We have a test with an ACS 3.2, 1100 AP and run PEAP for authentication. I have read that it is possible to deliver dynamic WEP-keys from the aaa-server to the client but not sure how and how to verify..
ACS with PEAP enabled (works fine)
- XP with 350-card
- PEAP conf
- Data encr. WEP
- Key is provided for me autom.
no ip address
no ip route-cache
encryption key xxxx size 40bitxxxxxtransmit-key
encryption mode wep mandatory
authentication open eap peap
So, the question is, perhaps stupid!,,, is the key that´s configured in the AP the only WEP-key and there is no dynamic key-delivery from the ACS. Belive so...:-) How to enable the automatic key/rotating key from the ACS?
Need some help on this one, haven's found any good stuff on CCO.
As I understand it, there are two types of key rotation, bradcast and unicast. Broadcast key rotation rotates ONLY the keys that are manually entered into the AP to protect the AP's broadcast traffic. Unicast keys (as in TKIP's per packet keying) are unique to each client.
I'm sorry I can't remember the command to actually see verification of unicast key rotation but one of the debug commands will log a message when the keys are changed. Look through some of the debug choices on the AP at the CLI. Hope some of this helps.
I haven't actually tried this but I've read about it so you'll have to try it out and let us know if it works :)
The two "encryption" commands that you have above are used to configure static WEP keys. EAP authentication also allows for dynamic WEP key management. To do this, you have to turn on a "key management" function. Cisco offers 2: CCKM and WPA. CCKM is used with Cisco's WDS. WPA is the WiFi implementation that uses TKIP for encryption. Under each the RADIUS server should create the WEP keys dynamically and pass them to the AP.
With CCKM, configure "encryption mode ciphers wep128" under the radio interface and "authentication key-management cckm" under the SSID. Other ciphers such as CKIP+CMIC are available. Configure this on top of the auth command you already have. You can remove your 2 encryption commands. The broadcast-key command will take care of rotating your broadcast WEP keys.
For WPA & TKIP it's similar. Use "encryption mode ciphers tkip" and "authentication key-management wpa".
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...