Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
2
Replies

WPA or WPA2 + mac auth trouble

konstantin.nikitin
Level 1
Level 1

‎09-22-2009 04:52 AM - edited ‎07-03-2021 06:04 PM

Good day!

I have a trouble with configuration local mac auth and encrypt WPA.

When works only Mac auth and no encrypts all work. but when added command in ssid and dot 0 for encrypt client not connected((

I founded on cisco faq what after 12.3.8JA2 cisco not supported mac + wpa encrypt . But early version must support it. I use Version 12.3(7)JA5 and other. but not work. Who configured this example?

config:

dot11 ssid test

authentication open mac-address mac_methods

authentication key-management wpa

guest-mode

int dot11radio 0

encryption mode ciphers aes-ccm

username 000102030406 password 7 xxxx

username 000102030406 autocommand exit

Labels:
0 Helpful
2 Replies 2

bcolvin
Level 3
Level 3

‎09-22-2009 06:02 PM

The abilty to do do both WPA and MAC went away in 12.3(4) according to this

Using WPA Key Management

Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management.

WPA key management supports two mutually exclusive management types: WPA and WPA-Pre-shared key (WPA-PSK). Using WPA key management, clients and the authentication server authenticate to each other using an EAP authentication method, and the client and server generate a pairwise master key (PMK). Using WPA, the server generates the PMK dynamically and passes it to the access point. Using WPA-PSK, however, you configure a pre-shared key on both the client and the access point, and that pre-shared key is used as the PMK.

--------------------------------------------------------------------------------

Note In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.

in this document

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37auth.html#wp1048646

MAC authentication is not considered a secure proceedure as the mac address is eaisly spoofed.

Bill

0 Helpful

konstantin.nikitin
Level 1
Level 1
In response to bcolvin

‎09-22-2009 09:09 PM

Thank you for answer.

I was search in cisco download server IOS early then 12.3(4) and founded only c1130-k9w7-tar.123-2.JA.tar but it not can't download ((( Where i can find this ios?

Release Date: 15/Nov/2004. its very old ios

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card