Aironet 1252 AES encryption

Similar Messages

• Aironet 1252 bridge and 802.11n

  Hi,
  I have two Cisco Aironet 1252  that I want to configure as a point-2-point bridge. Now I want to know if this configuration supports the 802.11n protocol.
  Regards,
  Screech

  Scott,
  I found the following statemen in the release note of IOS 12.4 (25d) (http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_4_25d._JArn.html#wp291685)
  802.11n HT Rates Apply Only to No Encryption or WPA2/AES Encryption
  The 802.11n HT rates apply only to no encryption or WPA2/AES encryption. They do not apply to WEP or WPA encryption. If WEP or TKIP encryption is used, the 1250 series access points and any 802.11n Draft 2.0 clients will not transmit at the HT rates. Legacy rates (802.11a/b/g) will be used for any clients using WEP or TKIP encryption
  Given this statement how do I configure AES encryption on the aironets 1252 that are configured in bridge mode as I do not see this option. If possible please provide steps using the web interface.
  Regards,
  Screech

• Can't open a specific wesite with AES encryption on

  WRT54GX2 router  set up with WPA and AES encryption, will not open a website that I know is working (it's my ISP, webmail site).  When I change to TKIP the site opens normally, but my wireless printer then drops off the network.  Any one have a fix?

  I agree with toomanydonuts suggestion. You can try the steps which toomanydonuts has mentioned and i think that will make your computer and printer work wirelessly.

• WPA2 Aes encryption on cisco 1121G AP

  hi
  i wanted to increase the security on my 1121G accesspoint by enabling wpa2 with aes encryption. in a test environment i set this up and i configured my wireless client to connect, my wireless client (ibm thinkpad t42p with 11a/b/g Wireless LAN Mini PCI Adapter II has the ability to either select WPA or WPA2 and whether you use TKIP or AES. i selected WPA2 and AES enter the encryption key which i had entered on the AP and i connected,
  i change the settings on the client to WPA and TKIP and entered the same encryption key and i managed to connect as well, which puzzles me, when i enter an incorrect encryption key it won't associate.
  is this normal behaviour or do you think i have configured something incorrectly on the 1121G AP?
  i have attached my config and have removed some personal data.
  many thanks
  rogier

  i have finally figured it out, it is the windows client or mac clients being very smart, if you configure your windows client to use WPA instead of WPA2 and select TKIP instead of AES encryption somehow it figures out this is incorrect and automatically sets the WPA to WPA2 settings and changes TKIP to AES encryption, i am amazed, i finally figured it out when a windows machine which did not have the windows patch to allow it to connect to WPA2 could not connect, only after installing the WPA2 patch would it connect. in the AP log it always showed as logging in with the WPA2 EAS encryption.
  i guess windows xp is a bit smarter than i originally thought

• AES Encryption for Windows Phone

  Hi,
  We are developing a windows phone app and the same app is also being developed in Android and IOS. All three platforms are using a JSON web service for data access. Parameters to be passed are encrypted using AES algorithm.
  The web service uses the Encryption and Decryption as shown in the following link : 
  https://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmanaged(v=vs.110).aspx
  The same is Encryption is available in IOS and Android and working fine.
  I am unable to achieve the same encryption in Windows Phone as System.Security.Cryptography is not available in Windows Phone. I did browse around and found a few alternatives as shown below but i am not getting the desired result i.e. Encrypted data is
  not the same and hence Decryption is not giving the same result in server side.
  public static byte[] Encrypt(string plainText, string pw, string salt)
  IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
  IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
  IBuffer plainBuffer = CryptographicBuffer.ConvertStringToBinary(plainText, BinaryStringEncoding.Utf16LE);
  // Derive key material for password size 32 bytes for AES256 algorithm
  KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
  // using salt and 1000 iterations
  KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
  // create a key based on original key and derivation parmaters
  CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
  IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
  CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
  // derive buffer to be used for encryption salt from derived password key
  IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
  // display the buffers – because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
  string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
  string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
  SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
  // create symmetric key from derived password key
  CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
  // encrypt data buffer using symmetric key and derived salt material
  IBuffer resultBuffer = CryptographicEngine.Encrypt(symmKey, plainBuffer, saltMaterial);
  byte[] result;
  CryptographicBuffer.CopyToByteArray(resultBuffer, out result);
  return result;
  public static string Decrypt(byte[] encryptedData, string pw, string salt)
  IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
  IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
  IBuffer cipherBuffer = CryptographicBuffer.CreateFromByteArray(encryptedData);
  // Derive key material for password size 32 bytes for AES256 algorithm
  KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
  // using salt and 1000 iterations
  KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
  // create a key based on original key and derivation parmaters
  CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
  IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
  CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
  // derive buffer to be used for encryption salt from derived password key
  IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
  // display the keys – because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
  string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
  string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
  SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
  // create symmetric key from derived password material
  CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
  // encrypt data buffer using symmetric key and derived salt material
  IBuffer resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, saltMaterial);
  string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, resultBuffer);
  return result;
  public static string AES_Encrypt(string input, string pass)
  SymmetricKeyAlgorithmProvider SAP = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesEcbPkcs7);
  CryptographicKey AES;
  HashAlgorithmProvider HAP = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Md5);
  CryptographicHash Hash_AES = HAP.CreateHash();
  string encrypted = "";
  try
  byte[] hash = new byte[32];
  Hash_AES.Append(CryptographicBuffer.CreateFromByteArray(System.Text.Encoding.UTF8.GetBytes(pass)));
  byte[] temp;
  CryptographicBuffer.CopyToByteArray(Hash_AES.GetValueAndReset(), out temp);
  Array.Copy(temp, 0, hash, 0, 16);
  Array.Copy(temp, 0, hash, 15, 16);
  AES = SAP.CreateSymmetricKey(CryptographicBuffer.CreateFromByteArray(hash));
  IBuffer Buffer = CryptographicBuffer.CreateFromByteArray(System.Text.Encoding.UTF8.GetBytes(input));
  encrypted = CryptographicBuffer.EncodeToBase64String(CryptographicEngine.Encrypt(AES, Buffer, null));
  return encrypted;
  catch (Exception ex)
  return null;
  public static string AES_Decrypt(string input, string pass)
  SymmetricKeyAlgorithmProvider SAP = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesEcbPkcs7);
  CryptographicKey AES;
  HashAlgorithmProvider HAP = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Md5);
  CryptographicHash Hash_AES = HAP.CreateHash();
  string decrypted = "";
  try
  byte[] hash = new byte[32];
  Hash_AES.Append(CryptographicBuffer.CreateFromByteArray(System.Text.Encoding.UTF8.GetBytes(pass)));
  byte[] temp;
  CryptographicBuffer.CopyToByteArray(Hash_AES.GetValueAndReset(), out temp);
  Array.Copy(temp, 0, hash, 0, 16);
  Array.Copy(temp, 0, hash, 15, 16);
  AES = SAP.CreateSymmetricKey(CryptographicBuffer.CreateFromByteArray(hash));
  IBuffer Buffer = CryptographicBuffer.DecodeFromBase64String(input);
  byte[] Decrypted;
  CryptographicBuffer.CopyToByteArray(CryptographicEngine.Decrypt(AES, Buffer, null), out Decrypted);
  decrypted = System.Text.Encoding.UTF8.GetString(Decrypted, 0, Decrypted.Length);
  return decrypted;
  catch (Exception ex)
  return null;
  Both methods shown above are not giving the same result.
  I would require the following scenario :
  Plain Text : "login@123"
  Key : "0123456789abcdef"
  IV : "fedcba9876543210"
  Hex : 356F65678C82C137BDBB2A2C8F824A68
  Encrypted Text : 5oegåÇ¡7Ωª*,èÇJh
  Request you to please suggest alternative to obtain the same AES Encryption using a Key and IV in Windows Phone.
  Thanks in advance.
  Regards,
  Vinay D

  Hi,
  The encryption and decryption in : http://dotnetspeak.com/2011/11/encrypting-and-decrypting-data-in-winrt-2 is
  not giving me the desired result.
  I would require the following scenario :
  Plain Text : "login@123"
  Key : "0123456789abcdef"
  IV : "fedcba9876543210"
  Encrypted Text : 5oegåÇ¡7Ωª*,èÇJh
  But what i am getting from the above link is : 
  I would require the following scenario :
  Plain Text : "login@123"
  Key : "0123456789abcdef"
  IV : "fedcba9876543210"
  Encrypted Text : NW9lZ4yCwTe9uyosj4JKaA==
  As u can see the encrypted string is not the same and hence i would get a different decrypt string on the server.
  I cannot change the server as it is in production and working with Android and IOS.
  Regards,
  Vinay D

• AES encryption with linux 64

  Hello
  We are using the AES encryption algorithm as one of our systems. To be able to use the AES did the installation of files and local_policy.jar US_export_policy.jar the JVM.
  On Windows and Linux 32-bit func, but did not work on Linux 64. returns the following error message: java.security.InvalidKeyException: Invalid AES key length: 31 bytes.
  The policys above are different JDK for Linux 64?
  What may be happening?

  I would suggest that you have not transferred your key correctly. You should note that keys are binary data and Strings should not be used to store binary data. It is possible that since you are using ASCII the two systems behave differently when converting a String to ASCII bytes. It would not surprise me if characters greater than 0x7f (which are not part of the ASCII set) are converted differently. Maybe somebody fixed a bug. Dump out in hex the bytes of your key created from key.getBytes("ASCII") in both systems and compare the two. I bet they are different.
  P.S. Please enclose the code in a pair of tags when posting code.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Accept Certificate when connecting to an SSID with WPA2-AES encryption.

  When I try to Connect my Iphone to an SSID with WPA2-AES encryption,i need to accept the certificate and gets authenticated.When i switchover to different SSID and reconnect again to the same WPA2-AES SSID i do not get the Certificate accept page.
  When i click on the Forget Network and deisconnect from the SSID and re-connect again,i will be prompted to acept the certificate.Is this a normal behavior in Iphone.
  Any suggestions would be greatly appreciated.
  Thanks and regards,
  Sendhil Balakrishnan

  Hi
  with the config i have i seem to be able to login using either tkip or aes, but i don't think i have got mixed mode configured on the AP so it should only accept WPA2-AES encryption but it also accepts TKIP making me believe something is configured incorrectly.
  should i change anything in the config on the AP to only allow WPA2-AES encryption?
  many thanks
  rogier

• WPA2 AES encryption Key Sizes

  Hi all,
  Just looking at the AES standard, or wiki of it
  http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
  It mentions that AES supports the following (in the notes just at the bottom of the web page)
  Key sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128, 192, and 256-bit key sizes are specified in the AES standard.
  Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128-bit block size is specified in the AES standard.
  What does the WLCs use for an AES key size when you enable a WPA2 policy with AES encryption?
  Many thx
  Ken

  128 bits was supported on the autonomous code, so I'm sure the LWAPP solution also uses 128 bits with three possible key lengths 128, 192 and 256 bits.

• AES Encryption No Longer Working

  Last week we had users complaining that they could no longer connect to wireless.  They were receiving a limited or no connectivity message.  Upon researching the issue, I found that if I removed the AES encryption, from WPA2, users were able to connect again with TKIP.  In speaking to a few admins, they stated that TKIP was the preferred method that was chosen years ago.  My first question is this.....In our WLAN's, we had the options for WPA/TKIP-AES, and WPA2/TKIP-AES.  I'm assuming this would allow the PC to use whichever encryption method was preferred.  However, this doesn't seem to be the case.  The PC chose AES, which caused the issue that they were having.  Would this be something PC based?   I'm assuming the controller only gives the ability.  It won't actually dictate which encryption method is used, unless one of the options is turned off (like we did with AES).  My second question is this....TKIP, being a weaker encryption method, isn't what I want our users using.  How could I migrate to AES?  Are there specific instructions to move from TKIP to AES?  Is it more than just putting a check mark on the AES options, under WLAN security?  Thanks for any help!

  Its best to only use either WPA/TKIP or WPA2/AES, not both or a mix of either.  This does cause issues with devices so its hit or miss.  If you had configured everything for WPA2/TKIP, well... your stuck with a non standard IEEE setting, and you will have to just configure that on the WLC.  It's the same if you were using WPA/AES.  
  The best way to move to a standard, is if your devices were domain machines and you can push out a GPO.  Non domain machines, you would need to manually enter those unless you had a tool that manages them.

• Enable AES encryption on 1310 Wireless bridge

       Hi All,
      I have requirment to enable the AES encryption on the management VLAN  traffic  between connected root and non root bridges . can any one share the configuration guidelines please ??
  below is the network setup  .
  Router<---->SW1 ( main office)--> Root-bridge < ---------->non root-bride------SW2 ( remote end site)
  Apart from the specific configuration on the wireless bridge is any extra configuration required on the Switch interfaces??
  Regards
  Lerner

  Hello,
  1. Make sure you are running version 12.3(7)JA or later since WPA2/AES was not always available for the 1310.
  2. How do you currently have the root/non-root configured?
  Ideally, adding AES shoudl be fairly straight forward.  Keep in mind we recommend using WPA2 with AES.
  configured on your root AND non-root:
  dot11 ssid
  authentication open
  authentication key-management wpa version 2
  interface do1
  encryption mode ciphers aes-ccm

• What configurations need to Enable AES encryptions on call on Expressway-e ??

  hi guys
  i've cucm 10.5 without token, on this cucm i've one sx80 registered, the cucm is configured to B2B call using one expressway-c and express-e, the b2b call work fine, but now i need configured aes encrypcion to call from SX80 to internet endpoint and viceversa.
  what configurations i need to enable aes encryptions on expressway-e?
  thanks.

  Which browser are you using? Do you have Enable Java checked in it's preferences? When you get a message it's a good idea to write down exactly what it says rather than dismiss it and wonder later what it said about something.

• Antenna alignmenet on Aironet 1252

  Hi,
  I am using two Cisco Aironet 1252 (cisco AIR-AP1252AG-A-K9) to setup a point to point link (one is configured as root bridge and is as a non-root bridge). Both Aironets are running software version Version 12.4(25d)JA.
  Is there a way that I can that I can perform an antenna alignment test on the Aironet that is configured as a non-root bridge?
  note: executing the following command dot11 dot11radio 0 ? does not show the antenna-alignemnet option.
  Regards,
  Screech

  .Now I am having problem having the devices associated . Is there any other way of testing why the devices are having problem associating to each other. Note in the root bridge I get an event that the root has reached the maximum packet retry send to the non-root bridge.
  Any idea.
  Tnx,
  Screech

• Aironet 1252 Antenna quantity

  Hi There,
  I already have an Aironet 1252 and I am going to increase the coverage.
  I would like to buy "AIR-ANT24120" but I dont know if I have to buy 3 of them or only would be enough?

  Let me try to answer your questions:)
  Did you decide to use lmr600 for longer cables and lmr400 for  shorter? I could just use lmr600 for all, I think. Of course, as long as  the holes in the wall allow for six lmr600's to fit in.
  The cost between the two is huge, so when I was 75' or less, I would use the lmr400, anything else would be the lmr600.
  Not  familiar with what it takes to crimp on RP-TNC vs. N-type connector. Is  N-type easier to crimp on? Or is there another reason?
  If you can have the cabler's only have to deal with one type of crimp.... the easier the install and that is why we did that.  Sparco arrestors were 'N" type and then we used a small jumper from the top of the NEMA enclosure to the AP which of course was rp-tnc.
  I  just noticed that omni antenna has SMA connector, but it also says  "connector options available". I'll talk to them, hopefully they have an  N-connector option. Otherwise, not sure about crimping SMA connector.
  They offer other connector types.
  Duly  noted on the tilt and arrestors. I want to protect the AP. I don't  think I'll be using enclosures inside, the AP might just be mounted on  the wall. In this case. If my LMR has N-type on both ends. I would have  to attach RP-TNC arrestor directly to the AP (I'm using 3500e), then  attach a RP-TNC to N-type adapter, and then connect the N-type LMR. Or I  might just end up using enclosures as in your example with N-type  arrestor.
  They have small jumpers so you can go from 'N' type to RP-TNC.  We used a NEMA enclosure just so it is more clean.  the arrestors actually just screwed into the top of the NEMA enclosure, 3 toward the fron and 3 toward the back and the console and ethernet connection on the bottom.

• Which Aironet 1252 radio module(s)

  I was going to use an Aironet 1252 access point to set up a wireless network and was wondering which radio module (or modules) to get. I have no need for backwards compatibility, so it seems that for best performance I should go with a pure 802.11n network. In order to achieve that goal, is one radio module sufficient? And which band would be best? Or is there any advantage (or disadvantage to getting both the 2.4 GHz radio module (AIR-RM1252G-A-K9) and the 5 GHz one (AIR-RM1252A-A-K9)?
  Any and all suggestions or thoughts are greatly appreciated. Oh, and if you need any other information about my setup please feel free to ask.
  Thanks,
  Paul

  fella5 is right. You've just mentioned the need for backward compatibility therefore both A/B/G modules is OK.
  Are you going to be using a Wireles LAN Controller (WLC)?
  The reason why I'm asking is because the 1252 AP, in order to get both RM to work, you need at least 19.0 watts of power. This can only be achieved using either a enhanced PoE switch (such as the 3560-E/3750-E) or a power injector.
  The latest code of the WLC (firmware 5.2) will upgrade the AVR of both the radio modules of the 1250 to be able to operate at 15.4 watts of power. Here's the catch though: The new WLC code will allow the 1252 to operate both radios BUT the power output (or signal strength) is curtailed.
  However, do you look the 1140 series AP. This model will operate at 15.4 watts of power, full signal strength but the range is not as far as the 1250.
  The 1140 (like it's other brother, 1130) was designed for office use: lots of walls, partitions and corners. The 1250 is designed for industrial use: wide-open space, environmental protection (thus the armoured-tank look-feel-weight).
  Hope this helps.

• AES Encryption example?

  I'm new to the cryptography area, so bear with me if I get things mixed up a bit.
  Here is what I need to do - using AES encryption.
  I have a stand-alone swing application that I need to encode certain sets of passwords and serial numbers.
  These will be stored in a database and compared against user input strings.
  Basically, I want to be able to store the key for the encryption in the program and use it for the encoding
  and decoding.
  I realize this is probably not the best way to handle this, but the security is not all that critical for this application.
  Basically we just don't want someone fetching the data from the database without having to use the application to decrypt it.
  I have seen several examples where a SecretKeySpec gets generated for each time the example is run,
  an example is http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html
  but I have not been able to find anything where a "static" key is used for the encryption/decryption.
  Can someone help me out here?
  Thanks.

  From your usage description, there is no need to encrypt anything. Just store a hash (MD5, SHA-1, SHA256 etc) of the passwords and serial numbers. You then compare the hash of whatever the user enters with the hash stored in the DB.