Cisco 1231G WPA2 (AES)

I am trying to find an example config of WPA2 on a Cisco 1231G Access
Point.

Any help would be appreciated !
Drop the ZZZ to reply

Cheers ...


z400d3

On Fri, 04 Feb 2005 15:33:44 +0000, z400d3 <(E-Mail Removed)> wrote:

~ I am trying to find an example config of WPA2 on a Cisco 1231G Access
~ Point.
~
~ Any help would be appreciated !
~ Drop the ZZZ to reply
~
~ Cheers ...

Here's a sample config for the AP. The trick right now is finding a client
that supports WPA2+AES. Funk Odyssey 3.1 is such a supplicant ... and some
new Atheros-based clients can do AES.

Aaron

---

aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.1.5 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct


interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid vulcan
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
!
short-slot-time
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
channel 2462
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

Thanks for that Aaron,

I had managed to get this far with the config but am grateful to find
that I am on the right track.

I have the Odyssey client that supports WPA2 and AES but I can't get
it to connect.

I have not seen the Aeros clients, where can I find one ?


On Fri, 04 Feb 2005 09:18:57 -0800, Aaron Leonard <(E-Mail Removed)>
wrote:

>On Fri, 04 Feb 2005 15:33:44 +0000, z400d3 <(E-Mail Removed)> wrote:
>
>~ I am trying to find an example config of WPA2 on a Cisco 1231G Access
>~ Point.
>~
>~ Any help would be appreciated !
>~ Drop the ZZZ to reply
>~
>~ Cheers ...
>
>Here's a sample config for the AP. The trick right now is finding a client
>that supports WPA2+AES. Funk Odyssey 3.1 is such a supplicant ... and some
>new Atheros-based clients can do AES.
>
>Aaron
>
>---
>
>aaa new-model
>!
>!
>aaa group server radius rad_eap
> server 192.168.1.5 auth-port 1812 acct-port 1813
>!
>aaa authentication login eap_methods group rad_eap
>aaa authentication login mac_methods local
>aaa authorization exec default local
>aaa accounting network acct_methods start-stop group rad_acct
>
>
>interface Dot11Radio0
>no ip address
>no ip route-cache
>!
>encryption mode ciphers aes-ccm
>!
>ssid vulcan
> authentication open eap eap_methods
> authentication network-eap eap_methods
> authentication key-management wpa
>!
>short-slot-time
>speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
>rts threshold 2312
>channel 2462
>station-role root
>no cdp enable
>bridge-group 1
>bridge-group 1 subscriber-loop-control
>bridge-group 1 block-unknown-source
>no bridge-group 1 source-learning
>no bridge-group 1 unicast-flooding
>bridge-group 1 spanning-disabled

Drop the ZZZ to reply

Cheers ...

On Mon, 07 Feb 2005 08:24:33 +0000, z400d3 <(E-Mail Removed)> wrote:

~ Thanks for that Aaron,
~
~ I had managed to get this far with the config but am grateful to find
~ that I am on the right track.
~
~ I have the Odyssey client that supports WPA2 and AES but I can't get
~ it to connect.

OK ... I haven't played with this myself, so I can't help you further
right now I'm afraid ...

~ I have not seen the Aeros clients, where can I find one ?

The Atheros clients include the Cisco CB21AG card (but it won't support
AES till spring '05 I believe.)

You can go to the Wifi Alliance page http://www.wifialliance.com/OpenSect...d_Products.asp
and search for products that are listed as supporting WPA2.

Regards,

Aaron

---

~ On Fri, 04 Feb 2005 09:18:57 -0800, Aaron Leonard <(E-Mail Removed)>
~ wrote:
~
~ >On Fri, 04 Feb 2005 15:33:44 +0000, z400d3 <(E-Mail Removed)> wrote:
~ >
~ >~ I am trying to find an example config of WPA2 on a Cisco 1231G Access
~ >~ Point.
~ >~
~ >~ Any help would be appreciated !
~ >~ Drop the ZZZ to reply
~ >~
~ >~ Cheers ...
~ >
~ >Here's a sample config for the AP. The trick right now is finding a client
~ >that supports WPA2+AES. Funk Odyssey 3.1 is such a supplicant ... and some
~ >new Atheros-based clients can do AES.
~ >
~ >Aaron
~ >
~ >---
~ >
~ >aaa new-model
~ >!
~ >!
~ >aaa group server radius rad_eap
~ > server 192.168.1.5 auth-port 1812 acct-port 1813
~ >!
~ >aaa authentication login eap_methods group rad_eap
~ >aaa authentication login mac_methods local
~ >aaa authorization exec default local
~ >aaa accounting network acct_methods start-stop group rad_acct
~ >
~ >
~ >interface Dot11Radio0
~ >no ip address
~ >no ip route-cache
~ >!
~ >encryption mode ciphers aes-ccm
~ >!
~ >ssid vulcan
~ > authentication open eap eap_methods
~ > authentication network-eap eap_methods
~ > authentication key-management wpa
~ >!
~ >short-slot-time
~ >speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
~ >rts threshold 2312
~ >channel 2462
~ >station-role root
~ >no cdp enable
~ >bridge-group 1
~ >bridge-group 1 subscriber-loop-control
~ >bridge-group 1 block-unknown-source
~ >no bridge-group 1 source-learning
~ >no bridge-group 1 unicast-flooding
~ >bridge-group 1 spanning-disabled
~
~ Drop the ZZZ to reply
~
~ Cheers ...