cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20685
Views
15
Helpful
19
Replies

cisco air-ap1142n-a-k9 wireless access point wpa2 configuration issue

sanjeevmahadani
Level 1
Level 1

HI Folks,

I am very new on Cisco Wireless, just i have purchased new cisco air-ap1142n-a-k9 wireless access point, trying to configure the wpa2 configuration for security reason, but unable to configure in any security mode. So currently my AP is working no security / encryption mode.

Could any one can help and suggest me I'll appreciate if i'll get any documents so security issue can be resolved.

Regards

Sanjeev

1 Accepted Solution

Accepted Solutions

ok Great

----------------------------------------------------------------------------------------------------------------------

Don't forget to rate correct answer and flag the thread as answered

View solution in original post

19 Replies 19

maldehne
Cisco Employee
Cisco Employee

Hello Sajeev

Please check the following link:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml

------------------------------------------------------------------------

Please make sure to rate correct answers

Hi Maldehne,

I appreciate for quick reply, as already i have downloded and followed and even configured at client side also, but still facing the Radius authentication issue and unable to login into the AP.

Regards

sanjeev

My friend

What kind of EAP are you looking for?

What is the supplicant utility?

What is the RADIUS server you are using?

Send me the output of show run

I am sorry sir,

Unable to login into device through consol port, only i can open this through web.

Regards

sanjeev

I am sorry just tried below is conf.

AP11401#sh run

Building configuration...

Current configuration : 2469 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP11401

!

enable secret 5 $1$bHE1$KZwM5zpeJYIWqjQP/lUo2/

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

aaa session-id common

!

!

dot11 syslog

!

dot11 ssid MIWireless

   authentication open

   guest-mode

!

eap profile sanjeev

method leap

!

!

!

dot1x credentials Sanjeev

username sanjeev

password 7 104F0B1A0112140C

!

username sanjeev password 7 070E234F4A

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid MIWireless

!

antenna gain 0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

ssid MIWireless

!

antenna gain 0

no dfs band block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.20.245 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.20.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

snmp-server community MIString RO

radius-server local

  no authentication eapfast

  no authentication mac

!

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

bridge 1 route ip

!

!

wlccp ap username br password 7 011204075F0E0008

wlccp ap eap profile sanjeev

!

line con 0

terminal-type ansi

line vty 0 4

terminal-type ansi

!

end

AP11401#

Hi Maldehne,

Above configuration is without WPA2.

Regards

Sanjeev

Oh Man

Here is a simple config for WPA PSK if you want , because what you have configured is not correct at all.

AP(config)#dot11 ssid test

               #authentication open

               # guest-mode

               # authentication key-management wpa version 2

               #wpa-pask ascii ...................

               #exit

AP(config )# interface dot11radio 0

               #encryption mode ciphers aes-ccm

               #ssid test

               # no shut

               # exit

----------------------------------------------------------------------

Please make sure to rate correct answers

Hi Maldehne,

As suggested by you, should i change the above configurations and security will enable on the device and before login into the AP will this requiest for the password...?

Regards

Sanjeev

not sure what do you mean will request password?

Just add the above config and make sure that your AP has ip address defined for the BVI1 interface with the above config it should work.

I recommend you to go and read the config guide for Aironet APs.

Hi Maldehne,

I have tried but getting below error.

SanjeevAP(config-ssid)#authentication key-management wpa version 2

Dot11Radio1 Error: Encryption mode cipher is not configured

tried for this also....

AP(config )# interface dot11radio 0

               #encryption mode ciphers aes-ccm

                #ssid test

                # no shut

                # exit

Please issue the following command:

AP(config)# interface dot11radio 0

               # no ssid test

               #encryption mode ciphers aes-ccm

               #exit

then

AP(config)#dot11 ssid test

               #authentication open

               # guest-mode

               # authentication key-management wpa version 2

               #wpa-pask ascii ...................

               #exit

After that

AP(config)#interface dot11radio 0

               # ssid test

               # no shut

How it goes now ?

Hi

Tried below is sh run...

SanjeevAP#sh run

Building configuration...

Current configuration : 1849 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname SanjeevAP

!

enable secret 5 $1$5Vb.$Cf3RtfkMiSb03QslUsqAT1

!

aaa new-model

!

!

aaa group server radius SanjeevAP

server 192.168.20.250 auth-port 1645 acct-port 1646

!

aaa authentication login eap_methods group SanjeevAP

!

aaa session-id common

ip name-server 4.2.2.2

ip name-server 8.8.8.8

!

!

dot11 syslog

!

dot11 ssid SanjeevAP

   authentication open

   guest-mode

!

!

!

username Cisco password 7 00271A150754

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid SanjeevAP

!

antenna gain 0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

ssid SanjeevAP

!

antenna gain 0

no dfs band block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.20.250 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.20.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

radius-server local

  nas 192.168.20.250 key 7 080F437E080A16001D1908

  group testuser

  !

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

end

SanjeevAP#

SanjeevAP#

Below is few

SanjeevAP(config)#interface Dot11Radio0

SanjeevAP(config-if)#no ss

SanjeevAP(config-if)#no ssid SanjeevAP

SanjeevAP(config-if)#enc

SanjeevAP(config-if)#encryption mod

SanjeevAP(config-if)#encryption mode ci

SanjeevAP(config-if)#encryption mode ciphers aes

SanjeevAP(config-if)#encryption mode ciphers aes-ccm

SanjeevAP(config-if)#exit

SanjeevAP(config)#dott

SanjeevAP(config)#dot11

SanjeevAP(config)#dot11 ss

SanjeevAP(config)#dot11 ssid SanjeevAP

SanjeevAP(config-ssid)#aut

SanjeevAP(config-ssid)#authentication op

SanjeevAP(config-ssid)#authentication open

SanjeevAP(config-ssid)#gu

SanjeevAP(config-ssid)#guest-mode

SanjeevAP(config-ssid)#aut

SanjeevAP(config-ssid)#authentication key

SanjeevAP(config-ssid)#authentication key-management wp

SanjeevAP(config-ssid)#authentication key-management wpa ve

SanjeevAP(config-ssid)#authentication key-management wpa version 2

Dot11Radio1 Error: Encryption mode cipher is not configured

SanjeevAP(config-ssid)#wp

SanjeevAP(config-ssid)#wpa-psk asc

SanjeevAP(config-ssid)#wpa-psk ascii .....

Error: Key-management WPA is requried for WPA-PSK

SanjeevAP(config-ssid)#exit

SanjeevAP(config)#int

SanjeevAP(config)#interface dt

SanjeevAP(config)#interface dot11rad

SanjeevAP(config)#interface dot11radio 0

SanjeevAP(config-if)#ss

SanjeevAP(config-if)#ssid SanjeevAP

SanjeevAP(config-if)#no shut

SanjeevAP(config-if)#^Z

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: