I have 7 Cisco 1231G Access Points in my warehouse. Currently they are void of any kind of security other than not broadcasting their SSID. Our current equipment on the warehouse floor does not work with any of the security protocols. However, we are slowly starting to replace these systems out with newer Windows CE devices. Is there a way to set up the access points with a Pre-Shared Key but make it optional. That way systems that do not support the PSK can still connect but newer system with the PSK can connect as well. This way I can configure the new systems as they come in with the PSK and not have to wait until they are all replaced and then have to go to each system and update them later.
What you should do is configure a new ssid with what ever security you want to use in the future, but keep the existing ssid for the old clients. All new devices will be configured with the new ssid and eventually once you migrate all the users off, you delete the old ssid.
OK, but is it possible to have 2 SSID's where one is secure using a pre-shared key and the other SSID is open? I went ahead and set up a second SSID on one of the AP's. In order to get the new SSID to use the pre-shared key, I have to set the encryption to TKIP. Once I do that both SSID's show up as secure. Am i missing something? I know enough about these Cisco AP's to be dangerous. LOL
I spoke with Cisco TAC earlier and they said that this is possible but you must assign a VLAN to each SSID. Once each SSID has it's own VLAN, then you can assign encryption to an individual VLAN rather than the entire radio. They sent me a link to this white paper: