05-21-2012 03:45 AM - edited 07-03-2021 10:11 PM
HI Folks,
I am very new on Cisco Wireless, just i have purchased new cisco air-ap1142n-a-k9 wireless access point, trying to configure the wpa2 configuration for security reason, but unable to configure in any security mode. So currently my AP is working no security / encryption mode.
Could any one can help and suggest me I'll appreciate if i'll get any documents so security issue can be resolved.
Regards
Sanjeev
Solved! Go to Solution.
05-22-2012 03:09 AM
ok Great
----------------------------------------------------------------------------------------------------------------------
Don't forget to rate correct answer and flag the thread as answered
05-21-2012 06:31 AM
Hello Sajeev
Please check the following link:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
------------------------------------------------------------------------
Please make sure to rate correct answers
05-21-2012 06:40 AM
Hi Maldehne,
I appreciate for quick reply, as already i have downloded and followed and even configured at client side also, but still facing the Radius authentication issue and unable to login into the AP.
Regards
sanjeev
05-21-2012 06:49 AM
My friend
What kind of EAP are you looking for?
What is the supplicant utility?
What is the RADIUS server you are using?
05-21-2012 06:50 AM
Send me the output of show run
05-21-2012 06:52 AM
I am sorry sir,
Unable to login into device through consol port, only i can open this through web.
Regards
sanjeev
05-21-2012 07:00 AM
I am sorry just tried below is conf.
AP11401#sh run
Building configuration...
Current configuration : 2469 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP11401
!
enable secret 5 $1$bHE1$KZwM5zpeJYIWqjQP/lUo2/
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid MIWireless
authentication open
guest-mode
!
eap profile sanjeev
method leap
!
!
!
dot1x credentials Sanjeev
username sanjeev
password 7 104F0B1A0112140C
!
username sanjeev password 7 070E234F4A
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid MIWireless
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
ssid MIWireless
!
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.20.245 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.20.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
snmp-server community MIString RO
radius-server local
no authentication eapfast
no authentication mac
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp ap username br password 7 011204075F0E0008
wlccp ap eap profile sanjeev
!
line con 0
terminal-type ansi
line vty 0 4
terminal-type ansi
!
end
AP11401#
05-21-2012 07:03 AM
Hi Maldehne,
Above configuration is without WPA2.
Regards
Sanjeev
05-21-2012 07:05 AM
Oh Man
Here is a simple config for WPA PSK if you want , because what you have configured is not correct at all.
AP(config)#dot11 ssid test
#authentication open
# guest-mode
# authentication key-management wpa version 2
#wpa-pask ascii ...................
#exit
AP(config )# interface dot11radio 0
#encryption mode ciphers aes-ccm
#ssid test
# no shut
# exit
----------------------------------------------------------------------
Please make sure to rate correct answers
05-21-2012 07:11 AM
Hi Maldehne,
As suggested by you, should i change the above configurations and security will enable on the device and before login into the AP will this requiest for the password...?
Regards
Sanjeev
05-21-2012 07:22 AM
not sure what do you mean will request password?
Just add the above config and make sure that your AP has ip address defined for the BVI1 interface with the above config it should work.
I recommend you to go and read the config guide for Aironet APs.
05-21-2012 11:30 PM
Hi Maldehne,
I have tried but getting below error.
SanjeevAP(config-ssid)#authentication key-management wpa version 2
Dot11Radio1 Error: Encryption mode cipher is not configured
tried for this also....
AP(config )# interface dot11radio 0
#encryption mode ciphers aes-ccm
#ssid test
# no shut
# exit
05-21-2012 11:38 PM
Please issue the following command:
AP(config)# interface dot11radio 0
# no ssid test
#encryption mode ciphers aes-ccm
#exit
then
AP(config)#dot11 ssid test
#authentication open
# guest-mode
# authentication key-management wpa version 2
#wpa-pask ascii ...................
#exit
After that
AP(config)#interface dot11radio 0
# ssid test
# no shut
How it goes now ?
05-22-2012 01:32 AM
Hi
Tried below is sh run...
SanjeevAP#sh run
Building configuration...
Current configuration : 1849 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SanjeevAP
!
enable secret 5 $1$5Vb.$Cf3RtfkMiSb03QslUsqAT1
!
aaa new-model
!
!
aaa group server radius SanjeevAP
server 192.168.20.250 auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group SanjeevAP
!
aaa session-id common
ip name-server 4.2.2.2
ip name-server 8.8.8.8
!
!
dot11 syslog
!
dot11 ssid SanjeevAP
authentication open
guest-mode
!
!
!
username Cisco password 7 00271A150754
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid SanjeevAP
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
ssid SanjeevAP
!
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.20.250 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.20.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius-server local
nas 192.168.20.250 key 7 080F437E080A16001D1908
group testuser
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
SanjeevAP#
SanjeevAP#
05-22-2012 01:35 AM
Below is few
SanjeevAP(config)#interface Dot11Radio0
SanjeevAP(config-if)#no ss
SanjeevAP(config-if)#no ssid SanjeevAP
SanjeevAP(config-if)#enc
SanjeevAP(config-if)#encryption mod
SanjeevAP(config-if)#encryption mode ci
SanjeevAP(config-if)#encryption mode ciphers aes
SanjeevAP(config-if)#encryption mode ciphers aes-ccm
SanjeevAP(config-if)#exit
SanjeevAP(config)#dott
SanjeevAP(config)#dot11
SanjeevAP(config)#dot11 ss
SanjeevAP(config)#dot11 ssid SanjeevAP
SanjeevAP(config-ssid)#aut
SanjeevAP(config-ssid)#authentication op
SanjeevAP(config-ssid)#authentication open
SanjeevAP(config-ssid)#gu
SanjeevAP(config-ssid)#guest-mode
SanjeevAP(config-ssid)#aut
SanjeevAP(config-ssid)#authentication key
SanjeevAP(config-ssid)#authentication key-management wp
SanjeevAP(config-ssid)#authentication key-management wpa ve
SanjeevAP(config-ssid)#authentication key-management wpa version 2
Dot11Radio1 Error: Encryption mode cipher is not configured
SanjeevAP(config-ssid)#wp
SanjeevAP(config-ssid)#wpa-psk asc
SanjeevAP(config-ssid)#wpa-psk ascii .....
Error: Key-management WPA is requried for WPA-PSK
SanjeevAP(config-ssid)#exit
SanjeevAP(config)#int
SanjeevAP(config)#interface dt
SanjeevAP(config)#interface dot11rad
SanjeevAP(config)#interface dot11radio 0
SanjeevAP(config-if)#ss
SanjeevAP(config-if)#ssid SanjeevAP
SanjeevAP(config-if)#no shut
SanjeevAP(config-if)#^Z
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide