Best Practices of Converting from WEP to WPA

I am looking for some configuration guidelines, discussion, or a whitepaper to convert my Cisco ap's from WEP with 128bit keys over to WPA or something better. Is WPA the way to go at this point? I am concerned on how to convert my current wireless over which has about 50 access points spread out across the country. Currently, we use the same wep key thoughout the organization. How would I do this with minimal downtime toward the users. How much configuration would there be? I am using Cisco 1200's and 1242ag wap's currently. They are all standalone configs.
canatechguyAsked:
Who is Participating?
 
Kamran ArshadIT AssociateCommented:
Hi,

I suggest that you change the configuration on one of your APs in your local office and then make a template. This template then can be uploaded to all your APs across different sites using a configuration management tool like Solarwinds Orion NCM or Rancid;

Rancid      www.shrubbery.net/rancid
Solarwinds NCM      www.solarwinds.com
0
 
canatechguyAuthor Commented:
I also have a bunch of Cisco 1100's as well. Specifically 1121G's.
0
 
lanboyoCommented:
Good advice on the rancid or solarwinds above. Change the AP names when you make the change. Push out a wireless connection profile with your desired security profiles and NEW ACCESS POINT NAMES to the user stations so they can select the "new" access point as it gets converted. Otherwise more workstations will require visitation than you will like.

If all devices support it, use WPA2 over WPA. It seems we are talking about WPA Pre-Shared-Key, this si similiar to WEP in that you may well have a single passphrase for your entire network. 802.1x is better, but it requires infrastructure and significant work on the end stations.

0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
here_t0_shareCommented:
Hello,

First please make sure that all the intended user's have a Laptop/PC with WPA compatible W-Fi adapter.
As WPA is fairly new( as compared to WEP).
some Wi-Fi adapters may not even support you and then you will have bigger/different set of problems to solve.
0
 
canatechguyAuthor Commented:
It looks like I have the options of TKIP, WEP, CKIP, and CMIC of available for ciphers in the 1100 ap's. Maybe I cannot go to WPA with some of these older ap's.
0
 
lanboyoCommented:
Tkip with preshared key is a wpa encryption.
0
 
canatechguyAuthor Commented:
Ok, I can easily convert over to WPA-TKIP and even use the same key with these devices. That would give me a more secured connection. Has anyone done this and is there a way to programatically change the WPA key. Is that something that you can push down. Maybe a registry edit?
Lanboyo, What is the differences in wpa2 vs wpa?
0
 
canatechguyAuthor Commented:
I was hoping to get more info on the subject of deployment but good info still the same. Thanks for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.