1130 WPA-PSK Radius Mac Authentication
I am trying to get our Cisco 1130 AP's to use Radius MAC Authentication using a freeradius server. We have been successful with other AP's (Proxim, Netgear) but haven't been able to get the Cisco 1130 to work.
I have attached 2 files. One is the running config, and the other is a debug of radius.
This is what the freeradius log says.
Thu Nov 6 02:48:46 2008 : Auth: Login OK: [004096a3e012/004096a3e012] (from client 10.80.0.17 port 291 cli 00-40-96-A3-E0-12)
I would appreciate any help that anyone is willing to give.
Use the wpa-psk SSID interface configuration command to configure a pre-shared key for use in WPA authenticated key management. To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must configure a pre-shared key for the SSID.
wpa-psk { hex | ascii } [ 0 | 7 ] encryption-key
but make sure that This command is not supported on bridges.
Similar Messages
-
Hi all,
I am faced with a dilemma. I have implemented a wireless network throughout our main building using wpa2 leap authenticating against Active directory. Now Security Engineer is griping that mac authentication be used in addition. The only reason I did not choose this option because I believe that the mac is transmitted with an initial packet and can be spoofed anyway not to mention the overhead of tracking all macs. Does anyone have any input on this issue that would help the argument of supporting or not supporting the authentication methods I just spoke of any help is greatly appreciated!Well, if your security engineer is so dead set on adding MAC address to the authentication process even though he knows that MAC address can be spoofed(it's biggest vulnerability) - good luck with changing his mind.
I had experience with MAC authentication at the enterprise level. I used it along with WEP. Obviously there is no AD or RADIUS in place. Entire list of MAC addresses is kept on all APs to facilitate enterprise-wide roaming. Well, having a list of 300 MACs on the AP makes the authentication process painfully slow. I don't know how many clients you have and what kind of RADIUS server you are using. The impact will be different in your case.
Apart from slow authentication process because of gigantic list of MACs, it is very hard to keep up with all MACs because of new laptops and upgraded client adapters, etc. If the users make a fuss, your Security Engineer may change his mind.
HTH -
Hello Everyone,
I have an issue with my Cisco 1602 WAP. I am trying to configure the WPA-PSK and MAC authentication on local RADIUS but I don't know why it doesn't work and client can bypass the MAC authentication. below is partial configuration:
dot11 ssid WLAN
vlan 20
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 XXX
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid WLAN
antenna gain 0
stbc
beamform ofdm
mbssid
channel 2462
station-role root
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface BVI1
ip address 10.133.16.2 255.255.255.128
no ip route-cache
adius-server local
nas 10.133.16.2 key 7 10.133.16.2
group MAC
vlan 20
ssid WLAN
block count 3 time infinite
reauthentication time 1800
user 54724f80421c password 54724f80421c group MAC
Further information can be provided by request.
Cheers,
Parhamwhat are you trying to accomplish?
With the PSK you aren't telling the client it needs to do .1x auth for the Mac authentication.
If you are just trying to keep some clients off the wireless, I would take a look at doing a MAC ACL (ACL 700)
HTH,
Steve -
WPA2-PSK with open MAC authentication
Can anyone help me with the configuration of Autonomous ap with WPA2-PSK with mac authentication..?
I tried configuring and created 700 ACL. But its not workingonce i enable mac authentication "wpa-psk ascii 7 06020C234D1F5B4A511416" dissappears. :(
Model: AIR-SAP1602E-N-K9
IOS: ap1g2-k9w7-mx.152-2.JB2/ap1g2-k9w7-mx.152-2.JB2
Getting Error: WPA-PSK not supported with MAC address authentication configured -
Wireless Guest and mac authentication
Hi all,
I want to setup a wifi guest network with mac based authentication.
I already have the guest anchor controller and the remote wlc controller (and the mobility tunnel) up and running.
However, i am uncertain where i have to program the mac addresses: on the remote wlc or on the guest controller ? (for local database mac)
It seems my authentication only works if i program the mac address of the 'remote' wlc (the wlc holding the AP).
This is a pitty, as i was hoping to centralise all "appoved" mac addresses on the guest controller and not on each individual wlc seperatly.
Also, suppose i want a radius server to validate the mac address. Which controller is going to sent the radius request ? the wlc controller
managing the AP or the guest anchor controller ?
Does the remote wlc also need to be configured with "Layer2 security: none"+"mac authentication" (the same as the anchor controller) or can i put "Layer2:none" and put the anchor controller on "Layer2: none"+mac authentication ?
regards,
GeertHi Geert,
The rule is straightforward : layer 2 is handled by foreign WLC (one holding the AP) and layer 3 handled by the anchor (the guest).
This means the anchor WLC handles the dhcp/ip address, it handles the web authentication etc ...
But only the foreign WLC knows which AP the client is associated to, it's the only one to have layer 2 information so that's the one doing layer 2 authentication (wpa psk or mac filtering).
The way to "centralize" for you would be to have the mac addresses on a radius server or to push the mac addresses on the controllers via WCS.
Hope this clarifies,
Nicolas
===
Don't forget to rate answers that you find useful -
I am currently using WPA2-spk. I want to add another layer of security. I know I could do EAP. I am also looking at mac authentication. But I want to host the mac list on an ACS server. Setting the the mac addresses on the ACS server is pretty cut and dry, but how can I configure the ap to look to the ACS server for its mac list? And, how can I get WPA-spk and mac authentication to work together?
Hi Jared,
you can do this by setup the following:
Webinterface:
1. Securtiy -> Server Manager
Setup the ACS IP in the list "MAC Authentication" in the section "Default Server Priorities".
2. Securtiy -> Advanced Securtiy
In the section "MAC Address Authentication" use the radio button "Authentication Server Only" or "Local List if no response from Authentication Server" for a fallback configuration!
IOS Interface from config mode:
aaa group server radius rad_mac
server 10.20.40.37 auth-port 1645 acct-port 1646
and
aaa authentication login mac_methods group rad_mac
or
aaa authentication login mac_methods group rad_mac local (for local fallback)
I have not tested this, cause the MAC of the supplicants is to easy to sniff and any medium skilled person may used a sniffed MAC to enter the first authentication stage!
Better use a setup with EAP-FAST or PEAP!
I hope that helps.
Best regards,
Frank
I hope that helps. -
Mac authentication by IAS in WAP4410N
I have a access point model WAP4410N , I want to configure for mac authentication by using MS IAS , but when I set MY SSID to radius in wireless connection control and try to connect to that SSID by a labtop I didn't get any logs in my IAS , anybody knows when this problem happened ? my methods for radius mac authentication is correct or not ?
Did you define the AP as a client in the IAS?
Steve
Sent from Cisco Technical Support iPhone App -
MAC Authentication on autonomous APs
Hi!
Has anyone here tried MAC authentication using Aironet 1200 series? If so, can you please tell me how to do it? Because I've been trying to make it work and it just won't work. Thanks!
RegardsHi,
Are you talking about radius mac-authentication ?
The steps to configure MAC authentication on the ACS server and AP :
[1] GO to Server Manager
In the Corporate Servers -->Current Server List
-- Select the Radius Server in the drop down.
-- Specify the Server IP address in the Server: field
-- Specify the Shared Secret in the Shared Secret: field
-- Set the Authentication Port (optional): 1645 and the Accounting Port (optional): 1646
- click on Apply
-- In the Default Server Priorities aand under MAC Authentication
-- In the drop down Priority 1: select the IP address of the ACS server and click on Apply
[2] Goto SSid MAnager
-- Select the ssid, In case a new SSID needs to be created create a new ssid.
-- In Authentication Settings --> Methods Accepted: --> check on Open Authentication:
--> Select with Mac Authentication from the drop down menu.
- Click on the Apply all button to save this setting
[3] Goto Advanced Security
-- In the MAC Address Authentication -->MAC Addresses Authenticated by:
-- Select Authentication Server Only and click on Apply
On the ACS server Create Users with user names and password set to the MAC address of the
clients. These user names/passwords should NOT have any spaces or dots in between them..
Regards,
~JG -
WPA PSK doesn't work with MAC Authentication. AP1231G
Hi, yesterday I've installed an Aironet Access Point 1200 series AP1231G for the first time.
I'd like to use MAC Authentication with an WPA Pre-Shared Key. But it doesn't work. If I choose "Open Authentication with MAC Authentication", I can't type an WPA Pre-Shared Key. The system doesn't keep it.
It only works with "Open Authentication" without MAC-Filter.
Settings:
Encryption Manager: TKIP
SSID Manager
1. Client Authentication: Open Authentication with MAC Authentication
2. Key Managemnet: Mandatory WPA + WPA Pre-Shared-Key
If I type in a Pre-Shared-Key and click on "Apply", the Pre-Shared-Key get loss.Tina,
In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a00804e7d09.html#wp1034916 -
MAC Authentication + Windows Server 2008 R2 Radius server
Hello there,
I have been trying to configure the MAC Authentication on Windows Server Network Policy Server but no success. Details on my configuration can be find below.
I have firstly enabled the Mac Authentication on 3com switch 4400 model.
enabling -> Mac-authentication
enabling authentication mode -> UsernameAsMacAddress
configuring a domain - mac-authentication domain abc.local.
I left the default Vlan (Vlan1)
While on my DC, I created a user
username: 00-00-00-00-00-00
password: 00-00-00-00-00-00
Lastly on the NPS Server, I configured the 802.1x Wired configuration, I configured the NAS (Radius Client) whici is the 3com Switch.
After completing the configurations, I turned on my computer with and logged on to the domain abc\00-00-00-00-00-00 with the password. But there was no success when the computer tried to connect to the network looking for DHCP services to obtain IP address.
On the NPS event service, I got:
User:
Security ID:
NULL SID
Account Name:
[email protected]
Account Domain:
abc
Fully Qualified Account Name:
abc\00-00-00-00-00-00
Client Machine:
Security ID:
NULL SID
Account Name:
Fully Qualified Account Name:
OS-Version:
Called Station Identifier:
Calling Station Identifier:
0000-0000-0000
NAS:
NAS IPv4 Address:
xxx.xxx.xx.xx
NAS IPv6 Address:
NAS Identifier:
00aa00aa00aa
NAS Port-Type:
Ethernet
NAS Port:
12345678
RADIUS Client:
Client Friendly Name:
3com
Client IP Address:
xxx.xxx.xx.xx
Authentication Details:
Connection Request Policy Name:
NAP 802.1X (Wired) 2
Network Policy Name:
Authentication Provider:
Windows
Authentication Server:
server.abc.local
Authentication Type:
PAP
EAP Type:
Account Session Identifier:
Logging Results:
Accounting information was written to the local log file.
Reason Code:
16
Reason:
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
All I could find was " Authentication failed due to the reason appeared in the reason code but I am very sure that the name and the password are the same. I hope someone can help me out.
Thanks.Hi,
Thanks for your post.
MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and
password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.
For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.
MAC Address Authorization
http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx
Best Regards,
Aiden
Aiden Cao
TechNet Community Support -
WPA.PSK security on Mac and encrytion key
I am trying to connect to a network at a new office. They tell me to select WPA and enter the password to connect. I think I am connecting to the router just fine but no internet. Another user says he has settings like this -- Network - WPA.PSK and encryption - TKIP. I am not finding any settings like this.
Can you help?
Thanks,The firewall is already off... I guess we will need to get the admins involved that set up the network. I have never been able to connect to a router with the incorrect password before. But, it seems as though I can connect to it even if I try to modify the password to try different options. It is very possible I have the wrong password - only because the owner knows nothing about networks/computers.
Thanks for your help! -
Wifi (WPA-PSK) not restored after sleep? (10.4.10)
Hi,
Has anyone else noticed that their Wifi connection is not being restored after the MacBook comes back from a sleep?
I'm using a 2006 white MacBook (Core Duo) with 10.4.10, connecting to a Cisco 877W ADSL router using WPA-PSK. Cisco firmware version is (C870-ADVSECURITYK9-M), Version 12.4(4)T7, RELEASE SOFTWARE (fc1), "flash:c870-advsecurityk9-mz.124-4.T7.bin" which seems to be current.
From a cold boot, there is no problem connecting to the wireless router, but after a sleep, the connection is not restored, and the router syslog shows repeated unsuccessful authentication attempts from the Macbook's MAC address.
Connecting manually to the correct network SSID doesn't resolve the problem: it just prompts for the WPA PSK keyphrase, which doesn't work if entered. Of course the correct keyphrase is already in the keychain.
As a workaround, switching the Macbook's Airport off and on again a few times eventually seems to get it working again, but it's slow and very clunky.
Can anyone else confirm this problem? It seems to have been introduced with 10.4.10, but I would like independent confirmation before reporting this to Apple, as I changed the wireless router around the same time as the 10.4.10 update appeared.
Thanks,
- Martin.
PS: I guess there are two morals to this story...
1) Always clone your hard drive to a Lacie drive with SuperDuper before installing any Apple updates - so that you can back out any buggy updates without a full reinstall.
2) Don't install any Apple updates within 2 weeks of installing other network changes - so that you can tell what's caused any issues.The WPA auth problem still exists on a clean install of Leopard (and a full reboot is needed to clear it every time the laptop comes out of sleep) so I'll ring Apple Support and see if they can at least add it to their known issues list, in the hope of resolution later. It's quite likely that downgrading to WEP would be a workaround, but WEP is just not acceptable from a security perspective.
-
Situation:
- D-Link DIR-635 802.11n-router configured: only WPA2 (personal) with TKIP
- D-Link DWA-645 802.11n-pcmcia with atheros chipset and working ndiswrapper driver (ath5k is not yet supporting this chipset)
I cannot connect to the router and I'm not sure it's the linux-config or the router-config that is to blame (which makes troubleshooting a real pain), so here goes:
# wpa_supplicant -dd -c/etc/wpa_supplicant.conf -iwlan0 -Dwext
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='0' (DEPRECATED)
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 7 - start of a new network block
ssid - hexdump_ascii(len=9):
53 4c 2d 61 63 63 65 73 73 SL-access
key_mgmt: 0x2
pairwise: 0x8
group: 0x8
proto: 0x2
priority=9 (0x9)
PSK - hexdump(len=32): [REMOVED]
Priority group 9
id=0 ssid='SL-access'
Initializing interface (2) 'wlan0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=22 WE(source)=18 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:17:9a:45:9b:1f
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 100000 usec
ctrl_interface_group=0
Added interface wlan0
RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 256 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 9
Try to find WPA-enabled AP
0: 00:1c:f0:ee:f8:68 ssid='SL-access' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
selected based on RSN IE
selected WPA AP 00:1c:f0:ee:f8:68 ssid='SL-access'
Try to find non-WPA AP
Trying to associate with 00:1c:f0:ee:f8:68 (SSID='SL-access' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 02 01 00 00 0f ac 02 00 00
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 02 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=17
Authentication with 00:1c:f0:ee:f8:68 timed out.
Added BSSID 00:1c:f0:ee:f8:68 into blacklist
No keys have been configured - skip key clearing
State: ASSOCIATING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Scan requested (ret=0) - scan timeout 5 seconds
^CCTRL-EVENT-TERMINATING - signal 2 received
Removing interface wlan0
State: SCANNING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wext_set_wpa
wpa_driver_wext_set_drop_unencrypted
wpa_driver_wext_set_countermeasures
No keys have been configured - skip key clearing
Removed BSSID 00:1c:f0:ee:f8:68 from blacklist (clear)
Cancelling scan request
Cancelling authentication timeout
WEXT: Operstate: linkmode=0, operstate=6
net-profile wl-Synergy:
CONNECTION="wireless"
DESCRIPTION="SynergyLaw wireless access"
INTERFACE=wlan0
ESSID="SL-access"
SCAN="yes"
SECURITY="wpa-config"
IP="dhcp"
TIMEOUT=40
WPA_CONF=/etc/wpa_supplicant.conf
/etc/wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="SL-access"
key_mgmt=WPA-PSK
pairwise=TKIP
group=TKIP
proto=WPA2
priority=9
#psk="abc"
psk=<censored>
# iwlist wlan0 scan:
wlan0 Scan completed :
Cell 01 - Address: 00:1C:F0:EE:F8:68
ESSID:"SL-access"
Protocol:IEEE 802.11g
Mode:Managed
Frequency:2.412 GHz (Channel 1)
Quality:45/100 Signal level:-67 dBm Noise level:-96 dBm
Encryption key:on
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Extra:bcn_int=100
Extra:atim=0
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : TKIP
Authentication Suites (1) : PSK
I find a lot of people asking similar questions, but none of the answers have helped me so far. I hope to find someone here with a similar setup and the answer to all my problems
Zl.B wrote:
I am running WPA2 indeed, but no N - plain G for the moment.
That wpa_supplicant.conf looks dandy .
Here's mine for reference:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
#fast_reauth=0
#ap_scan=0
#DIR=/var/run/wpa_supplicant GROUP=wheel
# My home network
network={
ssid=*snip*
key_mgmt=WPA-PSK
proto=WPA2
pairwise=CCMP
group=CCMP
#psk=*snip*
psk=*snip*
# Arne's network
network={
ssid=*snip*
key_mgmt=WPA-PSK
proto=WPA
pairwise=TKIP
group=TKIP
#psk=*snip*
psk=*snip*
As you can see the first one is WPA2, the second one WPA. Of course you can mix but that will imho only increase possible incompatibilities.
My netcfg setup:
CONNECTION="wireless"
INTERFACE="intel"
HOSTNAME="hermes"
# AP authentication
SCAN="yes"
SECURITY="wpa-config"
WPA_CONF="/etc/wpa_supplicant.conf"
WPA_OPTS="-Dwext -B"
ESSID=*snip*
# IP address
IP="dhcp"
DHCP_TIMEOUT=10
N does not add any additional security (except that it makes WPA2 mandatory as far as I understood, I might be wrong about this). My router runs OpenWRT and I only intend to switch to N when I find a router that is stable on OpenWRT, and provides N performance and range (now you often have to resort to G MIMO drivers and stuff with OpenWRT on N models).
hey!, thanks for your config there, now I have wifi using wpa2 connecting properly on a dell xps m1330.
But I also found that if I didn't use netcfg to stop the profile manually, I couldn't reboot the system and after typing 'reboot' I think the wpa_supplicant is just killed or crashes and the system is stuck on '> Rebooting'. I had to use 'netcfg2 -d abc' to stop the profile then reboot.
Last edited by ST.x (2008-06-27 11:43:17) -
Does iPhone support WPA-PSK authentication?
If so, does it support TKIP encryption?
I'm having a heck of a time trying to set up my work network on the iPhone, though my MacBook Pro handles it just fine.
Thanks in advance.i have not seen support for WPA-PSK TKIP if your
router and other devices support WEP 128bit
encription use that... anything other then 128bit
will not work.. took 2 hours of fussing to figure it
out
MacBook Pro 15inch
Mac OS X (10.4.10)
That is incorrect.
I am running WPA and WPA2 (both on Apple wireless base stations), and was able to connect to both. The WPA one uses TKIP.
Make sure you do not have the new ExtremeN if set to "N-only". It will not connect in that case, whether you are using 2.4 GHz or 5 GHz. In fact, it will probably never even see the AP in that case. -
Cisco aironet 1040: create wireless with wpa2 and mac authentication
Hi,
I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
Can anyone help me? thanks
Hi,
I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
Can anyone help me? thanksap#show configuration
Using 2085 out of 32768 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 ssid Svez
authentication open mac-address mac_methods
authentication key-management wpa version 2
username 00907a0f2a55 password 7 1249554E425C0D542C79257D66
username 00907a0f2a55 autocommand exit
username administrator privilege 15 password 7 033449040A0620425A0D15564F42
username 0025d3db778b password 7 055B565D74481D0D1B52404A09
username 0025d3db778b autocommand exit
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid Svez
antenna gain 0
station-role root
world-mode legacy
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
end
ap#
Maybe you are looking for
-
Error while creating an Invoice in SRM
Hi All, We are on SRM 7.0, ECC 6.0 (Classic scenario). My SC has been approved and a PO has been created in ECC, I have also created a confirmation against this from SRM which resulted in a GR being created against the PO in ECC. Now when I am creati
-
What is the best technique for resetting a view?
I was wondering what is the best technique for resetting the initial state of a view? I am creating a form and want to provide a reset button for the user. I could write an initialize() method that my action handler calls, but I am wondering if the
-
"Quit" in ITS Header does not work properly
Hello, we have a self-made ESS Service in use (http://itshost:port/scripts/wgate/zmfa/!). In this service the "Quit" Link in the ESS header does not work. When we start e.g. the pz04 transaction on the ITS (http://itshost:port/scripts/wgate/pz04/!) t
-
Error when using INSERT or DELETE statements
I installed the database connectivity toolkit 1.01. I'm trying to run an application which uses the old SQL toolkit (version 5.0) VI's. It works but when I use other statements than SELECT, I always become the error -2146824584. Exception occured in
-
HP CJL 4550 print error message instead a page of PDF document
Hi, I have some problems with printing PDF, and I completly have no idea what's wrong. Often printer print an error message like this: ERROR: typecheck OFFENDING COMMAND: image STACK: 1.0 -mark- -savelevel- -mark- -savelevel- but I can print this doc