Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
3
Replies

AES Encryption No Longer Working

Go to solution
Dan Man
Level 1
Level 1

‎04-14-2014 07:14 AM - edited ‎07-05-2021 12:40 AM

Last week we had users complaining that they could no longer connect to wireless.  They were receiving a limited or no connectivity message.  Upon researching the issue, I found that if I removed the AES encryption, from WPA2, users were able to connect again with TKIP.  In speaking to a few admins, they stated that TKIP was the preferred method that was chosen years ago.  My first question is this.....In our WLAN's, we had the options for WPA/TKIP-AES, and WPA2/TKIP-AES.  I'm assuming this would allow the PC to use whichever encryption method was preferred.  However, this doesn't seem to be the case.  The PC chose AES, which caused the issue that they were having.  Would this be something PC based?   I'm assuming the controller only gives the ability.  It won't actually dictate which encryption method is used, unless one of the options is turned off (like we did with AES).  My second question is this....TKIP, being a weaker encryption method, isn't what I want our users using.  How could I migrate to AES?  Are there specific instructions to move from TKIP to AES?  Is it more than just putting a check mark on the AES options, under WLAN security?  Thanks for any help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-14-2014 08:38 AM

Its best to only use either WPA/TKIP or WPA2/AES, not both or a mix of either.  This does cause issues with devices so its hit or miss.  If you had configured everything for WPA2/TKIP, well... your stuck with a non standard IEEE setting, and you will have to just configure that on the WLC.  It's the same if you were using WPA/AES.  

The best way to move to a standard, is if your devices were domain machines and you can push out a GPO.  Non domain machines, you would need to manually enter those unless you had a tool that manages them.

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-14-2014 08:38 AM

Its best to only use either WPA/TKIP or WPA2/AES, not both or a mix of either.  This does cause issues with devices so its hit or miss.  If you had configured everything for WPA2/TKIP, well... your stuck with a non standard IEEE setting, and you will have to just configure that on the WLC.  It's the same if you were using WPA/AES.  

The best way to move to a standard, is if your devices were domain machines and you can push out a GPO.  Non domain machines, you would need to manually enter those unless you had a tool that manages them.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Dan Man
Level 1
Level 1
In response to Scott Fella

‎04-14-2014 10:44 AM

Scott, as always, THANK YOU!

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Dan Man

‎04-14-2014 01:42 PM

No problem... glad to help.

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card