EAP and WPA on an Autonmous Cisco AP

SunStreaker
SunStreaker used Ask the Experts™
on
I want to deploy a WPA enterprise EAP SSID on an autonomous access point. I cannot get the username field to display. What Cipher setting do I need under encyption manager?

All I get prompted for is for a password.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Network Consultant
Commented:
So here is a snippet of an autonomous AP with WPA enterprise:

aaa group server radius rad_eap
 server 10.10.1.4 auth-port 1812 acct-port 1813

aaa authentication login eap_methods group rad_eap

dot11 ssid mywpassid
   vlan 2
   authentication open eap eap_methods
   authentication key-management wpa optional


Then under the radio interface:

interface Dot11Radio0
.
.
encryption vlan 2 mode ciphers tkip wep128


Remember enterprise spa uses a radius server backend with a certificate on the client and the server.

If you are using wpa2 the cipher would be aes with ccmp instead of tkip.

I think the wep128 in the cipher listed was only needed on some earlier iOS versions that was on that particular AP.. I don't think you need to specify that anymore.  So it would be tkip/mic.

Here is a cisco doc that might help you:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008095382f.shtml
Top Expert 2014
Commented:
I would change the following line...

authentication key-management wpa optional

...to...

authentication key-management wpa



I would also change the following line...

encryption vlan 2 mode ciphers tkip wep128

...to...

encryption vlan 2 mode ciphers tkip aes




This will FORCE clients to use WPA and also enable WPA2
Ken BooneNetwork Consultant

Commented:
Thanks craig..that is what I was missing.. I only had a minute to grab some data for him.
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Top Expert 2014

Commented:
No probs :-)

Author

Commented:
Thanks Gentleman, I will give that a try today.

Author

Commented:
Thanks guys, That worked like a charm.  I appreciate the help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial