cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1719
Views
0
Helpful
18
Replies

Cisco 1240 ag converting from WEP to WPA

jeaston101
Level 1
Level 1

Cisco 1240AG converting to WEP to WPA

Access Point Model: Cisco 1240AG

System Software Filename: c1240-k9w7-tar.123-7.JA5

System Software Version: 12.3(7)JA5

Bootloader Version: 12.3(7)JA1

Access Point Model: Cisco 1131AG

Software: Cisco Aironet Desktop Utility 2.1.02

After converting encryption from WEP to WPA in a Cisco 1240AG in personal mode with an SSID name of example1 and Cisco 1131AG access point in personal mode with an ssid of example2; both with the same wpa passphrase, I created a new profile on the Cisco Aironet Desktop Utility with a new profile name as well as a WPA passphrase, but the desktop utility will only connect to the access point if one network name, example1 or example2, is entered. If two network names are included in the utility:

ssid1: example1

ssid2: example2

It will not connect to either of the access points. Do you have any suggestions as to what I am doing wrong?

18 Replies 18

George Stefanick
VIP Alumni
VIP Alumni

Sounds like a supplicant issue. Have you trired other devices? Is that the only thing you changed?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Each access point is a local radius server with the same passphrase secret, so in theory the adapter should have connected to one of the access points, correct?

Im confused, you said you were using personal mode which is PSK. Are you using radius 802.1X?

But stil, if you have 2 WLANs with different names with the same security it should work. But you have me wondering about your comment with "radius" ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

After re-checking the Cisco 1240AG and 1131AG configuration files, I had both configured in enterprise mode with each access point as a local radius server. I will now reconfigure both in personal mode.

Oh, yea that would be a small problem. Let me know if you have issue with the PSK config.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I am having difficulty getting the Cisco client adapter to connect to the access point in personal mode.  Any suggestions?

Try this link ..

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml

Its for WPA but if you use and you have the latest code you can also do WAP2/AES

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Thank you for helping me with this issue.  I may have solved the problem with your guidance, but I will perform a few more tests before this discussion is closed.

Excellent .. Stop back if you have any problems. Also, if you find any of this helpful please support the rating system!

Thanks

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I was able to re configure the 1240AG and 1131AG access point in personal mode with WPA, but the client configuration utility refuses to work if I add another name in SSID 2. Any other suggestions? 

Can you post the config that you are using on your APs?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Cisco 1240 AG configuration

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ITCenter
!
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
 cache expiry 1
 cache authorization profile admin_cache
 cache authentication profile admin_cache
!
aaa group server tacacs+ tac_admin
 cache expiry 1
 cache authorization profile admin_cache
 cache authentication profile admin_cache
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
aaa cache profile admin_cache
 all
!
aaa session-id common
!
dot11 ssid example1
   authentication open 
   authentication key-management wpa
   wpa-psk ascii 7 15435F5B5D787F7C7167342444054F0005500D0152525E5A4C175A
!
power inline negotiation prestandard source
!
!
username **** privilege 15 password 7 0247105858081B725E
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 ssid example1
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 !
 encryption mode ciphers tkip 
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.168.22 255.255.255.0
 no ip route-cache
!
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
 transport preferred all
 transport output all
line vty 0 4
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 transport preferred all
 transport input all
 transport output all
!
end

Cisco 1131AG configuration

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname LCMCF4

!

enable secret 5 $1$eFUP$DGH2XedaWBBrI.LPQ1bdi0

!

aaa new-model

!

!

!

aaa session-id common

!

!

dot11 syslog

!

dot11 ssid EXAMPLE1

   vlan 1

   authentication open

   authentication key-management wpa

   wpa-psk ascii 7 075E751B175B4D5D4E460A0A532872272C35617B1201465A55575A

!

dot11 ssid VISITOR

   vlan 2

   authentication open

   guest-mode

   mbssid guest-mode

!

!

!

username **** password 7 072C285F4D06

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers tkip

!

ssid EXAMPLE1

!

ssid VISITOR

!

mbssid

speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

encryption vlan 1 mode ciphers tkip

!

ssid VISITOR

!

dfs band 3 block

channel dfs

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!

interface BVI1

ip address 192.168.170.8 255.255.0.0

no ip route-cache

!

ip default-gateway 192.168.168.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

end

Lets look at your first config 1240 .. You are only config 1 SSID. You dont have the second "EXAMPLE 2" configured. Do you see that ?

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 ssid example1
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: