On the 4402 model wireless LAN controller, under the WLANs -> Security -> Layer2, it is possible to select WPA Policy and WPA Encrytion "AES".
Does anyone know if this combination is vulnerable to the recent TKIP exploit?
I have WPA Encryption "TKIP" explicitly unchecked, but I thought I read somewhere that TKIP might still be used for backward compatibility. Or that WPA1 with AES might not have been implemented in according to the final WPA2 definition.
WPA/Tkip PSK has been compromised as you know, but setting WPA/AES PSK has not been CRACKED....
The only thing is that some devices do not let you setup wpa/aes. I have seen devices that allow you to only either set wpa or the aes. When wpa is the only option, then tkip is automatically set. When TKIP/AES is the only option and you choose AES, then WPA2 is default.
Even though TKIP is vulnerable, the atttacks are dictionary-based. If you use a 63-character random string it is still highly unlikely that your TKIP network will be cracked. It's more likely that someone will steal the key via physical means...
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...