• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4241
  • Last Modified:

Cisco Aironet 1130AG Access Point (WPA2 Setup via GUI)

I'm trying to configure a Cisco Aironet 1130AG access point with WPA2, and with two SSIDs; one for corporate users, one for guests.  

I am not familiar with using the CLI (I've a cursory knowledge from working with some PIXes and ASAs on a VERY basic level), and have only used the GUI.  If you are willing to do so, I'd need a very basic walkthrough to make any changes via CLI, otherwise, I'd prefer if you could help me with the HTTP GUI.

The AP is currently configured with one SSID and WEP encryption, and we are wanting to move to two SSIDs, using WPA2 for a more pliant key system.  i.e., being able to change it relatively frequently, and to shorter and more human friendly keys than a 128bit WEP key.  I'm trying to find some information on WPA2 setup for this model AP, but have been unsuccessful.  Can anyone provide me with some links that will help me set up WPA2?

System Software Version: 12.3(8)JEA  
0
jasondimaio
Asked:
jasondimaio
  • 4
  • 4
1 Solution
 
amprantiCommented:
Can you give us a "sh run" of config

We will help you do the required changes. Via command line is very easy to do what you want
0
 
jasondimaioAuthor Commented:
There's a couple of goofy things in there.  I was piddling about with RADIUS server settings, but I'm not using it for anything.  Same with VLANs.
Current configuration : 2728 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$r/lK$/pviH9yAexvJbGnv8wZVb.
!
led display alternate
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 175.19.0.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
 server 175.19.0.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 vlan-name Guest vlan 2
dot11 vlan-name Main vlan 1
!
dot11 ssid CorpSSID
   authentication open
   guest-mode
!
power inline negotiation prestandard source
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 BFC43FD75D80292D67AAADF10578 transmit-key
 encryption mode wep mandatory
 !
 ssid CorpSSID
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 09F004795E65396429E187041F11 transmit-key
 encryption mode wep mandatory
 !
 ssid CorpSSID
 !
 dfs band 3 block
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 175.19.0.40 255.255.0.0
 no ip route-cache
!
ip default-gateway 175.19.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
 
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 175.19.0.10 auth-port 1645 acct-port 1646 key 7 113A0D2502100
A0F0C7B79
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

Open in new window

0
 
amprantiCommented:
To use a second SSID on same AP you must use vlan (and to switches)
To enable a second ssid , using WEP, use the following commands:

conf t
dot11 ssid guests
   authentication open

int dot 0
 encryption vlan 1key 1 size 128bit 7 BFC43FD75D80292D67AAADF10578 transmit-key
 encryption mode wep mandatory

 encryption vlan 2 key 1 size 128bit 0 <your key> transmit-key
 encryption vlan 2 mode wep mandatory

ssid guests

~~~~~~~~~
The guest ssid will not be broadcasted

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
jasondimaioAuthor Commented:
Ok, but I want to use WPA, *not* WEP.  Ideally, I'd like to broadcast both SSIDs, but failing that, I'd prefer to broadcast the guest, rather than the corporate SSID.  The goal is to make the Guest one as simple as possible for visitors to get on, once they have the key.
0
 
jasondimaioAuthor Commented:
Sorry, meant to say WPA2.
0
 
amprantiCommented:
In addition to above code to broadcast both SSIDs:

conf t

dot11 ssid CorpSSID
   mbssid guest-mode dtim-period 100

dot11 ssid guests
   mbssid guest-mode dtim-period 100

int dot 0
mbssid

To use WPA:

conf t
int dot 0
 encryption vlan 1 mode tkip
 encryption vlan 2 mode tkip



0
 
jasondimaioAuthor Commented:
Thanks a bunch for your help.
0
 
DenverDanCommented:
Is WPA and WPA2 the same thing on the Aironets?  I know they're really not the same thing in reality, but I cannot find a way to specify WPA2, only WPA.  It's running a recent version of IOS.
0
 
amprantiCommented:
WPA and WPA2 is a different thing!
What aironet do you have ? Does it support WPAv2?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now