topic Re: Wireless Encryption with TKIP in Wireless

Wireless Encryption with TKIP

misramanish — Sun, 04 Jul 2021 17:31:20 GMT

I have successfully tested wireless authentication on my 1220B Aironet AP using Cisco LEAP with CiscoSecure ACS. I believe it uses dynamic WEP. Given the resources I have, ACS server, AP's, is there a way to use TKIP and/or what additional hardware/software would I need to do so. Does TKIP also require certificates? Any pointers or Cisco documentation will be helpful.

Thanks

Re: Wireless Encryption with TKIP

BERNHARD FIEGLMUELLER — Wed, 02 Mar 2005 10:13:53 GMT

You just need to configure tkip and your client must support it. you can user WPA with LEAP there you dont need CA.

Config guide:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml

regards Bernhard

Re: Wireless Encryption with TKIP

dtasidis — Wed, 02 Mar 2005 10:34:39 GMT

TKIP is building enhancements on WEP in order to make it more secure.

The hardware you already have should be sufficient, assuming that you are using Cisco client adapters which are the ones that support TKIP.

TKIP by itself does not require the use of certificates, it will all depend on the authentication method you're using.

Here's the link containing all the info that you will need :

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i1232ja/i1232sc/s32wep.htm

Re: Wireless Encryption with TKIP

misramanish — Thu, 03 Mar 2005 20:37:02 GMT

Both previous posts were very informative. Also, is TKIP pretty much an option with Cisco Aironet Clients only or I can use it with other clients. Most of my other clients (broadcom wireless etc.) give an option of CKIP instead of TKIP. Is it the same protocol?

Re: Wireless Encryption with TKIP

BERNHARD FIEGLMUELLER — Fri, 04 Mar 2005 08:36:59 GMT

TKIP is the standard you can use it with any cards also cisco, CKIP is the cisco properitery standard of tkip you can use it with cisco card or ccx compatible cards.

so normally TKIP is recommanded.

hope the answered your q.

bernhard

Re: Wireless Encryption with TKIP

misramanish — Mon, 07 Mar 2005 14:56:33 GMT

Great. I had success using WPA/TKIP and LEAP authentication. This forum is very helpful and very much appreciated.

On a related note, I'm putting a second AP in the environment to cover the whole building and have given it a different SSID. As I understand it, I still need to connect the ethernet interface on this second AP to my network using a copper connection, right? Otherwise this new AP will not see the ACS server on the physical network. This second AP may see the first AP but that does not allow it's clients to authenticate, correct?

Besides, it is a good idea to give both AP's different SSID?

Re: Wireless Encryption with TKIP

dtasidis — Mon, 07 Mar 2005 16:54:35 GMT

Glad to hear that the comments were helpful.

Please find the answers to your new questions below :

Q)As I understand it, I still need to connect the ethernet interface on this second AP to my network using a copper connection, right? Otherwise this new AP will not see the ACS server on the physical network.

A) This is correct, you need to make sure that there is first physical, and then IP connectivity between your AP (and the clients associating to it) with the ACS so you can get your authentication working.

Q) This second AP may see the first AP but that does not allow it's clients to authenticate, correct?

That is also correct. By having 2 APs with different SSIDs configured on each, then your clients from one AP(as long as you do not have "guest mode" enabled on the SSID) will not be able to associate with the other.