Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
5
Replies

L2 PROFILE

wyfy-2015
Level 1
Level 1

‎01-27-2016 10:44 PM - edited ‎07-05-2021 04:32 AM

Hi,

What are the differnces between in choosing option 1 and 2 in the wlan profile

1)
layer2 security
WPA2 + WPA
AUTH Key Mgmt : FT802.1X

2)
layer2 security
802.1x
AUTH Key Mgmt : FT802.1X

Thank you 

Labels:
0 Helpful
5 Replies 5

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎01-27-2016 11:08 PM

Check this:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82135-wlc-authenticate.html#L2

Regards

Don't forget to rate helpful posts

0 Helpful

wyfy-2015
Level 1
Level 1
In response to Sandeep Choudhary

‎01-28-2016 01:51 AM

Thanks Sandeep 

My question , what s the difference between using WPA2 + WPA and AUTH Key Mgmt : FT802.1X 
and 802.1x  & AUTH Key Mgmt : FT802.1X together

thanks again

0 Helpful

Prakash Parvathala
Level 4
Level 4

‎01-28-2016 01:13 AM

Check this

Cisco Unified Wireless Network Security Solutions

The Cisco Unified Wireless Network supports Layer 2 security methods.

  • Layer 2 security

  • Layer 2 security is not supported on Guest LANs.

This table lists the various Layer 2 and Layer 3 security methods supported on the Wireless LAN Controller. These security methods can be enabled from the Security tab on the WLANs > Edit page of the WLAN.

Layer 2 Security Mechanism
Parameter Description
Layer 2 Security None No Layer 2 security selected.
WPA+WPA2 Use this setting in order to enable Wi-Fi Protected Access.
802.1X Use this setting in order to enable 802.1x authentication.
Static WEP Use this setting in order to enable Static WEP encryption.
Static WEP + 802.1x Use this setting in order to enable both Static WEP and 802.1x parameters.
CKIP Use this setting in order to enable Cisco Key Integrity Protocol (CKIP). Functional on AP Models 1100, 1130, and 1200, but not AP 1000. Aironet IE needs to be enabled for this feature to work. CKIP expands the encryption keys to 16 bytes.
0 Helpful

wyfy-2015
Level 1
Level 1
In response to Prakash Parvathala

‎01-28-2016 04:42 AM

Thanks 

I could see that  one of the wlc below settings ,

Layer 2 Security : WPA+WPA2
WPA2 policy :enabled
wpa2 Encryption : aes enabled , and tkip also
auth key mgmt : ft+802.1x

If we need .802.1x authentication , Layer 2 security must be 802.1x , correct ? 

Thanks

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to wyfy-2015

‎01-28-2016 04:59 AM

what exactly you want to do.Which kind of WLAN(Means the security) you want to implement?

1. WPa/WPA2 with AES/TKIP + FT802.1x

More Secure

2. 802.1x +WEP

Less Secure

Please go through this doc to understand:http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82135-wlc-authenticate.html#L2

Regards

Don't forget to rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card