https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494317#M19792 <HTML><HEAD></HEAD><BODY><P>On a WLC orA IOS AP, you can block P2P, you just have to see if your device supports that.</P></BODY></HTML> Tue, 01 Jun 2010 12:01:12 GMT Scott Fella 2010-06-01T12:01:12Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494312#M19786 <P>Hello</P><P></P><P>I have some 871W. Is it possible to make wireless network open (no authentication, available for all) but with encryption ?</P><P>I've read somewhere i could do something like this using 802.1x, but could not find any cisco documentation for that.</P><P></P><P>I want to be sure that everybody can use wireless but the sniffing is not possible (or very difficult).</P><P></P><P>Is it possible ? If yes could you give me link to documentation ?</P><P></P><P>Best regards,</P> Sun, 04 Jul 2021 01:50:39 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494312#M19786 mlopacinski 2021-07-04T01:50:39Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494313#M19788 <HTML><HEAD></HEAD><BODY><P>You can setup encryption (WEP, WPA-PSK, WPA2-PSK) without using any type of authentication (802.1x).&nbsp; Your best bet if you don't want to have devices or users authenticatate and make it difficult to break is use WPA2-PSK.</P><P></P><P>Scott</P></BODY></HTML> Tue, 01 Jun 2010 10:55:54 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494313#M19788 Scott Fella 2010-06-01T10:55:54Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494314#M19789 <HTML><HEAD></HEAD><BODY><P>But for WPA2-PSK to work everybody needs to know shared key. And this is a problem. I do not want</P><P>to force people to know any passwords (it's public wifi).</P><P>How can i solve this problem ?</P><P></P><P>Thanx</P></BODY></HTML> Tue, 01 Jun 2010 11:17:43 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494314#M19789 mlopacinski 2010-06-01T11:17:43Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494315#M19790 <HTML><HEAD></HEAD><BODY><P>Public WiFi.... Well, nothing you can do there.&nbsp; Leave it open and create an ACL to block guest traffic from accessing your other subnets.</P></BODY></HTML> Tue, 01 Jun 2010 11:47:53 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494315#M19790 Scott Fella 2010-06-01T11:47:53Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494316#M19791 <HTML><HEAD></HEAD><BODY><P>That's very bad that i can not enable encryption for public wifi. This way any user can sniff any other user.</P><P>There should be a way to set a secure channel thru unsecured media (for example using Diffie-Hellman).</P><P></P><P>Why the cisco did not create such possibility ? </P><P></P><P></P><P>Thanx</P></BODY></HTML> Tue, 01 Jun 2010 11:55:24 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494316#M19791 mlopacinski 2010-06-01T11:55:24Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494317#M19792 <HTML><HEAD></HEAD><BODY><P>On a WLC orA IOS AP, you can block P2P, you just have to see if your device supports that.</P></BODY></HTML> Tue, 01 Jun 2010 12:01:12 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494317#M19792 Scott Fella 2010-06-01T12:01:12Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494318#M19793 <HTML><HEAD></HEAD><BODY><P>Hmmm, but i do not want to block any traffic.</P><P>I just wanted to provide guests some basic level of privacy thru encryption, so they could use for example internet banking.</P><P></P><P>Thanx</P></BODY></HTML> Tue, 01 Jun 2010 12:05:48 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494318#M19793 mlopacinski 2010-06-01T12:05:48Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494319#M19794 <HTML><HEAD></HEAD><BODY><P>The thing with free public wifi, is that the users has to protect themselves not you.&nbsp; Look at all the other hotspots... they use a username/password or just an accept to allow the users access to the wireless.&nbsp; There is usually a Terms and agreement that protects the hotspot from any liabilities.&nbsp; Most secure websites use SSL certificates to protect the users... so this is secure.</P><P></P><P>Scott</P></BODY></HTML> Tue, 01 Jun 2010 12:17:43 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494319#M19794 Scott Fella 2010-06-01T12:17:43Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494320#M19795 <HTML><HEAD></HEAD><BODY><P>I don't trust SSL certificates. Many of them are validated only by email. And most browsers have very suspicious CA's in they keyring.</P><P>What about cisco layered model of protection ? Shouldn't be it implemented in all layers - no just one ? (which is weak in this case?).</P><P></P><P>Even professionals are often tricked - we can not leave users on their own. That's why i think cisco should try to provide at least minimum level of security....</P><P></P><P>I still do not understeand why it's not possible <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/sad.gif"></SPAN> and why cisco can't do that...</P><P></P><P>Thanx</P></BODY></HTML> Tue, 01 Jun 2010 12:40:20 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494320#M19795 mlopacinski 2010-06-01T12:40:20Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494321#M19796 <HTML><HEAD></HEAD><BODY><P>Understood... but that is why the minimum protection is up to you to decide.&nbsp; Again... with guest wireless, you can't force any type of encryption or else you will be supporting the users.&nbsp; No matter what vendor you use, the outcome will be the same.&nbsp; Encryption and Authentication is there for one to use if configured.&nbsp; If you had a wired guest, how would you protect him or her? </P><P></P><P>Scott</P></BODY></HTML> Tue, 01 Jun 2010 12:45:55 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494321#M19796 Scott Fella 2010-06-01T12:45:55Z https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494322#M19797 <HTML><HEAD></HEAD><BODY><P>You are right, the same problem is with wired connections. But i feel uncomfortable giving them some security for usability (they have to remember shared key) while technically it's not necesary.</P><P></P><P>Anyway thanx!</P></BODY></HTML> Tue, 01 Jun 2010 12:52:15 GMT https://community.cisco.com/t5/wireless/wireless-with-no-authentication-but-encryption/m-p/1494322#M19797 mlopacinski 2010-06-01T12:52:15Z