AP configured to take clients encrypted to WEP & WPA-PSK

RaymondLi · ‎09-06-2004

We have a Cisco 1100 Access Point 802.11g and configured to 128-bit WEP. We would like to upgrade to WPA-PSK. However, not all WLAN cards of clients are supporting WPA-PSK. Can someone advise me how to configure the AP to take both WEP & APA-PSK clients.

Thanks,

Ray

umedryk · ‎09-14-2004

I think you cannot configure the AP to take both WEP and APA PSK

RaymondLi · ‎10-01-2004

I have learnt that WAP is backforward compatible to WEP. I think it is same as 802.11 b and g and they can work together. Can someone tell me what is real meaning of backward compatible to WEP.

Thanks,

Ray

dixho · ‎10-04-2004

I try the following configuration. I can get both static WEP and WPA-PSK working:

ap#sh run

Building configuration...

Current configuration : 2013 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

logging queue-limit 100

enable secret xxxx

!

username Cisco password xxx

ip subnet-zero

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 2 size 40bit 7 4B4859701297 transmit-key

encryption mode ciphers tkip wep40

!

ssid dixho

authentication open

authentication key-management wpa optional

wpa-psk ascii 7 00001A1E0C545A545C

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

rts threshold 2312

power local cck 1

power local ofdm 1

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption key 2 size 40bit 7 4B4859701297 transmit-key

encryption mode ciphers tkip wep40

!

ssid dixho

authentication open

authentication key-management wpa optional

wpa-psk ascii 7 050F0F1729431F5B4A

!

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

rts threshold 2312

power local 5

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 11.3.0.1 255.0.0.0

no ip route-cache

!

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

/122-15.JA/1100

ip radius source-interface BVI1

bridge 1 route ip

!

line con 0

line vty 0 4

login local

line vty 5 15

login

!

end

Basically, I configure encryption as ciphers as TKIP+WEP40 in "Encryption Manager." I also configure a static WEP key as key #2. Then, I configure open authentication and WPA is optional in "SSID Manager."

I use a CB21AG card to associate to the AP. I configure static WEP in the first try. It works. Then, I configure WPA-PSK on the second try.

scottmac · ‎10-02-2004

ANother option you have would be to have an open / unexcrypted SSID/VLAN that goes to a VPN endpoint.

The client can associate and connect without WEP or WPA, but would need a VPN endpoint to gain access to the inside LAN.

Goood Luck

Scott