Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


PLEASE HELP -- Encrypt without WEP key

I want to use WEP and TKIP. Is there any way that my clients can connect to the wireless network without entering a WEP key. We have a lot of visitors and donot want them to enter WEP keys.

Please advise with any ideas or documentaion to look at.


Re: PLEASE HELP -- Encrypt without WEP key

You have to have a key at some point.

If you have a RADIUS server (preferably a Cisco ACS), you can have an open association, then provide keys / IDs / assignments to a range of guest accounts ...

You don't mention which AP you're using. If VLANs are an option, you could set up an open guest VLAN that routes to a proxy or firewall (Internet or otherwise) that will at least allow you to filter and /or monitor the traffic.

Another alternative might be a Wireless Workgroup Bridge. The WGB can be pre-configured with a WEP key (some docs appear to show that it'll do LEAP too ... but I think not), then the guest user can get a DHCP address (gateway, DNS, etc) with a no-config-necessary (hardwired) connection to the WGB(s).

At the least, you could have a collection of wireless NICs and loan them out for the duration of the visit. The MACs would be registered and allowed ... all else would be filtered.

The problem there is loading drivers on the older OSs. Most driver sets will easily fit on a USB pen drive, so it could be made fairly fast ... but if someone's computer / system crashed, they'd blame it on your drivers...

Other than that, there'd be no way to allow random guest NICs without opening up your netork. I'd vote for the VLANs (if your system support 'em) or WGBs. Of the two, the WGBs would probably be the least painful all the way around.




Re: PLEASE HELP -- Encrypt without WEP key

Thanks for the info. I have a AP1200.


Re: PLEASE HELP -- Encrypt without WEP key

The WGB350 supports LEAP authentication. You just need a username to put in the bridge config with auth mode eap.