Solved: Re: How to check data encryption on the wifinetwork

Ramesh Babu · ‎05-11-2021

Hi All,

How to check data encryption on the wifi network.

AP --> Controller & AP---> Client

patoberli · ‎05-12-2021

For client encryption to AP check the SSID -> Security -> Layer 2 Security settings. If it's set to None, then the traffic is unencrypted. Static WEP is on paper an encryption, but has been cracked for many years and is actually worse now than no encryption. WPA2 or WPA3 are the current recommendations.

For CAPWAP encryption, go to Wireless -> select an AP -> Advanced tab and check of the Data Encryption is checked. If unchecked, then the traffic between AP and WLC is unencrypted.

View solution in original post

Leo Laohoo · ‎05-11-2021

Depends on the AP, the controller and the firmware used.

Ramesh Babu · ‎05-12-2021

Hi Leo,

By which command we can verify the settings ?

saravlak · ‎05-11-2021

AP to client and vice-versa can be encrypted using WPA2.

capwap Data DTLS can be used to encrypt AP to WLC and vice-versa.

Ramesh Babu · ‎05-12-2021

Hi,

By which command we can verify the settings ?

saravlak · ‎05-12-2021

check the wlan config for wifi security in use.

to check data dtls config -show ap link-encryption {all | Cisco_AP}

Leo Laohoo · ‎05-12-2021

What model of WLC?

What firmware is the controller running on?

Ramesh Babu · ‎05-12-2021

Model : 5508

Firmware : 8.3.141.0

AP Model : AIR-CAP2702I-E-K9 & AIR-AP2802I-E-K9

patoberli · ‎05-12-2021

For client encryption to AP check the SSID -> Security -> Layer 2 Security settings. If it's set to None, then the traffic is unencrypted. Static WEP is on paper an encryption, but has been cracked for many years and is actually worse now than no encryption. WPA2 or WPA3 are the current recommendations.

For CAPWAP encryption, go to Wireless -> select an AP -> Advanced tab and check of the Data Encryption is checked. If unchecked, then the traffic between AP and WLC is unencrypted.