06-03-2008 05:46 AM - edited 07-03-2021 03:58 PM
How can I configure a SSID that able to support WEP & WPA on the WLAN controller? The reason I ask because we are currently have LEAP/WEP and we want to move forward to PEAP/WPA. I have to use the same SSID with 2 type of encryption to support the transition.
Thanks,
06-03-2008 01:38 PM
You can't.... In this type of situation, you need to migrate new devices to PEAP/WPA using a new SSID. When you finally move or migrate all devices out of the old ssid, you delete it.
06-04-2008 05:43 AM
Yes. WEP and WPA is allowed on the same SSID as long as you are at 4.0.206 or later. You can do this by creating two WLANs on the same controller.
The controllers will allow each WLAN to have the same SSID *only* as long as they effect a different encryption security policy.
Documented here: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/cont402060rn.html#wp171887
Here is an example (using the text commands since I can't post inline screen caps) I run where I do dynamic WEP along with WPA both using radius. When using radius, you can select any of supported EAP types for both the WEP and WPA WLANs.
wlan create 1 MYSSID MYSSID-wep
! create WLAN 1 ssid "MYSSID"
wlan create 2 MYSSID MYSSID-WPA
! create WLAN 2 ssid "MYSSID"
wlan interface 1 vlan86
wlan interface 2 vlan86
Map them to the same interface. You can map them different ones.
wlan session-timeout 1 1800
wlan session-timeout 2 28800
Set up radius re-auth session timeout. Make WEP with 802.1x shorter. if using static WEP (very very insecure), don't do this.
wlan security 802.1X enable 1
We enable 802.1x on our WEP SSID
wlan radius_server auth add 1 1
wlan radius_server auth add 1 2
wlan radius_server auth add 2 1
wlan radius_server auth add 2 2
wlan radius_server auth add 2 3
Assign the 2 wlans to their respective radius servers - primary and backup
wlan security wpa disable 1
disable wpa on the wep only wlan
wlan security wpa wpa1 enable 2
wlan security wpa wpa1 ciphers tkip enable 2
add wpa1-tkip to wlan 2
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: