Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1936
Views
0
Helpful
3
Replies

Disable CCMP (AES) on WAP321

Jon Hrabowyj
Level 1
Level 1

‎05-24-2013 05:20 PM

Why can't I turn off CCMP (AES) on the WAP321?

I purchased this as a replacement for an older NetGear access point but now I cannot use it as I can't disable CCMP.

I have some point of sale terminals which ONLY work with WPA and TKIP. 

Although I can de-select WPA2, I cannot do anything with the CCMP - this parameter is ALWAYS checked and is greyed out (see attached picture).

I had this same issue on the other AP and the PoS terminals would not work with TKIP+AES - I had to use TKIP only.

I have tried this with both 1.0.2.3 and 1.0.3.4 version of code and both are the same.

UPDATE:

Another thing I noticed is that when you are saving the config, the CCMP(AES) option does get "un-greyed" and can be de-selected.  For example, just before saving there is a warning prompt - when you cancel this the CCMP(AES) can then be de-selected and then the config saved. However the change does not stick - as soon as you display it the CCMP(AES) is still set.  See the attached video.

Labels:
Preview file
42 KB
Preview file
2455 KB
0 Helpful
3 Replies 3

lariasqu
Level 1
Level 1

‎05-27-2013 02:05 PM

Hi Jon, thank you for using our forum, my name is Luis I am part of the Small business Support community. I apologize for your inconvenience, just to make sure you are running the last firmware the current version is 1.0.3.4 and you can download in the link bellow,

http://software.cisco.com/download/release.html?mdfid=284152656&softwareid=282463166&release=1.0.3.4

Before install the new firmware, please create a backup from your device, install the new firmware and perform a factory reset, then upload your configuration and try to modify the authentication again.

I hope you find this answer useful,

Greeting,

Luis Arias.

Cisco Network Support Engineer.

0 Helpful

Jon Hrabowyj
Level 1
Level 1
In response to lariasqu

‎05-27-2013 02:18 PM

Yes - I have tried every version avaiable on the Cisco website and am currently on 1.0.3.4

I have just concluded a chat session with a Cisco engineer who opened up a support case (626105571).

When testing, it looks like the CCMP(AES) setting is selectable when set to B/G mode and is automatically hardcoded ON when set to N mode (see below). 

THIS HAS A SIGNIFICANT IMPACT ON BACKWARDS COMPATIBILITY as not all devices work correctly with a TKIP+AES setting (including my point of sale terminals). 

Looking at AP's from Netgear and EnGenius, both are fully customizable and selectable - I hope Cisco can correct this (but I'm not holding my breath).

0 Helpful

Jon Hrabowyj
Level 1
Level 1
In response to Jon Hrabowyj

‎05-28-2013 12:43 PM

UPDATE

When in wireless G mode (where TKIP and CCMP are independently selectable) I have confirmed that my point-of-sale terminal WILL CONNECT when set to TKIP and will NOT connect when set to TKIP+CCMP.  So there is something funky about the TKIP+CCMP mode which affects some legacy devices.

I'm now confident that IF the CCMP was selectable when in wireless N mode, my PoS terminal would work just fine.

0 Helpful
Customers Also Viewed These Support Documents