Wireless Hardware
--
Questions
--
Followers
Top Experts
Cisco AP WPA2 security now available
In my Cisco 1230 AP, has two radio's (one a band and one b band). Both work fine.
Except, that by specification of the radio modules (both) they should be able to handle WPA2 AES encryption.
In the configuration the highest I can select is WPA.
How can I enable and where, the WPA 2 AES function? Does it has to do with the system software?
Technical details:
Product/Model Number: AIR-AP1230B-A-K9
System Software Version: 12.3(8)JEA1
Radio: b-band: Radio 350 Series Firmware 6.00.1
Radio a-band: Radio AIR-RM20A Firmware: 6.00.1
Except, that by specification of the radio modules (both) they should be able to handle WPA2 AES encryption.
In the configuration the highest I can select is WPA.
How can I enable and where, the WPA 2 AES function? Does it has to do with the system software?
Technical details:
Product/Model Number: AIR-AP1230B-A-K9
System Software Version: 12.3(8)JEA1
Radio: b-band: Radio 350 Series Firmware 6.00.1
Radio a-band: Radio AIR-RM20A Firmware: 6.00.1
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Hi,
AES-CCMP (WPA2) was introduced in IOS release 12.3(2)JA.
You AP is already supporting WPA2, with the GUI (webserver) you can find it on the AES-CCMP tab.
See snapshot: http://supportwiki.cisco.com/ViewWiki/images/7/77/Wpa2_config2_67134.gif
A/
AES-CCMP (WPA2) was introduced in IOS release 12.3(2)JA.
You AP is already supporting WPA2, with the GUI (webserver) you can find it on the AES-CCMP tab.
See snapshot: http://supportwiki.cisco.com/ViewWiki/images/7/77/Wpa2_config2_67134.gif
A/
Thanks wiscom.
The picture is clear, but it does not show on my options. i checked at Security--Encryption manager---Radio a (or b).
Only the following is available:
WEP 128 bit
WEP 40 bit
TKIP
CKIP
CMIC
CKIP-CMIC
TKIP+WEP 128 bit
TKIP+WEP 40 bit
See the attached file.
Under "Security: Global SSID Manager", "Client Authenticated Key Management" Key management only shows CCKM and WPA. I checked WPA, and filled in the key in the "WPA Pre-shared Key" box.
Strange...
cisco-wpa.JPG
The picture is clear, but it does not show on my options. i checked at Security--Encryption manager---Radio a (or b).
Only the following is available:
WEP 128 bit
WEP 40 bit
TKIP
CKIP
CMIC
CKIP-CMIC
TKIP+WEP 128 bit
TKIP+WEP 40 bit
See the attached file.
Under "Security: Global SSID Manager", "Client Authenticated Key Management" Key management only shows CCKM and WPA. I checked WPA, and filled in the key in the "WPA Pre-shared Key" box.
Strange...
cisco-wpa.JPG
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Hi wiscom,
I do not understand.
I have two radio modules, one with B band, and one with A band. You are suggesting to upgrade the B-band to B/G band.
I do not need this.
And what about the A band? Is that module not WPA2-AES capable? Or is the whole AP not compatible?
I am confused now.
Kind regards,
Haik
I do not understand.
I have two radio modules, one with B band, and one with A band. You are suggesting to upgrade the B-band to B/G band.
I do not need this.
And what about the A band? Is that module not WPA2-AES capable? Or is the whole AP not compatible?
I am confused now.
Kind regards,
Haik
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Hi Haik,
Sorry for the misunderstanding.
There is not much info about this problem ... a lot of contradictory info ...
Try to configure this on the command prompt:
dot11 ssid TEST_AP
authentication key-management wpa
!
interface Dot11Radio0
!
encryption mode ciphers aes-ccm tkip
!
ssid TEST_AP
!
end
Source: http://www.qsor.pl/articles/networking/cisco_aironet_1200_wpa_ias_radius_on_windows_2003/
A/
Sorry for the misunderstanding.
There is not much info about this problem ... a lot of contradictory info ...
Try to configure this on the command prompt:
dot11 ssid TEST_AP
authentication key-management wpa
!
interface Dot11Radio0
!
encryption mode ciphers aes-ccm tkip
!
ssid TEST_AP
!
end
Source: http://www.qsor.pl/articles/networking/cisco_aironet_1200_wpa_ias_radius_on_windows_2003/
A/
Hi Wiscom
I am not very good in Cisco command line, but I know that there is a privileged mode.
I enter it, and the command "dot11 ssid....." gives an error on the first "s" letter:
login as: Cisco
Cisco@192.168.1.250's password:
AP>enable
Password:
AP#dot11 ssid TEST_AP
^
% Invalid input detected at '^' marker.
AP#
Can you please guide me with this problem?
Thanks.
I am not very good in Cisco command line, but I know that there is a privileged mode.
I enter it, and the command "dot11 ssid....." gives an error on the first "s" letter:
login as: Cisco
Cisco@192.168.1.250's password:
AP>enable
Password:
AP#dot11 ssid TEST_AP
^
% Invalid input detected at '^' marker.
AP#
Can you please guide me with this problem?
Thanks.
Hi,
Ok, you need to go firstly to the global configuration mode:
conf t [enter]
A/
Ok, you need to go firstly to the global configuration mode:
conf t [enter]
A/
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
OK, I found the config.txt file.
Here is the listing: (I changed the secrets to random numbers / letters).
How can I change it?
AP#sh config
Using 2166 out of 32768 bytes
!
! Last configuration change at 00:17:36 GMT Mon Aug 17 2009 by Cisco
! NVRAM config last updated at 00:17:36 GMT Mon Aug 17 2009 by Cisco
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP
!
enable secret 5 $$$$$$$$$$$$$$$$$$$
!
clock timezone GMT 2
ip subnet-zero
ip domain name BORG
!
!
no aaa new-model
!
dot11 ssid BORG
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 874698690287650876
!
dot11 ssid CUBE
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 )*(&)$(*&#_(*&#@^&)&*(#@
!
!
!
username Cisco password 7 1âfuihioasuhfyuiof
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid CUBE
!
speed basic-1.0 2.0 5.5 11.0
station-role root
antenna receive right
antenna transmit right
world-mode dot11d country NL indoor
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid BORG
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country NL indoor
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 192.168.1.250 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 130.88.212.143
sntp broadcast client
end
AP#
Here is the listing: (I changed the secrets to random numbers / letters).
How can I change it?
AP#sh config
Using 2166 out of 32768 bytes
!
! Last configuration change at 00:17:36 GMT Mon Aug 17 2009 by Cisco
! NVRAM config last updated at 00:17:36 GMT Mon Aug 17 2009 by Cisco
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP
!
enable secret 5 $$$$$$$$$$$$$$$$$$$
!
clock timezone GMT 2
ip subnet-zero
ip domain name BORG
!
!
no aaa new-model
!
dot11 ssid BORG
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 874698690287650876
!
dot11 ssid CUBE
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 )*(&)$(*&#_(*&#@^&)&*(#@
!
!
!
username Cisco password 7 1âfuihioasuhfyuiof
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid CUBE
!
speed basic-1.0 2.0 5.5 11.0
station-role root
antenna receive right
antenna transmit right
world-mode dot11d country NL indoor
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid BORG
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country NL indoor
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 192.168.1.250 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 130.88.212.143
sntp broadcast client
end
AP#
Good, I entered the conf t mode
It does not work, on the point when I enter AES encryption. Have a look:
AP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
AP(config)#dot11 ssid TEST_AP
AP(config-ssid)#authentica
AP(config)#interface Dot11Radio0
AP(config-if)#encryption mode ciphers aes-ccm tkip
^
% Invalid input detected at '^' marker.
AP(config-if)#end
AP#
It does not work, on the point when I enter AES encryption. Have a look:
AP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
AP(config)#dot11 ssid TEST_AP
AP(config-ssid)#authentica
AP(config)#interface Dot11Radio0
AP(config-if)#encryption mode ciphers aes-ccm tkip
^
% Invalid input detected at '^' marker.
AP(config-if)#end
AP#
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Wireless Hardware
--
Questions
--
Followers
Top Experts
Wireless networking is a method by which homes, telecommunications networks and enterprise (business) installations avoid the costly process of introducing cables into a building, or as a connection between various equipment locations. Wireless telecommunications networks are generally implemented and administered using radio communication. This implementation takes place at the physical level (layer) of the OSI model network structure. The key hardware components of a wireless computer network include adapters, routers and access points, antennas and repeaters.