08-21-2012 07:13 AM - edited 07-03-2021 10:33 PM
Cisco 1240AG converting to WEP to WPA
Access Point Model: Cisco 1240AG
System Software Filename: c1240-k9w7-tar.123-7.JA5
System Software Version: 12.3(7)JA5
Bootloader Version: 12.3(7)JA1
Access Point Model: Cisco 1131AG
Software: Cisco Aironet Desktop Utility 2.1.02
After converting encryption from WEP to WPA in a Cisco 1240AG in personal mode with an SSID name of example1 and Cisco 1131AG access point in personal mode with an ssid of example2; both with the same wpa passphrase, I created a new profile on the Cisco Aironet Desktop Utility with a new profile name as well as a WPA passphrase, but the desktop utility will only connect to the access point if one network name, example1 or example2, is entered. If two network names are included in the utility:
ssid1: example1
ssid2: example2
It will not connect to either of the access points. Do you have any suggestions as to what I am doing wrong?
08-21-2012 07:21 AM
Sounds like a supplicant issue. Have you trired other devices? Is that the only thing you changed?
08-21-2012 07:24 AM
Each access point is a local radius server with the same passphrase secret, so in theory the adapter should have connected to one of the access points, correct?
08-21-2012 07:28 AM
Im confused, you said you were using personal mode which is PSK. Are you using radius 802.1X?
But stil, if you have 2 WLANs with different names with the same security it should work. But you have me wondering about your comment with "radius" ..
08-21-2012 07:49 AM
After re-checking the Cisco 1240AG and 1131AG configuration files, I had both configured in enterprise mode with each access point as a local radius server. I will now reconfigure both in personal mode.
08-21-2012 07:50 AM
Oh, yea that would be a small problem. Let me know if you have issue with the PSK config.
08-21-2012 07:54 AM
I am having difficulty getting the Cisco client adapter to connect to the access point in personal mode. Any suggestions?
08-21-2012 08:02 AM
Try this link ..
Its for WPA but if you use and you have the latest code you can also do WAP2/AES
08-21-2012 08:48 AM
Thank you for helping me with this issue. I may have solved the problem with your guidance, but I will perform a few more tests before this discussion is closed.
08-21-2012 08:50 AM
Excellent .. Stop back if you have any problems. Also, if you find any of this helpful please support the rating system!
Thanks
08-21-2012 09:50 AM
I was able to re configure the 1240AG and 1131AG access point in personal mode with WPA, but the client configuration utility refuses to work if I add another name in SSID 2. Any other suggestions?
08-21-2012 09:55 AM
Can you post the config that you are using on your APs?
08-21-2012 09:59 AM
Cisco 1240 AG configuration
! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ITCenter ! ! ip subnet-zero ! ! aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server tacacs+ tac_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login default local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all ! aaa session-id common ! dot11 ssid example1 authentication open authentication key-management wpa wpa-psk ascii 7 15435F5B5D787F7C7167342444054F0005500D0152525E5A4C175A ! power inline negotiation prestandard source ! ! username **** privilege 15 password 7 0247105858081B725E ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! ssid example1 ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown ! encryption mode ciphers tkip speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.168.22 255.255.255.0 no ip route-cache ! ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! radius-server attribute 32 include-in-access-req format %h radius-server vsa send accounting ! control-plane ! bridge 1 route ip ! ! ! line con 0 transport preferred all transport output all line vty 0 4 transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all ! end
08-21-2012 10:02 AM
Cisco 1131AG configuration
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LCMCF4
!
enable secret 5 $1$eFUP$DGH2XedaWBBrI.LPQ1bdi0
!
aaa new-model
!
!
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid EXAMPLE1
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 075E751B175B4D5D4E460A0A532872272C35617B1201465A55575A
!
dot11 ssid VISITOR
vlan 2
authentication open
guest-mode
mbssid guest-mode
!
!
!
username **** password 7 072C285F4D06
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
ssid EXAMPLE1
!
ssid VISITOR
!
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption vlan 1 mode ciphers tkip
!
ssid VISITOR
!
dfs band 3 block
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 192.168.170.8 255.255.0.0
no ip route-cache
!
ip default-gateway 192.168.168.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
08-21-2012 10:19 AM
Lets look at your first config 1240 .. You are only config 1 SSID. You dont have the second "EXAMPLE 2" configured. Do you see that ?
interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! ssid example1 ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: