Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1239
Views
0
Helpful
3
Replies

WPA2 with PEAP and AES

colin.lynch
Level 4
Level 4

‎03-09-2005 09:00 AM - edited ‎07-04-2021 10:33 AM

Hi I have a working network currently using WPA PEAP with TKIP and all is fine.

I am now looking to migrate to AES. I have upgraded a test AP to 12.3(2)JA2

And applied Microsoft patch KB826942 to an XP SP1 client

I have altered the Cipher on the AP to AES CCMP + TKIP in order to support both TKIP and AES supplicants for the transition period.

I am using the Windows XP client settings and have only changed the Association details from WPA / TKIP to WPA / AES

This AES client fails the EAP authentication with the ACS error of "PEAP authentication failed during SSL handshake" (the generic error that means most things)

As soon as I change the widows supplicant back to WPA / TKIP it associates straight away and works.

I have compared the Debugs of the working TKIP authentication and failing AES authentication and the only difference I can see is at the end I get a "dot11_auth_dot1x_send_client_fail: Authentication failed for xxxx.xxxx.xxxx"

Although the Microsoft supplicant says WPA the fact that AES is a selectable option must mean it is WPA2/802.11i one would think.

Any advice would be appreciated

Colin

Labels:
0 Helpful
3 Replies 3

anton.royce
Level 1
Level 1

‎03-15-2005 06:20 PM

Hi Colin,

I am not posting a solution, but I have updated my AP to 12.3(2)JA2 and configured the Cipher as AES CCMP. I bought the WPA2 compatable wireless card and configured to associate with AP and is not even associating.

Could you please let me know what client card are you using and is it associating with AP without TKIP.

Regards,

Anton

0 Helpful

eerten
Level 1
Level 1

‎05-09-2005 03:42 AM

Hi,

Our WLAN is working with WPA, PEAP, TKIP and everything works fine. I also tried to use AES. I have WinXP SP1 w/ windows client, 802.11a/b/g PCMCIA driver 2.0.0 and AP1231G with 12.3(4)JA. But as soon as I switch to WPA/AES, client cannot associate to AP. I have tried with AES CCMP+TKIP and only AES CCMP on AP. When I switch back to WPA/TKIP on the win client, it immediatly associates and authenticates.

My problem seems to be different, at least your client can associate.

regards,

0 Helpful

anton.royce
Level 1
Level 1

‎05-09-2005 01:34 PM

Hi Colin,

I had a similar issue when I tried to associate using Intel internal wireless card 2200BG with Intel client. After I have untick the "Validate server certificate" on the client, it started working. I assume that it will do the same with microsoft client. Please untick the "Validate server certificate" and let us know?

In the mean time, Cisco has updated their 802.11abg card client and is working fine with tick the "Validate server certificate"

You also can read WPA2 thread for more of our past experience with clients.

Regards,

Anton

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card