Re: WPA-PSK configuration

franciscosystems · ‎08-04-2004

Hi.

What are the steps to configure Wi-Fi Protected Access-Pre Shared Key (WPA-PSK) with Cisco 1100 Aironet and a Windows XP-based client adapter (not necessarily Cisco Aironet card)?

Is it necessary to configure any item in ACS if it is desired that no certificates are interchanged?

I have ACS for other EAP-enabled Cisco client adapters. Can it interoperate with those WPA-PSK client adapters?

Thanks in advance for any reply.

smalkeric · ‎08-10-2004

This document should be helpful,

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml

michaelr · ‎08-12-2004

The WPA-PSK portion of my config -

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

broadcast-key change 300 membership-termination

!

ssid ssid-PSK

authentication open

authentication key-management wpa

guest-mode

wpa-psk hex 7

Notes:

1. Some cards/WPA SW require you to broadcast the ssid (guest-mode).

2. I enterend the PSK as 64 hex characters, Not sure if there is another way to do it. There is a web site which will take the ssid and the pass phrase most clients use and generate the hex PSK. There is also a Linux tool to do the same.

3. Windows 2k requires 3rd party SW to do WPS-PSK. WSC has a free application which works nicely. Nothing is needed for Windows XP once you get SP1 and the wireless patch.

4. The client must support WPA. For example Cisco PCMCIA aironet cards with firmware 5.20.17 or older do not "do" WPA.

5. You need to config the above items in a specific order if you use the CLI. The CLI will refuse to accept some commands until others have been set.