Cisco Support Community
Community Member

PEAP and Dynamic WEP

We have 350 APs running 12.02T1 software and 350 series Aironet clients. I am trying to set up PEAP authentication with SecurID and enable Dynamic WEP with MIC and TKIP.

I am using multiple SSID's and VLANs to set up three network types:

SSID 1 = PEAP with OTP, TKIP, MIC and Broadcast key rotation - VLAN 1

SSID 2 = Static WEP, TKIP, MIC - VLAN 2

SSID 3 = Non Secure - VLAN 3

I have the following issues, which I would appreciate help with:

1/ Although the documentation states that you can set TKIP, MIC and Broadcast key rotation on each individual VLAN. When I enable MIC on VLAN 1, the clients on VLAN 3 lose all IP connectivity including DHCP access.

2/ I have set up broadcast key rotation interval on the AP. I have users authenticating against ACS 3.1 with the 'Cisco-Aironet-Session-Timeout' attribute set at 1800 secs and the IETF Session timeout set at 900 for dial-access timeout. However, the WEP keys for my WLAN clients are rotating at 900 secs. How do I force the ACS to pass the figure in the aironet session timeout box to the AP instead?

3/ How do I verify the operation of unicast/broadcast WEP key renewal without having to use a Sniffer.

4/ When user authentication fails with the OTP server, there is no message passed back to the clients to record the authentication failure. Can this be enabled?

Any help would be appreciated


Re: PEAP and Dynamic WEP

In the case of OTP issue ,whether the device hangs when incorrect passowrd is entered? And which is the OTP server that you are using?

CreatePlease to create content