?
Solved

Cisco Aironet 1130AG Access Point (WPA2 Setup via GUI)

Posted on 2009-04-28
9
Medium Priority
?
4,173 Views
Last Modified: 2013-12-21
I'm trying to configure a Cisco Aironet 1130AG access point with WPA2, and with two SSIDs; one for corporate users, one for guests.  

I am not familiar with using the CLI (I've a cursory knowledge from working with some PIXes and ASAs on a VERY basic level), and have only used the GUI.  If you are willing to do so, I'd need a very basic walkthrough to make any changes via CLI, otherwise, I'd prefer if you could help me with the HTTP GUI.

The AP is currently configured with one SSID and WEP encryption, and we are wanting to move to two SSIDs, using WPA2 for a more pliant key system.  i.e., being able to change it relatively frequently, and to shorter and more human friendly keys than a 128bit WEP key.  I'm trying to find some information on WPA2 setup for this model AP, but have been unsuccessful.  Can anyone provide me with some links that will help me set up WPA2?

System Software Version: 12.3(8)JEA  
0
Comment
Question by:jasondimaio
  • 4
  • 4
9 Comments
 
LVL 10

Expert Comment

by:ampranti
ID: 24269872
Can you give us a "sh run" of config

We will help you do the required changes. Via command line is very easy to do what you want
0
 

Author Comment

by:jasondimaio
ID: 24269994
There's a couple of goofy things in there.  I was piddling about with RADIUS server settings, but I'm not using it for anything.  Same with VLANs.
Current configuration : 2728 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$r/lK$/pviH9yAexvJbGnv8wZVb.
!
led display alternate
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 175.19.0.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
 server 175.19.0.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 vlan-name Guest vlan 2
dot11 vlan-name Main vlan 1
!
dot11 ssid CorpSSID
   authentication open
   guest-mode
!
power inline negotiation prestandard source
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 BFC43FD75D80292D67AAADF10578 transmit-key
 encryption mode wep mandatory
 !
 ssid CorpSSID
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 09F004795E65396429E187041F11 transmit-key
 encryption mode wep mandatory
 !
 ssid CorpSSID
 !
 dfs band 3 block
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 175.19.0.40 255.255.0.0
 no ip route-cache
!
ip default-gateway 175.19.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
 
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 175.19.0.10 auth-port 1645 acct-port 1646 key 7 113A0D2502100
A0F0C7B79
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

Open in new window

0
 
LVL 10

Expert Comment

by:ampranti
ID: 24270103
To use a second SSID on same AP you must use vlan (and to switches)
To enable a second ssid , using WEP, use the following commands:

conf t
dot11 ssid guests
   authentication open

int dot 0
 encryption vlan 1key 1 size 128bit 7 BFC43FD75D80292D67AAADF10578 transmit-key
 encryption mode wep mandatory

 encryption vlan 2 key 1 size 128bit 0 <your key> transmit-key
 encryption vlan 2 mode wep mandatory

ssid guests

~~~~~~~~~
The guest ssid will not be broadcasted

0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:jasondimaio
ID: 24270434
Ok, but I want to use WPA, *not* WEP.  Ideally, I'd like to broadcast both SSIDs, but failing that, I'd prefer to broadcast the guest, rather than the corporate SSID.  The goal is to make the Guest one as simple as possible for visitors to get on, once they have the key.
0
 

Author Comment

by:jasondimaio
ID: 24270442
Sorry, meant to say WPA2.
0
 
LVL 10

Accepted Solution

by:
ampranti earned 2000 total points
ID: 24272686
In addition to above code to broadcast both SSIDs:

conf t

dot11 ssid CorpSSID
   mbssid guest-mode dtim-period 100

dot11 ssid guests
   mbssid guest-mode dtim-period 100

int dot 0
mbssid

To use WPA:

conf t
int dot 0
 encryption vlan 1 mode tkip
 encryption vlan 2 mode tkip



0
 

Author Closing Comment

by:jasondimaio
ID: 31575497
Thanks a bunch for your help.
0
 
LVL 1

Expert Comment

by:DenverDan
ID: 24863540
Is WPA and WPA2 the same thing on the Aironets?  I know they're really not the same thing in reality, but I cannot find a way to specify WPA2, only WPA.  It's running a recent version of IOS.
0
 
LVL 10

Expert Comment

by:ampranti
ID: 24872265
WPA and WPA2 is a different thing!
What aironet do you have ? Does it support WPAv2?
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question