• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1115
  • Last Modified:

Cisoc 1131 AP Change WEP to WPA

Hello,

We have an AP running 12.3 and would like to change our WEP encryption to WPA.  Currently we have a two SSID's one for visiting business guests,"green",  the other SSID "red" for our in-house staff.  

Thank you for your help
0
networkadmin
Asked:
networkadmin
  • 3
  • 2
1 Solution
 
mikecrCommented:
I'm assuming then that you want to change Red to support WPA correct? I'm also going to assume that you have two VLAN's set up, one that has no security for guests and the other one has WEP security configured for staff, correct? Let me know and I can walk you through it.
0
 
vikingforlifeCommented:
You must enter your dhcp address into a browser and then you will be provided a screen to change such options.
0
 
networkadminAuthor Commented:
Red will support WPA psk.  There are two VLANS setup.  VLAN 10 for the SSID Red and VLAN 600 for SSID Green.

I am familiar with the CLI but don't know the correct commands for setting up WPA with a PSK.

Thank you.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
mikecrCommented:
Here you go. I can walk you through the gui too if you want. AES-CCM is the most compatible if you're using Microsoft Windows machines. As you can see, the key is encrypted in this code so you will need to make up a pass phrase to put right after 7 on the WPA-PSK line.

dot11 ssid red
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 12120012020419103324312A322636121512

 encryption vlan 1 mode ciphers aes-ccm
0
 
networkadminAuthor Commented:
Mikecr - Could you also walk me through the gui as well?

Thank you.
0
 
mikecrCommented:
Load the web page by typing in the address of your access point and logging in.

1. On the left side you will see a menu, click on Security
2. Next, choose Encryption Manager from the Security Menu. At the top of the next screen where you see "Set Encryption Mode and Keys for VLAN" choose the vlan that want to configure from the drop down box.
3. Under "Encryption Modes", choose Cipher. In the drop down box choose AES-CCMP from the list.
4. Under "Global Properties" check the boxes beside Enable Group Key Update On Membership Termination and Enable Group Key Update On Member's Capability Change.
5. Next on the menu to the left, under Security again, choose SSID Manager.
6. Under "SSID Properties" click on the SSID that you would like to set the security on. In this case it would be Red.To the right under VLAN:, choose the vlan in the drop down box that you configured the security on. Also check the box for Interface Radio 802.11G if it isn't alread.
7. Client Authentication sEttings should be set to "Open Authentication."
8. Now scroll down to Client Authenticated Key Management and under "Key Management" choose Mandatory from the drop down box. Check the box beside "Enable WPA" and in the drop down box you can either choose WPA if you want auto functionality between WPA1 and WPA2, or just choose WPA2 which is the stronger of the two.
9. Finally, where is says "WPA Pre-shared Key:" type in your passphrase. I use ascii and just type in a phrase such as "keepoutyoubeepsterd" or whatever you want.

Once you have this set, then you need to make sure the Microsft clients are configured using WPA and the passphrase along with AES encryption. It's pretty simple so you may not need my help for that.

If you have any other questions, let me know.  
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now