Changing from WEP to WPA/PEAP/TKIP

dvanzee · ‎02-07-2006

We are currently running WEP on our wireless network and we want to change to WPA using PEAP. With WPA/Peap I've been reading that you need a radius server which we have already setup, but I've also been reading that you need a cert at the IAS server/AD 2003 and the client, is this true? Does anyone have any experience with this? Any thing I'm missing or should watch out for?

Sense this is going to be integrated with AD, how can we let visitors use our wireless network?

Any info would be great.

mchin345 · ‎02-13-2006

#authentication network-eap list-name

Set the authentication type for the SSID to use LEAP for authentication and key distribution. Cisco bridges only support LEAP, while other wireless clients may support other EAP methods such as EAP, PEAP, or TLS.

#authentication key-management {[wpa] [cckm]}

Set the authentication type for the SSID to WPA, CCKM, or both. If you use the optional keyword, non-root bridges not configured for WPA or CCKM can use this SSID. If you do not use the optional keyword, only WPA or CCKM bridges are allowed to use the SSID.

To enable CCKM for an SSID, you must also enable Network-EAP authentication. To enable WPA for an SSID, you must also enable Open authentication or Network-EAP or both.

Only 802.11b and 802.11g radios support WPA and CCKM simultaneously.

Before you can enable CCKM or WPA, you must set the encryption mode for the SSID's VLAN to one of the cipher suite options. To enable both CCKM and WPA, you must set the encryption mode to a cipher suite that includes TKIP