WPA2 Aes encryption on cisco 1121G AP

rogierboeken · ‎01-17-2007

hi

i wanted to increase the security on my 1121G accesspoint by enabling wpa2 with aes encryption. in a test environment i set this up and i configured my wireless client to connect, my wireless client (ibm thinkpad t42p with 11a/b/g Wireless LAN Mini PCI Adapter II has the ability to either select WPA or WPA2 and whether you use TKIP or AES. i selected WPA2 and AES enter the encryption key which i had entered on the AP and i connected,

i change the settings on the client to WPA and TKIP and entered the same encryption key and i managed to connect as well, which puzzles me, when i enter an incorrect encryption key it won't associate.

is this normal behaviour or do you think i have configured something incorrectly on the 1121G AP?

i have attached my config and have removed some personal data.

many thanks

rogier

Richard Atkin · ‎02-07-2007

You may have inadvertatnly activated "WPA Compatability Mode". This is a feature that autonegotiates the encryption mechanism, whether that be AES or TKIP.

Turn off compatability mode and try again...

rogierboeken · ‎02-27-2007

i have finally figured it out, it is the windows client or mac clients being very smart, if you configure your windows client to use WPA instead of WPA2 and select TKIP instead of AES encryption somehow it figures out this is incorrect and automatically sets the WPA to WPA2 settings and changes TKIP to AES encryption, i am amazed, i finally figured it out when a windows machine which did not have the windows patch to allow it to connect to WPA2 could not connect, only after installing the WPA2 patch would it connect. in the AP log it always showed as logging in with the WPA2 EAS encryption.

i guess windows xp is a bit smarter than i originally thought