Configure WPA2 on a 1041

Hello Everyone,
Can someone send me a link or steps to configure WPA2 on a 1041 access point? I am trying to get it configured through the GUI and part way through I keep getting locked out of the AP due to WPA2 being partially configured.. Can;t figure this out.
Thanks in advance! All replies rated.

Here is the link..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
Please dont forget to rate the posts!!
Regards
Surendra

Similar Messages

Is this the right way to configure WPA2 on 1131 AP?

Hello everyone.
I, at work, have recently deployed a very small stub network in Papua New Guinea, an office that has no more than 7/8 users. This simple network consists of:
1 x 2611xm Router
1 x 2960 24port Catalyst Switch
1 x 1131ag AP
1 x Dell Server used for WSUS and Anti-Virus updates for users on the LAN.
NO VLANS - all connect to default vlan1
And that is it, no individual DNS/DHCP/Domain servers, or Radius/Authentication servers for that matter.
Originally we deployed WEP on the AP, but today I configured WPA2.
That said, below is my AP config, and just looking for confirmation if its correct, or needs further improvement (remove any unnecessary commands)?
The switch has no additional VLANS configured, the link between the switch and the AP is NOT configured as trunk.
The router does not have additional sub-interfaces. Simply put, fa0/0 goes to the public internet, fa0/1 goes to the inside switch.
Please note that wirless connectivity works OK, there are no issues, but i feel like i may have more unnecessary steps in my config than needed.
Thanks for your guidance and support.
Current configuration : 2583 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname WCS_GorokaAP
logging rate-limit console 9
enable secret 5 <removed>.
no aaa new-model
ip domain name <removed>
dot11 syslog
dot11 ssid wcs_goroka
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 <wpa key>
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
ssid wcs_goroka
mbssid
channel 2437
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
ssid wcs_goroka
dfs band 3 block
mbssid
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.15.241 255.255.255.0
no ip route-cache
ip default-gateway 192.168.15.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner motd ^C
* This is a secured Access Point. Unauthorized logins are strictly restricted. *
^C
line con 0
password 7 <console password>
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password 7 <telnet password>
logging synchronous
login
transport input telnet
line vty 5 15
login
end

thats correct.
keep this link as reference:
http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml
Please make sure to rate correct answers

Want to configure wpa2 enterprise in wlc 2106

Hi,
I want to configure the wlc 2106 with wpa2 enterprise .... i reckon that iI need ACS server ( Radius Server ) with server certificate as well client certificate.
how do i configure the redius server to get access through wpa2 enterprise .. If i am wrong , what are all things required to enable wpa2 enterprise with AES encryption .
Is it possible to get the evalution copy of acs server with certificate ?
how to go ahead for the same .
It would be great help me to get the proper answer for configuration of wpa2 enterprise with AES ...

The below link may help you..
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008095382f.shtml
Regards
Surendra

WPA2 configuration on Aironet 1042N

Just started at a new job and had three new Cisco Aironet 1042Ns thrown at me and asked to configure them. They are running the latest software; C1040 Software (C1140-K9W7-M), Version 12.4(25d)JA1. I had no issues configuring them with no security and with WEP, but would very much like to avoid this and configure WPA or better WPA2.
The settings for WPA under the web-based interface require a RADIUS server, which we do not have. Are there any instructions on the Cisco site (or elsewhere) that explain how to configure WPA2 for added security on a Aironet 1042N without using a RADIUS server for authentication? It just seems to me that these enterprise-level WAPs should be able to do the same as any of the commodity wireless APs and provide extra security.
Thanks in advance.
KJ

Try to reference this document for wpa v1 or v2 for preshared key. If you want to use AD, you need to implement a radius server. Start out with wpa2 psk first and then if you get that going, then try 802.1x. Requires the use of certificates on the radius.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Configuring Aironet 1040 with WPA2-PSK

I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
This is what I have so far:
Current configuration : 1684 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap1
logging rate-limit console 9
enable secret 5 $1$q9i9$V8Z042Zif0H7t4qN5awMM.
no aaa new-model
ip domain name Office
dot11 syslog
dot11 ssid WLAN
vlan 30
authentication open
username Cisco password 7 05280F1C2243
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid WLAN
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
ssid WLAN
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.2.2 255.255.255.0
no ip route-cache
ip default-gateway 192.168.2.1
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
login local
end

OK, I figured out some of what was going on. The admin account was set to read only instead of read/write, and both radios had not been added to my VLAN. Now I have successfully (?) configured WPA2-PSK on both wireless access points, and they are broadcasting their SSIDs, but I am unable to connect to them for an unknown reason. I am prompted for the pre shared key and then the connection fails. Hmm...

WPA2 Auth on WLC 5760 using ISE 1.2

Hello there,
I am trying to configure WPA2 802.1x authentication on my WLC that should use ISE as radius server which is set to authenticate AD users.
The issue is that when I try to connect the SSID, it does not forward the authentication request to ISE. Therefore, I dont see any authentication request on ISE coming from the client.
I am using the following cli config for the SSID.
wlan TESTSTAFF 70 TESTSTAFF
aaa-override
client vlan Floor_WL
security dot1x authentication-list WPA-Auth
session-timeout 1800
no shutdown
aaa authentication dot1x WPA-Auth group ISE_Group
aaa group server radius ISE_Group
server name ISE
radius server ISE
address ipv4 <ise_ip> auth-port 1812 acct-port 1813
key <key>
On ISE, I have added the WLC as network device. CWA authentication is working fine it is just Layer2 WPA 802.1x authentication which is not forwarding requests to ISE.
Can you please suggest?
Thanks in advance.

is ur wlc and iSE is connected???
is ur Radius Shared secret is correct or same on both side?
Please check these: http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml
Regards

WLC 5508 and WPA/WPA2 causes client DNS lookups to fail

Hi all, we just recently received a brand new 5508 with 6.0.199.4 firmware. We currently have three LAP-1250s that associate just fine to the WLC.
For testing purposes only, we enabled WPA2 with both types of encryption TKIP and AES with an ASCII PSK.   The clients are able to connect, authenticate and get an IP address from our local (same subnet) DHCP server. They also get the DNS info from our DHCP server.   However, the problem is that they are not able to do any DNS lookups.   I haven't run wireshark yet to confirm, but it sounds very familiar to this problem: https://supportforums.cisco.com/message/3202369
I've even had clients use nslookup with both of my DNS servers and they are not able to resolve. I'm not sure if the request or the reply is being blocked/dropped, but I can find out tomorrow.
Now the strange part - if I turn off WLAN security altogether, it works!   That's right, I just disable L2 security for the WLAN and re-connect the clients and they are able to do full DNS lookups.
AND - if I leave L2 security configured (WPA2 with PSK), and enable L3 Passthrough security - the clients get to the auth web page, click the "accept" button and are then able to do full DNS lookups too.
What could be the problem here?   There's nothing I see configured for the L2 or L3 security settings that could be the culprit. We're using default (from Cisco) configuration, so there's no ACLs configured or anything like that to block DNS.
Another strange thing here which may or not be related - during initial configuration the setup asked for a virtual IP - so I gave it one - 1.1.2.2.   Now when I do an ipconfig /all on the client, I see this 1.1.2.2 address listed as the DHCP server. Why is this?   It's definitely getting an IP address and DNS info from the correct DHCP server, so not sure why this is showing up.
Thanks, Matt

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi Matt,
Just wanted to jump in, and also mention it may be worth attempting to disable the fastpath feature on the 5508, and test your failing client again. You may be hitting CSCti34667.
debug fastpath cfgtool --fc.disable
This command can be run via Telnet/SSH. Please keep in mind that fastpath will automatically re-enable periodically, so we recommend disabling every 10 minutes as a workaround for any known fastpath issues. You can do so by running the following Macro in TeraTerm:
:mainloop
   sendln "debug fastpath cfgtool --fc.disable"
   pause 600
goto mainloop
If you find that disabling fastpath resolves your concern, you can reach out to TAC for an Escalation Image with the fix for this one.
Best,
Drew

WPA2 on 1231 vs 1240

I'm having a problem configuring WPA2 on a Cisco 1231 Access Point, where I see a command which I cannot do on this one, which I could do on 1240 AP's.
On the 1240 I've the following config of the SSID:
vlan 60
authentication open eap eap_methods
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
but on the 1231 I cannot do the "authentication key-management wpa version 2", so I have it like:
vlan 110
authentication open eap eap_methods
authentication key-management wpa
guest-mode
mbssid guest-mode
Since I'm having problems with connecting, what can be the solution?
The working one is running:
c1240-k9w7-mx.124-10b.JA
and non working:
c1200-k9w7-mx.123-8.JEA

Hi Jorge,
You may be running into one of these reasons why the 1231 isn't supporting WPA2;
Q. What Cisco Aironet access points support WPA2 and AES?
A. The following Cisco Aironet autonomous and lightweight access points support WPA2 and AES: Cisco Aironet 1240AG Series, 1230AG Series, 1130AG Series and 1000 Series access points. Cisco Aironet 1100 Series, 1200 Series and 1300 Series 802.11g radios support WPA2 with a Cisco IOS Software upgrade via Cisco IOS Software Release 12.3(2)JA or later.
Q. Which Cisco Aironet 1200 Series 802.11a radio modules support WPA2 and AES?
A. Cisco Aironet 1200 Series radio modules with the part numbers AIR-RM21A or AIR-RM22A support WPA2 and AES. The Cisco Aironet 1200 Series radio module with the part number AIR-RM20A does not support WPA2 or AES.
Q. Which Cisco Aironet 802.11b access points support WPA2 and AES?
A. Cisco Aironet 802.11b access points are not upgradeable to support WPA2 and AES.
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801e3e59_ps2706_Products_Q_and_A_Item.html
Hope this helps!
Rob

ISE 1.3 not receiving Radius requests from WLC 5508 ver 8.0.110.0

Hello all. I just implemented ISE 1.3 at a customer site. added a WLC running 8.0.110.0 using its mgmt address with a RADIUS preshared key. On the WLC, I created to SSIDs, corp and guest.
For corp I configured WPA2 and AES and forwarded Radius requests to my 2 ISE node PSN interfaces
For the guest I configured MAC filter with advanced features AAA overide and Radius NAC - per Cisco's documents
The corp forwards Radius requests to ISE, the guest does not. I get nothing from the guest.
I configured the WLC step by step from the Cisco document. I have completed over 10 ISE implementations in the last year using ISE 1.2 and WLC 7.x and have never run into this issue before.
Any help will be much appreciated.

This issue has been resolved. The issue was that for the guest SSID MAC filtering was enabled as required, but they had the test PCs on a mac filter bypass list for that SSID in the WLC. This was automatically authenticating the PC, and therefore not forwarding the RADIUS to ISE.
Once we removed the PC from the MAC filter list in the WLC, the authentications were forwarded to ISE as desired.

WRE54G does not stay connected

Router WRT54GS with extended antennas 7dbi, connected 4 wired devices, 3 computers and a network printer. Expander WRE54G, 192.168.1.240. Wireless devices, 2 laptops and a PC. Wireless configuration WPA2, all firmware is updated.
2 story house, Expander downstairs, laptop even without the Expander works fine
Initially installed & setup the expander worked fine. Every once in awhile begins flashing red, I pin the reset and push the auto configuration button and remains flashing red after cycling. All wireless devices sill connected, except the Expander.
This has happened before and I hardwired the Expander to re-setup and then place back downstairs. That happened about a month ago.
And since then, I decided to disable SSID broadcasting, so this maybe the problem. And today my wireless for whatever reason could not be detected by the laptops or PC and I just opened the WRT54GS web control page and enabled SSID broadcasting and noticed I had 2 SSID ID's I have no idea how this came about, it only shows on the Laptop running Vista.
And usually all my neighbors SSID's appear, for some reason not one was listed from either of my laptops. Is it possible someone is nearby to disrupt or block SSID transmitting and a reason for my WiFi side to go down?
I did not have to recyle my router either and I got my wireless back up, just not the Expander.
I will enable the SSID broadcasting and see if that solves my particular problem with the WRE54G Expander.
Thanks a million, sorry due to the economy, I do not have the $$, Doc

Hmmm. Are you sure you got the WRE to work with WPA2 security? It doesn't support that. So I guess that would explain your WRE's sporadic performance but I thought it would never connect that way. As for your other problems, I think a good power cycle of your whole network would do wonders. Why are you needing the WRE? Sounds like you are getting plenty of signal without it...
Message Edited by Luckydog on 12-10-2008 05:35 PM

Not able to install or generate acs server certificate

Hi,
I have one test set-up with one layer 3 switch and one autonomous AP 1131. I have configured one SSID and without any authentication and it was not able to connect successfully.
But now i want to try enable WPA2 enterprise ( Actually , after checking with the test set up , i am going to implement in live set-up where i have to configure WPA2 enterprise so that i would like to go for testing wpa2 enterprise not wpa2 personal ).
I have ACS server 3.0 trial version and installed on windows server 2000 and
on AP 1131 i have configured radius server commands
( aaa- new model and radius server host ... ip address ... key ..... shared secret ... password .. ).
I am confused with certificate which is required to install on acs server but i am not able to generate the certificate or not able to get the certificate from anywhere in acs server option.
how to generate acs server certificate in trial version 3.0 and after generating how to install in acs server and what about client ... will it be same certificate which i need to install in cllient PC's and if yes how to add in client pc's and if not , where will i get cllient certificate ,..
if i buy ACS software which i will be installed windows platform , i will get two certificate ,,,,,,,,, what about acs trial version software .... will i be able to get certificate .......
i am trying to refer so many documents but it could not help me ..
Your help will be appreciative.
Looking for proper information.

Hi,
Thanks for your response ....
obivously , This ACS 3.0 is end of supprt but when i tried to install the acs 4.0 or later , I am not getting an error saying " basic platform should be installed first , that is ACS 3.0 ".
That is the reason i have gone for this edition .
Should i go for upgrading the acs 3.0 to 4.1 or later version ?
if so , will it be possible on trail version ?
please give me your suggestion.

PCA AR/AP transfer with 1KEK after sending with 3KEH

My company for some reason has the AR and AP accounts set up to post realtime to PCA, being set within 3KEH. This obviously creates high volumes of data with the preferred method being running 1KEK to load the open items at month end. Has anyone coverted from the 'wrong' way to the 'right' way. Is it as simple as removing the entries from 3KEH at the the beginning of a fiscal month then begin running 1KEK at month end?

Yes 1230 AP supports WPA2.
***Most of those older APs don't have the hardware to support WPA2. It's not the software but the hardware/radios.
Just try to configure WPA2 under :
dot11 ssid xyz
vlan xx
authentication key-management wpa version 2
Regards

Change PHY Mode, max speed is 54mbps

Hi Guys
One of my partners is having trouble configuring his first AP-1042 in standalone mode.
Having some issues configuring our first AP-1042N. I am not sure how to change the PHY mode; it seems to be currently set to 802.11a and are only achieving a maximum transmission rate is 54mbps. If the disable lower MCS Rates on the 5GHz channel the wireless interface goes down.
we are/were trying to configure just a basic Access Point, but were anticipating faster connection speed than 54mbps.
Thanks for your help in advance.

Hi, thanks Steve. Still alittle confused on how to configure WPA2/AES, client isn't running a radius service; and would prefer a simple psk. I have attempted to configure local authenticator however not quite right (still connecting at 54mbps, and under preforming the linksys router it is replacing). Any suggestions would be appreciated.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LocalAuthenticator
logging rate-limit console 9
enable secret 5 $1$AZPv$DQc2TKeIlCf9VrRlq7ZTK/
aaa new-model
aaa group server radius rad_eap
server 192.168.1.201 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 ssid RJPhysio
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa
   guest-mode
dot11 network-map
username Cisco password 7 062506324F41
username rjp password 7 141A131204013D7C77
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid RJPhysio
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers tkip
broadcast-key change 300
antenna gain 0
no dfs band block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel width 40-above
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.1.201 255.255.255.0
no ip route-cache
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
nas 192.168.1.201 key 7 15130C0B162F383721253076435C020C195F5A575F5B090A1B1755
nas 192.168.1.202 key 7 060708265E4B1A0A0C01175F5C5F3E243C21303A2E1C001F00005A
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.201 auth-port 1645 acct-port 1646 key 7 08204B491B1C16041B1D09507A7030272B3C211C0B190408555854
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
end

4402 PEAP w/ACS3.3 using Novell NDS.

I am trying to configure WPA2 with 802.1x authentication through ACS 3.3. Having issue with using PEAP authentication through ACS 3.3 configured for Novell NDS as External Database. Client is stuck "Verifying credentials". Controller sends authentication requests to ACS, but it is not getting any response back from ACS. ACS is on the same subnet, no firewalls of any kind in between. Under Failed Authentication on ACS nothing gets logged if I have PEAP enabled under Global Authentication Setup (EAP-MSCHAPv2). If I uncheck PEAP options under Global Authentication, then ACS will log under Failed Attempts error message saying that "EAP type not configured. Check Global Authentication Setup". Correct IP address of ACS and secret key is entered in Wireless Controller. I have also tried using port 1645 and 1812 with the same result.
Any ideas would be appreciated. Thanks.

If you are authenticating against Novell eDirectory/NDS, you should use EAP-GTC. Also, when you create your database configuration, be sure to enter all contexts (separated by commas) in which your user accounts reside.

Does Cisco Aironet 1131G really support EAP-SIM ?

Hello!
I have tried to configure EAP-SIM authentication on Cisco Aironet 1131G for Wi-Fi Offload but unfortunately I couldnt make it work. As far as I understand the Wi-Fi standard it is fully supported in 802.11n within WPA2-Enterprise standard. I have read Cisco datasheet for 1131G where your are claiming that you support EAP-SIM in WPA2 also. I have tried to configure it according to configuration guide but it always requires to enter password key first when I try to connect to SSID with configured WPA2 and EAP-SIM. Can you please provide us with additional info how to properly configure AP or confirm that EAP-SIM needed for seamless 3G/Wi-Fi authentication is supported only within WPA2-Enterprise.
BR,
Denys

Yes EAP-SIM is supported by Cisco Aironet 1131G. For more detail about this product you can go to below link.
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6087/product_data_sheet0900aecd801b9058.htmlhttp://

Configure WPA2 on a 1041

Similar Messages

Maybe you are looking for