Cisco Aironet 1130AG Access Point (WPA2 Setup)

Posted on 2009-02-10
Last Modified: 2013-11-12
I'm trying to configure a Cisco Aironet 1130AG access point with WPA2.  The AP is currently configured with WEP encryption, and we are wanting to move to WPA2.  I'm trying to find some information on WPA2 setup for this model AP, but have been unsuccessful.  Can anyone provide me with some links that will help me set up WPA2?  A sample config from a working AP running WPA2 security would be great!

Question by:woodas26
    LVL 32

    Accepted Solution

    Here is a sample config to broadcast two SSID.  One for your corp LAN and one for your public LAN

    interface gig 0 
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface gig 0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface gig 0.10
    encapsulation dot1Q 300
    no ip route-cache
    bridge-group 10
    no bridge-group 10 source-learning
    bridge-group 10 spanning-disabled
    hostname MyWAP
    interface BVI1
    ip address x.x.x.x
    ip default-gateway x.x.x.x
    aaa new-model
    radius-server host x.x.x.x auth-port 1812 acct-port 1813 key MyRadiusKey
    aaa group server radius rad_eap
    server x.x.x.x auth-port 1812 acct-port 1813
    aaa cache profile admin_cache
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    cache expiry 1
    cache authorization profile admin_cache
    cache authentication profile admin_cache
    aaa group server tacacs+ tac_admin
    cache expiry 1
    cache authorization profile admin_cache
    cache authentication profile admin_cache
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authentication enable default group tacacs+ enable
    aaa accounting network acct_methods start-stop group rad_acct
    dot11 ssid Private
    vlan 1
    authentication open eap eap_methods
    authentication key-management wpa
    mbssid guest-mode
    infrastructure-ssid optional
    dot11 ssid Public
    vlan 300
    authentication open
    authentication key-management wpa
    mbssid guest-mode
    wpa-psk ascii [EnterYourWPA-PSK_Here]
    interface Dot11Radio 0
    no ip address
    encryption vlan 1 mode ciphers tkip
    encryption vlan 300 mode ciphers tkip
    station-role root
    interface Dot11Radio 0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.10
    encapsulation dot1Q 10
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface Dot11Radio 0
    ssid Private
    ssid Public
    no shutdown

    Open in new window

    LVL 4

    Author Comment

    LVL 1

    Expert Comment

    Well this bit looked like it should have been a breeze!

    dot11 ssid TEDCO-INT
       vlan 100
       authentication open
       authentication key-management wpa version 1
       mobility network-id 100
       wpa-psk ascii 7 [password]

    encryption vlan 100 mode ciphers tkip

    Two Win7 laptops can't connect using WPA Personal and TKIP. Have tried AES to no avail too.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now