Solved: Re: Basic Encryption For Aironet 1100

shoesbologna · ‎04-03-2005

Have a 1100 AP, and am using the gui to configure it.

I know that I want to use mac authentication, but I also want to use some type of encryption. I’ve been messing with it for the last 3 days now, and can’t seem to find a solution as to what I can do.

Can someone please post a config that would give me basic 128 encryption, which could be used by most of my clients? I’d also like this config to require the use of it.

kecampbe · ‎04-04-2005

These instructions assume that you are starting from factory defaults.

STEP 1: Select madatory WEP encryption and set a 128-bit key in encryption key 1. Your clients will need to match this information. They will need a 128-bit key in the same slot.

Security >> Encryption Manager

- Encryption Modes section

-- Choose "WEP Encryption" and select "Mandatory"

- Encryption Keys section

-- Set Transmit Key to Encryption Key 1

-- Encryption Key 1: 12345678901234567890123456

-- Encryption Key 1 Key Size: 128 bit

- Click Apply

STEP 2: Setup a SSID.

Security >> SSID Manager

- Current SSID List (delete the default SSID, and create your own)

- Current SSID List:

- SSID: my-ssid

- Authentication Settings:

-- Select "Open Authentication"

--- NOTE: You can come back later and enable MAC authentication. Keep it simple the first time through and don't use MAC authentication.

--- NOTE: All other settings on this page should be at factory defaults.

- Click Apply

The following is the CLI equivalent of the instructions:

==========

interface Dot11Radio0

encryption key 1 size 128bit 12345678901234567890123456 transmit-key

encryption mode wep mandatory

!

ssid my-ssid

authentication open

!

==========

The following is the full config of my Dot11Radio0 interface from my show run:

==========

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 1823F25A0AB8494E9154647CF72C transmit-key

encryption mode wep mandatory

!

ssid my-ssid

authentication open

!

short-slot-time

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

==========

I hope this helps.

Kent.

View solution in original post

kecampbe · ‎04-04-2005

These instructions assume that you are starting from factory defaults.

STEP 1: Select madatory WEP encryption and set a 128-bit key in encryption key 1. Your clients will need to match this information. They will need a 128-bit key in the same slot.

Security >> Encryption Manager

- Encryption Modes section

-- Choose "WEP Encryption" and select "Mandatory"

- Encryption Keys section

-- Set Transmit Key to Encryption Key 1

-- Encryption Key 1: 12345678901234567890123456

-- Encryption Key 1 Key Size: 128 bit

- Click Apply

STEP 2: Setup a SSID.

Security >> SSID Manager

- Current SSID List (delete the default SSID, and create your own)

- Current SSID List:

- SSID: my-ssid

- Authentication Settings:

-- Select "Open Authentication"

--- NOTE: You can come back later and enable MAC authentication. Keep it simple the first time through and don't use MAC authentication.

--- NOTE: All other settings on this page should be at factory defaults.

- Click Apply

The following is the CLI equivalent of the instructions:

==========

interface Dot11Radio0

encryption key 1 size 128bit 12345678901234567890123456 transmit-key

encryption mode wep mandatory

!

ssid my-ssid

authentication open

!

==========

The following is the full config of my Dot11Radio0 interface from my show run:

==========

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 1823F25A0AB8494E9154647CF72C transmit-key

encryption mode wep mandatory

!

ssid my-ssid

authentication open

!

short-slot-time

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

==========

I hope this helps.

Kent.

shoesbologna · ‎04-04-2005

Kent,

Thanks for the help, that's exactly what I needed.

I was also wondering about WPA. I've been reading a lot about it, and was able to get it to work on some of the computers. But on some it didn't work.

Here's what I did.

Security >> Encryption Manager

- Encryption Modes section

- Selected TKIP+WEP128

Security >> SSID Manager

- Selected my SSID

- went about half way down the page and selected mandatory.

- checked wpa

- entered a ascii password.

Then I went to my clients and tried to connect (after I entered their mac into the local mac table) using the ascii password that I created. Entered it twice ~ and some of them would work and some of them wouldn't. I know that there are some requirements for running WPA, and I'm also pretty sure that I can configure to use wpa and if that doesn't work, to just use the static wep that I've configured. Is this correct? and if so, can you point me in the right direction for exactly how to do this?

Thanks in advance for all of the help.

shoesbologna · ‎05-06-2005

Anybody Help?