1130 WPA-PSK Radius Mac Authentication

Similar Messages

• WPA 2 with Mac authentication

  Hi all,
  I am faced with a dilemma. I have implemented a wireless network throughout our main building using wpa2 leap authenticating against Active directory. Now Security Engineer is griping that mac authentication be used in addition. The only reason I did not choose this option because I believe that the mac is transmitted with an initial packet and can be spoofed anyway not to mention the overhead of tracking all macs. Does anyone have any input on this issue that would help the argument of supporting or not supporting the authentication methods I just spoke of any help is greatly appreciated!

  Well, if your security engineer is so dead set on adding MAC address to the authentication process even though he knows that MAC address can be spoofed(it's biggest vulnerability) - good luck with changing his mind.
  I had experience with MAC authentication at the enterprise level. I used it along with WEP. Obviously there is no AD or RADIUS in place. Entire list of MAC addresses is kept on all APs to facilitate enterprise-wide roaming. Well, having a list of 300 MACs on the AP makes the authentication process painfully slow. I don't know how many clients you have and what kind of RADIUS server you are using. The impact will be different in your case.
  Apart from slow authentication process because of gigantic list of MACs, it is very hard to keep up with all MACs because of new laptops and upgraded client adapters, etc. If the users make a fuss, your Security Engineer may change his mind.
  HTH

• Configuring the Access Point 1602 IOS 15.2(2)JAX as a Local RADIUS for a MAC authenticator

  Hello Everyone,
  I have an issue with my Cisco 1602 WAP. I am trying to configure the WPA-PSK and MAC authentication on local RADIUS but I don't know why it doesn't work and client can bypass the MAC authentication. below is partial configuration:
  dot11 ssid WLAN
     vlan 20
     authentication open
     authentication key-management wpa version 2
     mbssid guest-mode
     wpa-psk ascii 7 XXX
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   encryption vlan 20 mode ciphers aes-ccm
   ssid WLAN
   antenna gain 0
   stbc
   beamform ofdm
   mbssid
   channel 2462
   station-role root
  interface Dot11Radio0.20
   encapsulation dot1Q 20 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface BVI1
   ip address 10.133.16.2 255.255.255.128
   no ip route-cache
  adius-server local
      nas 10.133.16.2 key 7 10.133.16.2
    group MAC
      vlan 20
      ssid WLAN
      block count 3 time infinite
      reauthentication time 1800
   user 54724f80421c  password 54724f80421c group MAC 
  Further information can be provided by request.
  Cheers,
  Parham

  what are you trying to accomplish?
  With the PSK you aren't telling the client it needs to do .1x auth for the Mac authentication.
  If you are just trying to keep some clients off the wireless, I would take a look at doing a MAC ACL (ACL 700)
  HTH,
  Steve

• WPA2-PSK with open MAC authentication

  Can anyone help me with the configuration of Autonomous ap with WPA2-PSK with mac authentication..?
  I tried configuring and created 700 ACL. But its not working

  once i enable mac authentication "wpa-psk ascii 7 06020C234D1F5B4A511416" dissappears. :(
  Model: AIR-SAP1602E-N-K9
  IOS: ap1g2-k9w7-mx.152-2.JB2/ap1g2-k9w7-mx.152-2.JB2
  Getting Error: WPA-PSK not supported with MAC address authentication configured

• Wireless Guest and mac authentication

  Hi all,
  I want to setup a wifi guest network with mac based authentication.
  I already have the guest anchor controller and the remote wlc controller (and the mobility tunnel) up and running.
  However, i am uncertain where i have to program the mac addresses: on the remote wlc or on the guest controller ? (for local database mac)
  It seems my authentication only works if i program the mac address of the 'remote' wlc (the wlc holding the AP).
     This is a pitty, as i was hoping to centralise all "appoved" mac addresses on the guest controller and not on each individual wlc seperatly.
  Also, suppose i want a radius server to validate the mac address. Which controller is going to sent the radius request ? the wlc controller
  managing the AP or the guest anchor controller ?
  Does the remote wlc also need to be configured with "Layer2 security: none"+"mac authentication" (the same as the anchor controller) or can i put "Layer2:none" and put the anchor controller on "Layer2: none"+mac authentication ?
  regards,
  Geert

  Hi Geert,
  The rule is straightforward : layer 2 is handled by foreign WLC (one holding the AP) and layer 3 handled by the anchor (the guest).
  This means the anchor WLC handles the dhcp/ip address, it handles the web authentication etc ...
  But only the foreign WLC knows which AP the client is associated to, it's the only one to have layer 2 information so that's the one doing layer 2 authentication (wpa psk or mac filtering).
  The way to "centralize" for you would be to have the mac addresses on a radius server or to push the mac addresses on the controllers via WCS.
  Hope this clarifies,
  Nicolas
  ===
  Don't forget to rate answers that you find useful

• WPA2 and mac authentication

  I am currently using WPA2-spk. I want to add another layer of security. I know I could do EAP. I am also looking at mac authentication. But I want to host the mac list on an ACS server. Setting the the mac addresses on the ACS server is pretty cut and dry, but how can I configure the ap to look to the ACS server for its mac list? And, how can I get WPA-spk and mac authentication to work together?

  Hi Jared,
  you can do this by setup the following:
  Webinterface:
  1. Securtiy -> Server Manager
  Setup the ACS IP in the list "MAC Authentication" in the section "Default Server Priorities".
  2. Securtiy -> Advanced Securtiy
  In the section "MAC Address Authentication" use the radio button "Authentication Server Only" or "Local List if no response from Authentication Server" for a fallback configuration!
  IOS Interface from config mode:
  aaa group server radius rad_mac
  server 10.20.40.37 auth-port 1645 acct-port 1646
  and
  aaa authentication login mac_methods group rad_mac
  or
  aaa authentication login mac_methods group rad_mac local (for local fallback)
  I have not tested this, cause the MAC of the supplicants is to easy to sniff and any medium skilled person may used a sniffed MAC to enter the first authentication stage!
  Better use a setup with EAP-FAST or PEAP!
  I hope that helps.
  Best regards,
  Frank
  I hope that helps.

• Mac authentication by IAS in WAP4410N

  I have a access point model WAP4410N , I want to configure for mac authentication by using MS IAS , but when I set MY SSID to radius in wireless connection control and try to connect to that SSID by a labtop I didn't get any logs in my IAS , anybody knows when this problem happened ? my methods for radius mac authentication is correct or not ?

  Did you define the AP as a client in the IAS?
  Steve
  Sent from Cisco Technical Support iPhone App

• MAC Authentication on autonomous APs

  Hi!
  Has anyone here tried MAC authentication using Aironet 1200 series? If so, can you please tell me how to do it? Because I've been trying to make it work and it just won't work. Thanks!
  Regards

  Hi,
  Are you talking about radius mac-authentication ?
  The steps to configure MAC authentication on the ACS server and AP :
  [1] GO to Server Manager
  In the Corporate Servers -->Current Server List
  -- Select the Radius Server in the drop down.
  -- Specify the Server IP address in the Server: field
  -- Specify the Shared Secret in the Shared Secret: field
  -- Set the Authentication Port (optional): 1645 and the Accounting Port (optional): 1646
  - click on Apply
  -- In the Default Server Priorities aand under MAC Authentication
  -- In the drop down Priority 1: select the IP address of the ACS server and click on Apply
  [2] Goto SSid MAnager
  -- Select the ssid, In case a new SSID needs to be created create a new ssid.
  -- In Authentication Settings --> Methods Accepted: --> check on Open Authentication:
  --> Select with Mac Authentication from the drop down menu.
  - Click on the Apply all button to save this setting
  [3] Goto Advanced Security
  -- In the MAC Address Authentication -->MAC Addresses Authenticated by:
  -- Select Authentication Server Only and click on Apply
  On the ACS server Create Users with user names and password set to the MAC address of the
  clients. These user names/passwords should NOT have any spaces or dots in between them..
  Regards,
  ~JG

• WPA PSK doesn't work with MAC Authentication. AP1231G

  Hi, yesterday I've installed an Aironet Access Point 1200 series AP1231G for the first time.
  I'd like to use MAC Authentication with an WPA Pre-Shared Key. But it doesn't work. If I choose "Open Authentication with MAC Authentication", I can't type an WPA Pre-Shared Key. The system doesn't keep it.
  It only works with "Open Authentication" without MAC-Filter.
  Settings:
  Encryption Manager: TKIP
  SSID Manager
  1. Client Authentication: Open Authentication with MAC Authentication
  2. Key Managemnet: Mandatory WPA + WPA Pre-Shared-Key
  If I type in a Pre-Shared-Key and click on "Apply", the Pre-Shared-Key get loss.

  Tina,
  In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a00804e7d09.html#wp1034916

• MAC Authentication + Windows Server 2008 R2 Radius server

  Hello there,
  I have been trying to configure the MAC Authentication on Windows Server Network Policy Server but no success. Details on my configuration can be find below.
  I have firstly enabled the Mac Authentication on 3com switch 4400 model.
  enabling  -> Mac-authentication
  enabling authentication mode -> UsernameAsMacAddress
  configuring a domain - mac-authentication domain abc.local.
  I left the default Vlan (Vlan1)
  While on my DC, I created a user
  username: 00-00-00-00-00-00
  password: 00-00-00-00-00-00
  Lastly on the NPS Server, I configured the 802.1x Wired configuration, I configured the NAS (Radius Client) whici is the 3com Switch.
  After completing the configurations, I turned on my computer with and logged on to the domain abc\00-00-00-00-00-00 with the password. But there was no success when the computer tried to connect to the network looking for DHCP services to obtain IP address.
  On the NPS event service, I got:
  User:
  Security ID:
  NULL SID
  Account Name:
  [email protected]
  Account Domain:
  abc
  Fully Qualified Account Name:
  abc\00-00-00-00-00-00
  Client Machine:
  Security ID:
  NULL SID
  Account Name:
  Fully Qualified Account Name:
  OS-Version:
  Called Station Identifier:
  Calling Station Identifier:
  0000-0000-0000
  NAS:
  NAS IPv4 Address:
  xxx.xxx.xx.xx
  NAS IPv6 Address:
  NAS Identifier:
  00aa00aa00aa
  NAS Port-Type:
  Ethernet
  NAS Port:
  12345678
  RADIUS Client:
  Client Friendly Name:
  3com
  Client IP Address:
  xxx.xxx.xx.xx
  Authentication Details:
  Connection Request Policy Name:
  NAP 802.1X (Wired) 2
  Network Policy Name:
  Authentication Provider:
  Windows
  Authentication Server:
    server.abc.local
  Authentication Type:
  PAP
  EAP Type:
  Account Session Identifier:
  Logging Results:
  Accounting information was written to the local log file.
  Reason Code:
  16
  Reason:
  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
  All I could find was " Authentication failed due to the reason appeared in the reason code but I am very sure that the name and the password are the same. I hope someone can help me out. 
  Thanks.

  Hi,
  Thanks for your post.
  MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and
  password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.
  For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.
  MAC Address Authorization
  http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• WPA.PSK security on Mac and encrytion key

  I am trying to connect to a network at a new office.  They tell me to select WPA and enter the password to connect.  I think I am connecting to the router just fine but no internet.  Another user says he has settings like this -- Network - WPA.PSK and encryption - TKIP.  I am not finding any settings like this.
  Can you help?
  Thanks,

  The firewall is already off... I guess we will need to get the admins involved that set up the network.  I have never been able to connect to a router with the incorrect password before.  But, it seems as though I can connect to it even if I try to modify the password to try different options.  It is very possible I have the wrong password - only because the owner knows nothing about networks/computers.
  Thanks for your help!

• Wifi (WPA-PSK) not restored after sleep?  (10.4.10)

  Hi,
  Has anyone else noticed that their Wifi connection is not being restored after the MacBook comes back from a sleep?
  I'm using a 2006 white MacBook (Core Duo) with 10.4.10, connecting to a Cisco 877W ADSL router using WPA-PSK. Cisco firmware version is (C870-ADVSECURITYK9-M), Version 12.4(4)T7, RELEASE SOFTWARE (fc1), "flash:c870-advsecurityk9-mz.124-4.T7.bin" which seems to be current.
  From a cold boot, there is no problem connecting to the wireless router, but after a sleep, the connection is not restored, and the router syslog shows repeated unsuccessful authentication attempts from the Macbook's MAC address.
  Connecting manually to the correct network SSID doesn't resolve the problem: it just prompts for the WPA PSK keyphrase, which doesn't work if entered. Of course the correct keyphrase is already in the keychain.
  As a workaround, switching the Macbook's Airport off and on again a few times eventually seems to get it working again, but it's slow and very clunky.
  Can anyone else confirm this problem? It seems to have been introduced with 10.4.10, but I would like independent confirmation before reporting this to Apple, as I changed the wireless router around the same time as the 10.4.10 update appeared.
  Thanks,
  - Martin.
  PS: I guess there are two morals to this story...
  1) Always clone your hard drive to a Lacie drive with SuperDuper before installing any Apple updates - so that you can back out any buggy updates without a full reinstall.
  2) Don't install any Apple updates within 2 weeks of installing other network changes - so that you can tell what's caused any issues.

  The WPA auth problem still exists on a clean install of Leopard (and a full reboot is needed to clear it every time the laptop comes out of sleep) so I'll ring Apple Support and see if they can at least add it to their known issues list, in the hope of resolution later. It's quite likely that downgrading to WEP would be a workaround, but WEP is just not acceptable from a security perspective.

• WPA2 - WPA-PSK - TKIP trouble

  Situation:
  - D-Link DIR-635 802.11n-router configured: only WPA2 (personal) with TKIP
  - D-Link DWA-645 802.11n-pcmcia with atheros chipset and working ndiswrapper driver (ath5k is not yet supporting this chipset)
  I cannot connect to the router and I'm not sure it's the linux-config or the router-config that is to blame (which makes troubleshooting a real pain), so here goes:
  #  wpa_supplicant -dd -c/etc/wpa_supplicant.conf -iwlan0 -Dwext
  Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
  Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
  Reading configuration file '/etc/wpa_supplicant.conf'
  ctrl_interface='/var/run/wpa_supplicant'
  ctrl_interface_group='0' (DEPRECATED)
  eapol_version=1
  ap_scan=1
  fast_reauth=1
  Line: 7 - start of a new network block
  ssid - hexdump_ascii(len=9):
  53 4c 2d 61 63 63 65 73 73 SL-access
  key_mgmt: 0x2
  pairwise: 0x8
  group: 0x8
  proto: 0x2
  priority=9 (0x9)
  PSK - hexdump(len=32): [REMOVED]
  Priority group 9
  id=0 ssid='SL-access'
  Initializing interface (2) 'wlan0'
  EAPOL: SUPP_PAE entering state DISCONNECTED
  EAPOL: KEY_RX entering state NO_KEY_RECEIVE
  EAPOL: SUPP_BE entering state INITIALIZE
  EAP: EAP entering state DISABLED
  EAPOL: External notification - portEnabled=0
  EAPOL: External notification - portValid=0
  SIOCGIWRANGE: WE(compiled)=22 WE(source)=18 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
  WEXT: Operstate: linkmode=1, operstate=5
  Own MAC address: 00:17:9a:45:9b:1f
  wpa_driver_wext_set_wpa
  wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_countermeasures
  wpa_driver_wext_set_drop_unencrypted
  Setting scan request: 0 sec 100000 usec
  ctrl_interface_group=0
  Added interface wlan0
  RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
  Wireless event: cmd=0x8b06 len=8
  RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
  RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
  State: DISCONNECTED -> SCANNING
  Starting AP scan (broadcast SSID)
  Trying to get current scan results first without requesting a new scan to speed up initial association
  Received 256 bytes of scan results (1 BSSes)
  Scan results: 1
  Selecting BSS from priority group 9
  Try to find WPA-enabled AP
  0: 00:1c:f0:ee:f8:68 ssid='SL-access' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
  selected based on RSN IE
  selected WPA AP 00:1c:f0:ee:f8:68 ssid='SL-access'
  Try to find non-WPA AP
  Trying to associate with 00:1c:f0:ee:f8:68 (SSID='SL-access' freq=2412 MHz)
  Cancelling scan request
  WPA: clearing own WPA/RSN IE
  Automatic auth_alg selection: 0x1
  RSN: using IEEE 802.11i/D9.0
  WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 proto 2
  WPA: clearing AP WPA IE
  WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 02 01 00 00 0f ac 02 00 00
  WPA: using GTK TKIP
  WPA: using PTK TKIP
  WPA: using KEY_MGMT WPA-PSK
  WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 02 01 00 00 0f ac 02 00 00
  No keys have been configured - skip key clearing
  wpa_driver_wext_set_drop_unencrypted
  State: SCANNING -> ASSOCIATING
  wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
  WEXT: Operstate: linkmode=-1, operstate=5
  wpa_driver_wext_associate
  Setting authentication timeout: 10 sec 0 usec
  EAPOL: External notification - EAP success=0
  EAPOL: External notification - EAP fail=0
  EAPOL: External notification - portControl=Auto
  RSN: Ignored PMKID candidate without preauth flag
  RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
  Wireless event: cmd=0x8b06 len=8
  RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
  Wireless event: cmd=0x8b04 len=12
  RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
  Wireless event: cmd=0x8b1a len=17
  Authentication with 00:1c:f0:ee:f8:68 timed out.
  Added BSSID 00:1c:f0:ee:f8:68 into blacklist
  No keys have been configured - skip key clearing
  State: ASSOCIATING -> DISCONNECTED
  wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
  WEXT: Operstate: linkmode=-1, operstate=5
  EAPOL: External notification - portEnabled=0
  EAPOL: External notification - portValid=0
  EAPOL: External notification - EAP success=0
  Setting scan request: 0 sec 0 usec
  State: DISCONNECTED -> SCANNING
  Starting AP scan (broadcast SSID)
  Scan requested (ret=0) - scan timeout 5 seconds
  ^CCTRL-EVENT-TERMINATING - signal 2 received
  Removing interface wlan0
  State: SCANNING -> DISCONNECTED
  wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
  WEXT: Operstate: linkmode=-1, operstate=5
  No keys have been configured - skip key clearing
  EAPOL: External notification - portEnabled=0
  EAPOL: External notification - portValid=0
  wpa_driver_wext_set_wpa
  wpa_driver_wext_set_drop_unencrypted
  wpa_driver_wext_set_countermeasures
  No keys have been configured - skip key clearing
  Removed BSSID 00:1c:f0:ee:f8:68 from blacklist (clear)
  Cancelling scan request
  Cancelling authentication timeout
  WEXT: Operstate: linkmode=0, operstate=6
  net-profile wl-Synergy:
  CONNECTION="wireless"
  DESCRIPTION="SynergyLaw wireless access"
  INTERFACE=wlan0
  ESSID="SL-access"
  SCAN="yes"
  SECURITY="wpa-config"
  IP="dhcp"
  TIMEOUT=40
  WPA_CONF=/etc/wpa_supplicant.conf
  /etc/wpa_supplicant.conf:
  ctrl_interface=/var/run/wpa_supplicant
  ctrl_interface_group=0
  eapol_version=1
  ap_scan=1
  fast_reauth=1
  network={
  ssid="SL-access"
  key_mgmt=WPA-PSK
  pairwise=TKIP
  group=TKIP
  proto=WPA2
  priority=9
  #psk="abc"
  psk=<censored>
  #  iwlist wlan0 scan:
  wlan0 Scan completed :
  Cell 01 - Address: 00:1C:F0:EE:F8:68
  ESSID:"SL-access"
  Protocol:IEEE 802.11g
  Mode:Managed
  Frequency:2.412 GHz (Channel 1)
  Quality:45/100 Signal level:-67 dBm Noise level:-96 dBm
  Encryption key:on
  Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
  9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
  48 Mb/s; 54 Mb/s
  Extra:bcn_int=100
  Extra:atim=0
  IE: IEEE 802.11i/WPA2 Version 1
  Group Cipher : TKIP
  Pairwise Ciphers (1) : TKIP
  Authentication Suites (1) : PSK
  I find a lot of people asking similar questions, but none of the answers have helped me so far. I hope to find someone here with a similar setup and the answer to all my problems
  Zl.

  B wrote:
  I am running WPA2 indeed, but no N - plain G for the moment.
  That wpa_supplicant.conf looks dandy .
  Here's mine for reference:
  ctrl_interface=/var/run/wpa_supplicant
  ctrl_interface_group=0
  #fast_reauth=0
  #ap_scan=0
  #DIR=/var/run/wpa_supplicant GROUP=wheel
  # My home network
  network={
  ssid=*snip*
  key_mgmt=WPA-PSK
  proto=WPA2
  pairwise=CCMP
  group=CCMP
  #psk=*snip*
  psk=*snip*
  # Arne's network
  network={
  ssid=*snip*
  key_mgmt=WPA-PSK
  proto=WPA
  pairwise=TKIP
  group=TKIP
  #psk=*snip*
  psk=*snip*
  As you can see the first one is WPA2, the second one WPA. Of course you can mix but that will imho only increase possible incompatibilities.
  My netcfg setup:
  CONNECTION="wireless"
  INTERFACE="intel"
  HOSTNAME="hermes"
  # AP authentication
  SCAN="yes"
  SECURITY="wpa-config"
  WPA_CONF="/etc/wpa_supplicant.conf"
  WPA_OPTS="-Dwext -B"
  ESSID=*snip*
  # IP address
  IP="dhcp"
  DHCP_TIMEOUT=10
  N does not add any additional security (except that it makes WPA2 mandatory as far as I understood, I might be wrong about this). My router runs OpenWRT and I only intend to switch to N when I find a router that is stable on OpenWRT, and provides N performance and range (now you often have to resort to G MIMO drivers and stuff with OpenWRT on N models).
  hey!, thanks for your config there, now I have wifi using wpa2 connecting properly on a dell xps m1330.
  But I also found that if I didn't use netcfg to stop the profile manually, I couldn't reboot the system and after typing 'reboot' I think the wpa_supplicant is just killed or crashes and the system is stuck on '> Rebooting'. I had to use 'netcfg2 -d abc' to stop the profile then reboot.
  Last edited by ST.x (2008-06-27 11:43:17)

• WPA-PSK TKIP

  Does iPhone support WPA-PSK authentication?
  If so, does it support TKIP encryption?
  I'm having a heck of a time trying to set up my work network on the iPhone, though my MacBook Pro handles it just fine.
  Thanks in advance.

  i have not seen support for WPA-PSK TKIP if your
  router and other devices support WEP 128bit
  encription use that... anything other then 128bit
  will not work.. took 2 hours of fussing to figure it
  out
  MacBook Pro 15inch
  Mac OS X (10.4.10)
  That is incorrect.
  I am running WPA and WPA2 (both on Apple wireless base stations), and was able to connect to both. The WPA one uses TKIP.
  Make sure you do not have the new ExtremeN if set to "N-only". It will not connect in that case, whether you are using 2.4 GHz or 5 GHz. In fact, it will probably never even see the AP in that case.

• Cisco aironet 1040: create wireless with wpa2 and mac authentication

  Hi,
  I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
  I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
  Can anyone help me? thanks
  Hi,
  I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
  I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
  Can anyone help me? thanks

  ap#show configuration
  Using 2085 out of 32768 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  logging rate-limit console 9
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 syslog
  dot11 ssid Svez
     authentication open mac-address mac_methods
     authentication key-management wpa version 2
  username 00907a0f2a55 password 7 1249554E425C0D542C79257D66
  username 00907a0f2a55 autocommand exit
  username administrator privilege 15 password 7 033449040A0620425A0D15564F42
  username 0025d3db778b password 7 055B565D74481D0D1B52404A09
  username 0025d3db778b autocommand exit
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid Svez
  antenna gain 0
  station-role root
  world-mode legacy
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address dhcp client-id GigabitEthernet0
  no ip route-cache
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  end
  ap#