Cisoc 1131 AP Change WEP to WPA

Hello,

We have an AP running 12.3 and would like to change our WEP encryption to WPA.  Currently we have a two SSID's one for visiting business guests,"green",  the other SSID "red" for our in-house staff.  

Thank you for your help
networkadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mikecrCommented:
I'm assuming then that you want to change Red to support WPA correct? I'm also going to assume that you have two VLAN's set up, one that has no security for guests and the other one has WEP security configured for staff, correct? Let me know and I can walk you through it.
0
vikingforlifeCommented:
You must enter your dhcp address into a browser and then you will be provided a screen to change such options.
0
networkadminAuthor Commented:
Red will support WPA psk.  There are two VLANS setup.  VLAN 10 for the SSID Red and VLAN 600 for SSID Green.

I am familiar with the CLI but don't know the correct commands for setting up WPA with a PSK.

Thank you.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

mikecrCommented:
Here you go. I can walk you through the gui too if you want. AES-CCM is the most compatible if you're using Microsoft Windows machines. As you can see, the key is encrypted in this code so you will need to make up a pass phrase to put right after 7 on the WPA-PSK line.

dot11 ssid red
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 12120012020419103324312A322636121512

 encryption vlan 1 mode ciphers aes-ccm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
networkadminAuthor Commented:
Mikecr - Could you also walk me through the gui as well?

Thank you.
0
mikecrCommented:
Load the web page by typing in the address of your access point and logging in.

1. On the left side you will see a menu, click on Security
2. Next, choose Encryption Manager from the Security Menu. At the top of the next screen where you see "Set Encryption Mode and Keys for VLAN" choose the vlan that want to configure from the drop down box.
3. Under "Encryption Modes", choose Cipher. In the drop down box choose AES-CCMP from the list.
4. Under "Global Properties" check the boxes beside Enable Group Key Update On Membership Termination and Enable Group Key Update On Member's Capability Change.
5. Next on the menu to the left, under Security again, choose SSID Manager.
6. Under "SSID Properties" click on the SSID that you would like to set the security on. In this case it would be Red.To the right under VLAN:, choose the vlan in the drop down box that you configured the security on. Also check the box for Interface Radio 802.11G if it isn't alread.
7. Client Authentication sEttings should be set to "Open Authentication."
8. Now scroll down to Client Authenticated Key Management and under "Key Management" choose Mandatory from the drop down box. Check the box beside "Enable WPA" and in the drop down box you can either choose WPA if you want auto functionality between WPA1 and WPA2, or just choose WPA2 which is the stronger of the two.
9. Finally, where is says "WPA Pre-shared Key:" type in your passphrase. I use ascii and just type in a phrase such as "keepoutyoubeepsterd" or whatever you want.

Once you have this set, then you need to make sure the Microsft clients are configured using WPA and the passphrase along with AES encryption. It's pretty simple so you may not need my help for that.

If you have any other questions, let me know.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.