Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1240 ag converting from WEP to WPA

Cisco 1240AG converting to WEP to WPA

Access Point Model: Cisco 1240AG

System Software Filename: c1240-k9w7-tar.123-7.JA5

System Software Version: 12.3(7)JA5

Bootloader Version: 12.3(7)JA1

Access Point Model: Cisco 1131AG

Software: Cisco Aironet Desktop Utility 2.1.02

After converting encryption from WEP to WPA in a Cisco 1240AG in personal mode with an SSID name of example1 and Cisco 1131AG access point in personal mode with an ssid of example2; both with the same wpa passphrase, I created a new profile on the Cisco Aironet Desktop Utility with a new profile name as well as a WPA passphrase, but the desktop utility will only connect to the access point if one network name, example1 or example2, is entered. If two network names are included in the utility:

ssid1: example1

ssid2: example2

It will not connect to either of the access points. Do you have any suggestions as to what I am doing wrong?

18 REPLIES

Cisco 1240 ag converting from WEP to WPA

Sounds like a supplicant issue. Have you trired other devices? Is that the only thing you changed?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

Each access point is a local radius server with the same passphrase secret, so in theory the adapter should have connected to one of the access points, correct?

Cisco 1240 ag converting from WEP to WPA

Im confused, you said you were using personal mode which is PSK. Are you using radius 802.1X?

But stil, if you have 2 WLANs with different names with the same security it should work. But you have me wondering about your comment with "radius" ..

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

After re-checking the Cisco 1240AG and 1131AG configuration files, I had both configured in enterprise mode with each access point as a local radius server. I will now reconfigure both in personal mode.

Cisco 1240 ag converting from WEP to WPA

Oh, yea that would be a small problem. Let me know if you have issue with the PSK config.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Cisco 1240 ag converting from WEP to WPA

I am having difficulty getting the Cisco client adapter to connect to the access point in personal mode.  Any suggestions?

Cisco 1240 ag converting from WEP to WPA

Try this link ..

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml

Its for WPA but if you use and you have the latest code you can also do WAP2/AES

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

Thank you for helping me with this issue.  I may have solved the problem with your guidance, but I will perform a few more tests before this discussion is closed.

Cisco 1240 ag converting from WEP to WPA

Excellent .. Stop back if you have any problems. Also, if you find any of this helpful please support the rating system!

Thanks

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

I was able to re configure the 1240AG and 1131AG access point in personal mode with WPA, but the client configuration utility refuses to work if I add another name in SSID 2. Any other suggestions? 

Cisco 1240 ag converting from WEP to WPA

Can you post the config that you are using on your APs?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

Cisco 1240 AG configuration

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ITCenter
!
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
 cache expiry 1
 cache authorization profile admin_cache
 cache authentication profile admin_cache
!
aaa group server tacacs+ tac_admin
 cache expiry 1
 cache authorization profile admin_cache
 cache authentication profile admin_cache
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
aaa cache profile admin_cache
 all
!
aaa session-id common
!
dot11 ssid example1
   authentication open 
   authentication key-management wpa
   wpa-psk ascii 7 15435F5B5D787F7C7167342444054F0005500D0152525E5A4C175A
!
power inline negotiation prestandard source
!
!
username **** privilege 15 password 7 0247105858081B725E
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 ssid example1
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 !
 encryption mode ciphers tkip 
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.168.22 255.255.255.0
 no ip route-cache
!
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
 transport preferred all
 transport output all
line vty 0 4
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 transport preferred all
 transport input all
 transport output all
!
end
New Member

Cisco 1240 ag converting from WEP to WPA

Cisco 1131AG configuration

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname LCMCF4

!

enable secret 5 $1$eFUP$DGH2XedaWBBrI.LPQ1bdi0

!

aaa new-model

!

!

!

aaa session-id common

!

!

dot11 syslog

!

dot11 ssid EXAMPLE1

   vlan 1

   authentication open

   authentication key-management wpa

   wpa-psk ascii 7 075E751B175B4D5D4E460A0A532872272C35617B1201465A55575A

!

dot11 ssid VISITOR

   vlan 2

   authentication open

   guest-mode

   mbssid guest-mode

!

!

!

username **** password 7 072C285F4D06

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers tkip

!

ssid EXAMPLE1

!

ssid VISITOR

!

mbssid

speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

encryption vlan 1 mode ciphers tkip

!

ssid VISITOR

!

dfs band 3 block

channel dfs

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!

interface BVI1

ip address 192.168.170.8 255.255.0.0

no ip route-cache

!

ip default-gateway 192.168.168.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

end

Cisco 1240 ag converting from WEP to WPA

Lets look at your first config 1240 .. You are only config 1 SSID. You dont have the second "EXAMPLE 2" configured. Do you see that ?

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 ssid example1
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

Yes, I see the problem, but I thought the Cisco Aironet utility would be able to switch to ssid2: EXAMPLE2, if it loses the signal from ssid1: example1.

Cisco 1240 ag converting from WEP to WPA

Good question.

Most supplicants, do a good job roaming with the same SSID , also called seamless roaming. When you mix the SSID names and or security settings its like having an entirely different network segment. Most if not all clients don't do these seamlessly. Eventually, most will connect, but thats not before it breaks and gives up trying on the orignal SSID is was configure for.

Make sense?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Cisco 1240 ag converting from WEP to WPA

Yes, what you stated makes perfect sense so I decided to change the Cisco 1131AG ssid 1 name to the same as the Cisco 1230AG to make the transition easier on the client adapter when the signal quality decreases. I do believe this has solved my problem. 

Cisco 1240 ag converting from WEP to WPA

Key thing to remember, make sure your WLAN config is identical and you have the same layer 3 behind each access point. This will provide seamless roaming. If you plan on doing Enterprise 802.1X that is an entirely different ball game and WDS would need to be deployed.

Remeber to rate helpful post ! Stop back if you still have questions!

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
1127
Views
0
Helpful
18
Replies
CreatePlease login to create content