Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
0
Helpful
2
Replies

WEP & WPA on single SSID

nhan.duong
Level 1
Level 1

‎06-03-2008 05:46 AM - edited ‎07-03-2021 03:58 PM

How can I configure a SSID that able to support WEP & WPA on the WLAN controller? The reason I ask because we are currently have LEAP/WEP and we want to move forward to PEAP/WPA. I have to use the same SSID with 2 type of encryption to support the transition.

Thanks,

Labels:
0 Helpful
2 Replies 2

Scott Fella
Hall of Fame
Hall of Fame

‎06-03-2008 01:38 PM

You can't.... In this type of situation, you need to migrate new devices to PEAP/WPA using a new SSID. When you finally move or migrate all devices out of the old ssid, you delete it.

-Scott
*** Please rate helpful posts ***
0 Helpful

andrew.potter
Level 1
Level 1

‎06-04-2008 05:43 AM

Yes. WEP and WPA is allowed on the same SSID as long as you are at 4.0.206 or later. You can do this by creating two WLANs on the same controller.

The controllers will allow each WLAN to have the same SSID *only* as long as they effect a different encryption security policy.

Documented here: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/cont402060rn.html#wp171887

Here is an example (using the text commands since I can't post inline screen caps) I run where I do dynamic WEP along with WPA both using radius. When using radius, you can select any of supported EAP types for both the WEP and WPA WLANs.

wlan create 1 MYSSID MYSSID-wep

! create WLAN 1 ssid "MYSSID"

wlan create 2 MYSSID MYSSID-WPA

! create WLAN 2 ssid "MYSSID"

wlan interface 1 vlan86

wlan interface 2 vlan86

Map them to the same interface. You can map them different ones.

wlan session-timeout 1 1800

wlan session-timeout 2 28800

Set up radius re-auth session timeout. Make WEP with 802.1x shorter. if using static WEP (very very insecure), don't do this.

wlan security 802.1X enable 1

We enable 802.1x on our WEP SSID

wlan radius_server auth add 1 1

wlan radius_server auth add 1 2

wlan radius_server auth add 2 1

wlan radius_server auth add 2 2

wlan radius_server auth add 2 3

Assign the 2 wlans to their respective radius servers - primary and backup

wlan security wpa disable 1

disable wpa on the wep only wlan

wlan security wpa wpa1 enable 2

wlan security wpa wpa1 ciphers tkip enable 2

add wpa1-tkip to wlan 2

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card