[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

Config WPA and WEP with MAC address security at same time on same AP

Asked by lawson2305 in Wireless Network Access Points, Wireless Networking, 802.11 Wireless Access Points

Tags: wpa configuration, wep, mac address

Ok we currently have this configuration setup on all our Cisco AP's and I would like to move away from WEP and the MAC security and MAC access list restrictions.  I would like to strickly a really strong 63 character WPA key.

The problem is I need to run both at the same time until I can get everyone converted to WPA and then clean up the WEP.

I would also like to avoid if possible any additional router configuration, can this be done with only changing the ap's?

Also can some of this triple aaa commands be cleaned up as we don't use Radius or tacs. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:

Current configuration : 10687 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP619
!
enable secret 5 secretsecretsecretsecret
!
ip subnet-zero
ip domain name noway.com
ip name-server 10.0.0.99
ip name-server 10.0.0.98
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 association mac-list 701
!
dot11 ssid LAN
   authentication open mac-address mac_methods 
!
!
crypto pki trustpoint TP-self-signed-689020510
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-689020510
 revocation-check none
 rsakeypair TP-self-signed-689020510
!
!
username Admin privilege 15 password 7 135547435D5A027D797C7F6065
username 000012341234 password 7 135547435D5A027D797C7F6065
username 000012341234 autocommand exit
username 000012341236 password 7 135547435D5A027D797C7F6065
username 000012341236 autocommand exit
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 KEYKEYKEYKEYKEYKEYKEYKEYKEYKEY transmit-key
 encryption mode wep mandatory 
 !
 broadcast-key change 30
 !
 !
 ssid LAN
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
 power local 50
 no power client local
 power client 100
 station-role root
 rts threshold 2312
 l2-filter bridge-group-acl
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 input-address-list 701
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 l2-filter bridge-group-acl
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 10.0.0.100 255.255.254.0
 no ip route-cache
!
ip default-gateway 10.0.0.1
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
!
access-list 111 permit tcp any any neq telnet
access-list 701 permit 0000.1234.1234   0000.0000.0000
access-list 701 permit 0000.1234.1236   0000.0000.0000
access-list 701 deny   0000.0000.0000   ffff.ffff.ffff
 
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
 access-class 111 in
line vty 0 4
 access-class 111 in
line vty 5 15
 access-class 111 in
!
end
[+][-]09/01/09 06:05 PM, ID: 25237478Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/01/09 08:16 PM, ID: 25237895Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/02/09 02:48 PM, ID: 25246001Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/09/09 10:57 AM, ID: 25293874Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/10/09 01:52 PM, ID: 25304200Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/10/09 07:21 PM, ID: 25306256Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/11/09 08:42 AM, ID: 25310661Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/11/09 09:19 AM, ID: 25311002Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/25/09 06:22 AM, ID: 25422632Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/25/09 06:23 AM, ID: 25422654Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/25/09 07:12 AM, ID: 25423136Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/25/09 09:44 AM, ID: 25424667Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/25/09 10:54 AM, ID: 25425409Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/12/09 05:43 AM, ID: 25550697Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/22/09 10:15 AM, ID: 25636549Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/05/09 05:56 AM, ID: 25749441Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625