https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356077#M140201 <HTML><HEAD></HEAD><BODY><P>You have to understand the standards... WPAv1 uses TKIP and WPAv2 uses AES. So clients configured for WPA/TKIP will not connect to an ssid with WPA2/TKIP. Apple devices are notorious for not working with both enabled and it would be something you would need to test.<BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Wed, 06 Nov 2013 03:15:19 GMT Scott Fella 2013-11-06T03:15:19Z https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356074#M140198 <P>Have received a request from a customer to run both TKIP and AES encryption on the same SSID</P><P></P><P>From reading I believe this is not possible but can anyone confirm this please</P><P></P><P>Currently the config looks thus </P><P></P><P>dot11 ssid HELP</P><P>vlan 20</P><P>authentication open eap eap_methods</P><P>authentication network-eap eap_mtheods</P><P>authentication key-management wpa</P><P>authentication key-management wpa version 2&nbsp; &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;</P><P></P><P>&lt;&lt;&lt;&lt;&lt; Trying to add wpa version 2 overwrites uithentication key-management wpa so presume this confirms it can't be done &gt;&gt;&gt;&gt;&gt; </P><P></P><P>Interface Dot11Radio0</P><P>encryption mode ciphers tkip</P><P>encrytption vlan 20 mode ciphers aes-ccm tkip </P><P></P><P>Many Thanks</P> Sun, 04 Jul 2021 08:13:12 GMT https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356074#M140198 NIGEL PAYNE 2021-07-04T08:13:12Z https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356075#M140199 <HTML><HEAD></HEAD><BODY><P>Hello<BR /><BR />Cisco wireless products have the option to offer to the wireless clients both encryption methods, TKIP and AES and even WEP on the same SSID. This can be configured on the GUI and CLI but what you have to be aware and be careful is that this is not the standard. Even though Cisco can offer this, some clients won't understand that, they will get confused and disconnect or just not be able ro connect at all.<BR /><BR />We are talking about encryption here not authentication so to answer your question: yes, you can configure several encryption methods on the same vlan but it is not a best practice and regarding authentication, it is not possible to configure different authentication methods on the same SSID.<BR /><BR />Regards,<BR /><BR />Sent from Cisco Technical Support Android App</P></BODY></HTML> Wed, 06 Nov 2013 02:59:48 GMT https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356075#M140199 Marco Gonzalez 2013-11-06T02:59:48Z https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356076#M140200 <HTML><HEAD></HEAD><BODY><P> Hi Marco, thanks very much for your reply.</P><P></P><P>Apologies, yes, I meant encryption. </P><P></P><P>So, as it stands, VLAN20 is offeirng both TKIP &amp; AES </P><P></P><P>Will this mean existing TKIP clients will not notice any change and those with AES enabled on their wireless devices now be able to access this SSID without any issue</P></BODY></HTML> Wed, 06 Nov 2013 03:09:24 GMT https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356076#M140200 NIGEL PAYNE 2013-11-06T03:09:24Z https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356077#M140201 <HTML><HEAD></HEAD><BODY><P>You have to understand the standards... WPAv1 uses TKIP and WPAv2 uses AES. So clients configured for WPA/TKIP will not connect to an ssid with WPA2/TKIP. Apple devices are notorious for not working with both enabled and it would be something you would need to test.<BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Wed, 06 Nov 2013 03:15:19 GMT https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356077#M140201 Scott Fella 2013-11-06T03:15:19Z https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356078#M140202 <HTML><HEAD></HEAD><BODY><P>Hi Scott, yes, the customer has asked for both as they have a mix of old and new users and this is to cover the interim period while they migrate all users onto AES</P><P></P><P>Since adding aes-ccm to the command line ......&nbsp; encryption vlan 20 mode ciphers tkip ...... legacy users are still able to connect but those new users using AES still cannot connect</P><P></P><P>Is there any need for additional configuration or should the clients using AES simply be able to acees the SSID </P><P></P><P>I am not sure exactly what devices these are ...&nbsp; laptops, tablets or mobile phones ?</P></BODY></HTML> Wed, 06 Nov 2013 03:25:22 GMT https://community.cisco.com/t5/wireless/one-ssid-with-muptiple-authentication-methods/m-p/2356078#M140202 NIGEL PAYNE 2013-11-06T03:25:22Z