisco 1142 AP

Hi George,

Thank you very much for your very fast answer!

That's clear. So I think if I want to use WPA2 on this AP ( 1240) I just need to set my encryption as AES-CCM?

dot11 ssid cisco

   vlan 100

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 123456712305051033

interface Dot11Radio0

encryption vlan 100 mode ciphers aes-ccm

I can't find where we should apply command with a version of WPA ( if we want to use WPA 1 or WPA2)

WPA & WPA2 PSK – Cisco 1142 AP

When you select the "key-management" do a ? you will see version 1 or 2. If you dont you need to upgrade your firmware on that ap to support it,

As for AES-CCMP .

 

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

WPA & WPA2 PSK – Cisco 1142 AP

AP(config-ssid)#authentication key-management ?

  cckm  allow CCKM clients

  wpa   allow WPA clients

AP(config-ssid)#authentication key-management wpa ?

  cckm      allow CCKM clients

  optional  allow legacy clients

 

So no version 1 or 2 there. That's all that I can see. For sure I will need software upgrade there?

IF I would choose:

AP(config-ssid)#

authentication key-management wpa ( and hit an enter key. Which version of WPA I will be using? If encryption is set like this? :

encryption vlan 100 mode ciphers aes-ccm

WPA & WPA2 PSK – Cisco 1142 AP

yea, looks like you need to upgrade ...

When you hit you will see version 1 or 2 ...

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

WPA & WPA2 PSK – Cisco 1142 AP

yes, WPA w/ AES-CCMP would be picked.

Which isnt standard, WPA-TKIP and WPA2-AES is standard.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

WPA & WPA2 PSK – Cisco 1142 AP

Thanks George!

These AP's would need a big software upgrade No WPA2-AES also

Re: WPA & WPA2 PSK – Cisco 1142 AP

No worries big guy .. If you find any of this helpful please support the rating system. I'm trying to catch back up to Steve.

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
30577
Views
10
Helpful
12
Replies