Solved

Best Practices of Converting from WEP to WPA

Posted on 2009-05-07
8
518 Views
Last Modified: 2013-12-27
I am looking for some configuration guidelines, discussion, or a whitepaper to convert my Cisco ap's from WEP with 128bit keys over to WPA or something better. Is WPA the way to go at this point? I am concerned on how to convert my current wireless over which has about 50 access points spread out across the country. Currently, we use the same wep key thoughout the organization. How would I do this with minimal downtime toward the users. How much configuration would there be? I am using Cisco 1200's and 1242ag wap's currently. They are all standalone configs.
0
Comment
Question by:canatechguy
8 Comments
 

Author Comment

by:canatechguy
ID: 24329906
I also have a bunch of Cisco 1100's as well. Specifically 1121G's.
0
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 200 total points
ID: 24333162
Hi,

I suggest that you change the configuration on one of your APs in your local office and then make a template. This template then can be uploaded to all your APs across different sites using a configuration management tool like Solarwinds Orion NCM or Rancid;

Rancid      www.shrubbery.net/rancid
Solarwinds NCM      www.solarwinds.com
0
 
LVL 10

Assisted Solution

by:lanboyo
lanboyo earned 200 total points
ID: 24335925
Good advice on the rancid or solarwinds above. Change the AP names when you make the change. Push out a wireless connection profile with your desired security profiles and NEW ACCESS POINT NAMES to the user stations so they can select the "new" access point as it gets converted. Otherwise more workstations will require visitation than you will like.

If all devices support it, use WPA2 over WPA. It seems we are talking about WPA Pre-Shared-Key, this si similiar to WEP in that you may well have a single passphrase for your entire network. 802.1x is better, but it requires infrastructure and significant work on the end stations.

0
 

Assisted Solution

by:here_t0_share
here_t0_share earned 100 total points
ID: 24340987
Hello,

First please make sure that all the intended user's have a Laptop/PC with WPA compatible W-Fi adapter.
As WPA is fairly new( as compared to WEP).
some Wi-Fi adapters may not even support you and then you will have bigger/different set of problems to solve.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Author Comment

by:canatechguy
ID: 24357524
It looks like I have the options of TKIP, WEP, CKIP, and CMIC of available for ciphers in the 1100 ap's. Maybe I cannot go to WPA with some of these older ap's.
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24359439
Tkip with preshared key is a wpa encryption.
0
 

Author Comment

by:canatechguy
ID: 24375166
Ok, I can easily convert over to WPA-TKIP and even use the same key with these devices. That would give me a more secured connection. Has anyone done this and is there a way to programatically change the WPA key. Is that something that you can push down. Maybe a registry edit?
Lanboyo, What is the differences in wpa2 vs wpa?
0
 

Author Closing Comment

by:canatechguy
ID: 31579178
I was hoping to get more info on the subject of deployment but good info still the same. Thanks for your help.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now