Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless with no authentication but encryption

Hello

I have some 871W. Is it possible to make wireless network open (no authentication, available for all) but with encryption ?

I've read somewhere i could do something like this using 802.1x, but could not find any cisco documentation for that.

I want to be sure that everybody can use wireless but the sniffing is not possible (or very difficult).

Is it possible ? If yes could you give me link to documentation ?

Best regards,

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Wireless with no authentication but encryption

Understood... but that is why the minimum protection is up to you to decide.  Again... with guest wireless, you can't force any type of encryption or else you will be supporting the users.  No matter what vendor you use, the outcome will be the same.  Encryption and Authentication is there for one to use if configured.  If you had a wired guest, how would you protect him or her?

Scott

-Scott
*** Please rate helpful posts ***
10 REPLIES
Hall of Fame Super Silver

Re: Wireless with no authentication but encryption

You can setup encryption (WEP, WPA-PSK, WPA2-PSK) without using any type of authentication (802.1x).  Your best bet if you don't want to have devices or users authenticatate and make it difficult to break is use WPA2-PSK.

Scott

-Scott
*** Please rate helpful posts ***
New Member

Re: Wireless with no authentication but encryption

But for WPA2-PSK to work everybody needs to know shared key. And this is a problem. I do not want

to force people to know any passwords (it's public wifi).

How can i solve this problem ?

Thanx

Hall of Fame Super Silver

Re: Wireless with no authentication but encryption

Public WiFi.... Well, nothing you can do there.  Leave it open and create an ACL to block guest traffic from accessing your other subnets.

-Scott
*** Please rate helpful posts ***
New Member

Re: Wireless with no authentication but encryption

That's very bad that i can not enable encryption for public wifi. This way any user can sniff any other user.

There should be a way to set a secure channel thru unsecured media (for example using Diffie-Hellman).

Why the cisco did not create such possibility ?

Thanx

Hall of Fame Super Silver

Re: Wireless with no authentication but encryption

On a WLC orA IOS AP, you can block P2P, you just have to see if your device supports that.

-Scott
*** Please rate helpful posts ***
New Member

Re: Wireless with no authentication but encryption

Hmmm, but i do not want to block any traffic.

I just wanted to provide guests some basic level of privacy thru encryption, so they could use for example internet banking.

Thanx

Hall of Fame Super Silver

Re: Wireless with no authentication but encryption

The thing with free public wifi, is that the users has to protect themselves not you.  Look at all the other hotspots... they use a username/password or just an accept to allow the users access to the wireless.  There is usually a Terms and agreement that protects the hotspot from any liabilities.  Most secure websites use SSL certificates to protect the users... so this is secure.

Scott

-Scott
*** Please rate helpful posts ***
New Member

Re: Wireless with no authentication but encryption

I don't trust SSL certificates. Many of them are validated only by email. And most browsers have very suspicious CA's in they keyring.

What about cisco layered model of protection ? Shouldn't be it implemented in all layers - no just one ? (which is weak in this case?).

Even professionals are often tricked - we can not leave users on their own. That's why i think cisco should try to provide at least minimum level of security....

I still do not understeand why it's not possible and why cisco can't do that...

Thanx

Hall of Fame Super Silver

Re: Wireless with no authentication but encryption

Understood... but that is why the minimum protection is up to you to decide.  Again... with guest wireless, you can't force any type of encryption or else you will be supporting the users.  No matter what vendor you use, the outcome will be the same.  Encryption and Authentication is there for one to use if configured.  If you had a wired guest, how would you protect him or her?

Scott

-Scott
*** Please rate helpful posts ***
New Member

Re: Wireless with no authentication but encryption

You are right, the same problem is with wired connections. But i feel uncomfortable giving them some security for usability (they have to remember shared key) while technically it's not necesary.

Anyway thanx!

1740
Views
0
Helpful
10
Replies