Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WEP & WPA on single SSID

How can I configure a SSID that able to support WEP & WPA on the WLAN controller? The reason I ask because we are currently have LEAP/WEP and we want to move forward to PEAP/WPA. I have to use the same SSID with 2 type of encryption to support the transition.

Thanks,

2 REPLIES
Hall of Fame Super Silver

Re: WEP & WPA on single SSID

You can't.... In this type of situation, you need to migrate new devices to PEAP/WPA using a new SSID. When you finally move or migrate all devices out of the old ssid, you delete it.

-Scott
*** Please rate helpful posts ***
New Member

Re: WEP & WPA on single SSID

Yes. WEP and WPA is allowed on the same SSID as long as you are at 4.0.206 or later. You can do this by creating two WLANs on the same controller.

The controllers will allow each WLAN to have the same SSID *only* as long as they effect a different encryption security policy.

Documented here: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/cont402060rn.html#wp171887

Here is an example (using the text commands since I can't post inline screen caps) I run where I do dynamic WEP along with WPA both using radius. When using radius, you can select any of supported EAP types for both the WEP and WPA WLANs.

wlan create 1 MYSSID MYSSID-wep

! create WLAN 1 ssid "MYSSID"

wlan create 2 MYSSID MYSSID-WPA

! create WLAN 2 ssid "MYSSID"

wlan interface 1 vlan86

wlan interface 2 vlan86

Map them to the same interface. You can map them different ones.

wlan session-timeout 1 1800

wlan session-timeout 2 28800

Set up radius re-auth session timeout. Make WEP with 802.1x shorter. if using static WEP (very very insecure), don't do this.

wlan security 802.1X enable 1

We enable 802.1x on our WEP SSID

wlan radius_server auth add 1 1

wlan radius_server auth add 1 2

wlan radius_server auth add 2 1

wlan radius_server auth add 2 2

wlan radius_server auth add 2 3

Assign the 2 wlans to their respective radius servers - primary and backup

wlan security wpa disable 1

disable wpa on the wep only wlan

wlan security wpa wpa1 enable 2

wlan security wpa wpa1 ciphers tkip enable 2

add wpa1-tkip to wlan 2

444
Views
0
Helpful
2
Replies