WAP4410N width Security-Mode WPA2-Enterprise and WDS-Repeater
Hi,
i have two WAP4410N with same Firmware 2.0.7.4. One Configured as AccessPoint with "Allow wireless signal to be repeated by a repeater." and correct MAC of the repeater.
The Repeater has same settings (WPA2-Enterprise, both WAP4410N in B/G/N-Mode) configured as "Wireless WDS-Repeater" width correct MAC of first AP.
Problem is, that the Repeater does not repeat anything, nothing in the logfile. Are my settings correct or should i use "Wireless Client/Repeater" in my case. Does WAP4410N support Repeating in WPA2-Enterprise?
Thanks for your assistance
A dumb question first of all - when you entered the mac address to repeat, did you use the wireless rather than the wired mac address?
I also found that enabling http (wireless) access to the wap4410n repeater and then disconnecting the wired connection to the wap4410n ap helped set things up better.
If you search these forums I uploaded beta firmware that works much better than the one you're using. Alternatively you could use wap encryption, it seems that using wpa2-personnel is what messes up the firmware you're using.
Similar Messages
-
Can the WAP4410N be setup with WPA2-Enterprise and also be repeater by another WAP4410N?
I have AP1 setup with WPA2-Enterprise. How would I setup AP2 (WAP4410N) to be a repeater for AP1?
Hi Alec,
Thanks for participating in the Small Business Support Community. I've posed your question to our engineers and the short answer is "no".
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
WAP4410N can only repeat or bridge other supported Small Business APs/Routers.
Thanks again for your participation and, although probably not the answer you wanted, I hope this helps.
Stephanie Reaves
Cisco Small Business -
WPA2 Enterprise and autonomous 1231
I have a bunch of standalone AIR-AP1231G-A-K9 running c1200-k9w7-mx.123-8.JEC2/c1200-k9w7-mx.123-8.JEC2 which is currently setup for guest and company ssid. The guest I don't care but for company, it goes back to a Microsoft IAS radious Certificate Authority using WEP. I want to migrate to WPA2 Enterprise without effecting the current setup so want to create some type of testing. Can I do so or do I need to blow away wavenet with WEP altogether. If so, any sample configs out there?
Since you'll have to touch all the clients in order to change your security/encryption, why not add another SSID and define it as WPA2/Enterprise and point it to the same IAS server? I'm pretty sure that IAS will support that (I know your AP's will). Try it on one AP, then configure the others, then migrate your clients (kill the old SSID when you're done).
-
WlanApi: Setting and connecting WPA2-Enterprise and PEAP
HI
I am writing application using Wlanpi which we can connect WiFi. Security setting are WPA2-Enterprise and PEAP.
Can someone help me with Working code? I have tried lot of things but not able to make it work. it is returning an error "corrupted profile".You can add a wireless profile to the profile store programmatically by calling
WlanSetProfile
Check this document: https://msdn.microsoft.com/en-us/library/windows/desktop/aa370030(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa369853(v=vs.85).aspx
Best Regards,
Please remember to mark the replies as answers if they help -
How do I configure a cisco 1131 AP to use WPA2 enterprise and authenticate to Active Directory
I have a Win2008 server set up as a radius server (192.168.32.71) and a stand alone AP (192.168.201.9) The AP is config is below:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$IdUV$UvE2IJTNzHX6mW6Mmh3At0
ip subnet-zero
ip domain name TKGCORP.local
ip name-server 192.168.32.71
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server 192.168.201.9 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid ka_test
vlan 201
authentication open eap eap_methods1
authentication network-eap eap_methods1
guest-mode
power inline negotiation prestandard source
username Cisco password 7 112A1016141D
username tkgadmin privilege 15 password 7 022D167B06551D60
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 201 mode ciphers aes-ccm tkip
encryption key 1 size 128bit 7 673B0AA56FCB4E630D8E4856427E transmit-key
encryption mode wep mandatory
broadcast-key change 150
ssid ka_test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption key 1 size 128bit 7 B711059074E30B1E1D4E3EC038BB transmit-key
encryption mode wep mandatory
broadcast-key change 150
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
interface BVI1
ip address 192.168.201.9 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
no authentication eapfast
no authentication mac
nas 192.168.201.9 key 7 010703174F
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 0835495D1D
radius-server host 192.168.201.9 auth-port 1812 acct-port 1813 key 7 0010161510
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
endSorry for the late reply Steve. The link you provided was extremely helpful here is what my config looks like now:
ersion 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$7vHS$YWCMbrlAgDUayKlOHhMlF1
ip subnet-zero
ip domain name TKGCORP.local
ip name-server 192.168.32.71
aaa new-model
aaa group server radius rad_eap
server 192.168.32.71 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid wap_test
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
infrastructure-ssid optional
power inline negotiation prestandard source
username Cisco password 7 047802150C2E
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid wap_test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.201.9 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 071B245F5A
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end
I get a login screen but it will not let me connect, on my radius server I have it set to allow a group that my username is in. Here are some debugs from when I try to connect to the AP:
ap#debug aaa authentication
AAA Authentication debugging is on
ap#
*Mar 2 01:11:53.284: AAA/BIND(00000006): Bind i/f
*Mar 2 01:11:53.355: AAA/AUTHEN/PPP (00000006): Pick method list 'eap_methods'
*Mar 2 01:11:54.556: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
*Mar 2 01:11:55.280: AAA/BIND(00000007): Bind i/f
*Mar 2 01:11:55.404: AAA/AUTHEN/PPP (00000007): Pick method list 'eap_methods'
*Mar 2 01:11:56.349: AAA/BIND(00000008): Bind i/f
*Mar 2 01:11:56.525: AAA/AUTHEN/PPP (00000008): Pick method list 'eap_methods'
*Mar 2 01:11:57.300: AAA/BIND(00000009): Bind i/f
*Mar 2 01:11:58.070: AAA/BIND(0000000A): Bind i/f
*Mar 2 01:11:58.812: AAA/BIND(0000000B): Bind i/f
*Mar 2 01:12:15.470: AAA/AUTHEN/PPP (0000000B): Pick method list 'eap_methods'
*Mar 2 01:12:15.492: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
ap#undebug all
All possible debugging has been turned off -
I configured my Aironet 1262N autonomous AP to authenticate and account my users against a FreeRADIUS server. In the RADIUS server database, I saw some records like:
select username, acctauthentic, acctterminatecause, acctstarttime, acctstoptime from radacct where username='xxxxxx';| xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 09:15:32 | 2014-02-22 11:15:58 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 09:15:58 | 2014-02-22 12:16:36 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:16:37 | 2014-02-22 09:22:13 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:22:14 | 2014-02-22 09:27:34 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:27:35 | 2014-02-22 09:33:12 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:33:14 | 2014-02-22 09:38:34 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:38:35 | 2014-02-22 09:43:55 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:43:57 | 2014-02-22 09:49:17 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:49:18 | 2014-02-22 09:54:52 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:54:54 | 2014-02-22 10:00:14 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:00:14 | 2014-02-22 10:00:26 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 10:00:26 | 2014-02-22 10:06:17 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:06:19 | 2014-02-22 10:11:39 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:11:41 | 2014-02-22 10:17:52 || xxxxxx | Local | Lost-Carrier | 2014-02-22 14:50:41 | 2014-02-22 14:50:42 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 14:50:42 | 2014-02-22 15:01:25 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:01:26 | 2014-02-22 15:06:46 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:06:48 | 2014-02-22 15:12:08 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:12:09 | 2014-02-22 15:20:24 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:20:25 | 2014-02-22 15:28:33 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:28:35 | 2014-02-22 15:33:54 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:33:55 | 2014-02-22 15:39:15 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:39:17 | 2014-02-22 15:44:37 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:44:38 | 2014-02-22 15:49:59 || xxxxxx | Local | | 2014-02-22 15:49:59 | NULL |
As you can see, the Acct-Authentic fields contains two possible values: Local and RADIUS. I didn't create any user with name 'xxxxxx' on AP, and I configure the authentication is against the RADIUS server. Why there are so many Acct-Authentic = 'Local'?
Also, this user always lost his connection and then reconnected quickly. This user login his account in multiple devices, including smart phone and computers. All of them are experiencing the same issue. Is there anyway to debug it? Any protential reasons?
Regards,
Lingfeng XiongHi,
I have exactly the same problem with my freeradius and switchs when swiths are in IOS 15.x .
You can see the log accounting :
| 5971 | 0000007E | bde8f71b768f2785 | | | | 10.254.1.253 | 50001 | Ethernet | 2014-04-03 23:23:04 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5972 | 0000007F | 27c15b7db52213d9 | | | | 10.254.1.253 | 50001 | Ethernet | 2014-04-03 23:23:04 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5973 | 00000080 | 8fb0d5fe41e82d65 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:23:18 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5974 | 00000081 | fa753225306a1a30 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:23:35 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5975 | 00000082 | 39b6dfcf6aa90e30 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:25:57 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5976 | 00000083 | d7766e99f09aee2f | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-03 23:26:33 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5977 | 00000084 | 7094f61110fe4eef | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:29:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5978 | 00000085 | 66ded1d410f07c51 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:30:00 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5979 | 00000086 | 326144c4321e0286 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:30:32 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5980 | 00000087 | 01d1379a4f9c3365 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:32:57 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5981 | 00000088 | 91164743f562dfdb | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:34:59 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5982 | 00000089 | abf1519e403f8305 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:36:21 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5984 | 0000008B | 2e199e473e646ba4 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:21:01 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5986 | 0000008C | cb4c2e11189d484c | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:10 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5987 | 0000008D | 1e928dc7eabc1e6d | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:11 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5988 | 0000008E | f1e3754a954e6863 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:15 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5989 | 0000008F | e46d377efc8a47f8 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:00:02 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5990 | 00000090 | e098f1dc19bdeee2 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:01:02 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5991 | 00000091 | 6ae3acb7d57c9c5a | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:56:25 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5992 | 00000092 | abc974156cf20e23 | | | | 10.254.1.253 | 50021 | Ethernet | 2014-04-04 03:10:56 | NULL | 1943 | Local | | | 0 | 204825 | | | | Framed-User | | | 0 | 0 | |
| 5993 | 00000093 | be822673509843a6 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 03:51:41 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5994 | 00000094 | 0a4366a6cd9eb0c5 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 07:53:42 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5996 | 00000095 | 5d289b8db37d0c8d | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 08:58:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5997 | 00000096 | c4ea1e813085a6d7 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 08:58:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6002 | 0000009A | a82ac41b1ff5f16b | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:03:12 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6004 | 0000009B | 0719718c780250c2 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:53:30 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6005 | 0000009C | c58f9c5e30b60fb7 | | | | 10.254.1.253 | 50016 | Ethernet | 2014-04-04 09:56:54 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6007 | 0000009D | f78cc71528fd7898 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:56:54 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6008 | 0000009E | 200a1608264cc03c | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:01:14 | 2014-04-04 10:30:24 | 1750 | Local | | | 114654 | 93145 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6009 | 0000009F | c5ec021f0ef399c1 | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:01:44 | 2014-04-04 10:30:24 | 1720 | Local | | | 109122 | 86295 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6013 | 000000A4 | 042773e07781caba | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:30:26 | 2014-04-04 10:39:51 | 565 | Local | | | 36891 | 39077 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6015 | 000000A5 | f6b305e3f0d6aa5a | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:30:56 | 2014-04-04 10:39:51 | 535 | Local | | | 31698 | 32171 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6017 | 000000A6 | ef6cad3df24ccd61 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 10:42:20 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
Someone has an idea ?
Thanks,
Best regards, -
WPA2-Enterprise + EAP (PEAP) and 802.1x to authenticate to RADIUS server NPS
I need to connect my iPhone and my iPad to the corporate wireless network using WPA2-Enterprise and 802.1x to authenticate against a RADIUS server with my corporate user. What is the procedure to configure the clients? Certificates is not necessary on the client. Radius server is a NPS of Microsoft and the WLC is a 5508 of Cisco.
thanks !!!WPA and WPA2 are all actually interim protocols that are used until the standardization of IEEE 802.11i standard. Wi-fi appliance decided that ratification and standardization of 802.11i standards will take more time. So, they came up with WPA.
Now, WPA2 is advanced version of WPA. WPA2 uses AES as encryption algorithm. Whereas, WPA use TKIP as encryption mode which in turn uses RC4 encryption algorithm.
WPA and WPA2 are actually are of 2 types respectively.
WPA/WPA2-PSK - This is mainly for small offices. This uses Pre-Shared Key for authentication.
WPA/WPA2 -Enterprise - This uses a RADIUS Server for authentication. This is an extension to 802.1x authentication. But this uses stronger encryption scheme(WPA uses RC4 and WPA2 uses AES).
Any authentication mechanism that involves a separation authentication server for authentication like ACS server is called 802.1x authentication.
EAP stands for Extensible Authentication Protocol. It refers to the type or method of 802.1x Authentication by the RADIUS/Tacacs server. A RADIUS server can authenticate a wireless client with various EAP methods.
LEAP is one type of EAP. It uses username and password for authenticating wireless clients. LEAP is cisco proprietory.
There are also EAP types which uses other user credentials like Certificates, SIM etc for authentcation.
The following document might clarify your doubts.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.shtml -
WPA2 Enterprise setup question
I have been trying to complete a WPA2 Enterprise setup, and I have hit a wall in troubleshooting. The current setup has two SSIDs, but the users only use one of these SSIDs, and that one is setup as WEP (I know...I know). I have been tasked with getting the users on a stronger security setup, and I thought that the best way would be to have them use WPA2 Enterprise, and they would authenticate to the network using their Active Directory user name and password.
I have been trying to get the secondary SSID converted over to do this, but I am stuck. I have setup the access point (Cisco 1140) the way that I believe should work, and I have also went through the Radius server (Microsoft Server 2008 R2) and set it up with some suggestions I have ran while researching.
I am hoping someone can see what I am doing wrong, or guide me to setup a more secure connection. My networking/Cisco skills are intermediate so there are things that I miss or could improve on at times.
I am attaching the config on the access point, and some screen shots off of our Radius server.
The radius server is 10.90.9.9
SSID that I am trying to configure is AAA
AP IP address 10.90.6.6
Please let me know if there is any information that I am missing. I will get it to you right away.
Edit - One thing I didn't include was that we don't have a certificate for this. Preferably I would like to set this up without a cert, and just have them authenticate with the user/pass from AD. If a cert is needed though, I can get one. Thanks :)
Thanks.Hi Brent,
Here is a working configuration for similar requirement using ACS as RADIUS server. Hope it is useful for you to get this working.
http://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/
Pls do not forget to rate our responses if it is useful to you.
HTH
Rasika -
WPA2 Enterprise connections don't work
Hi everyone,
Configuration: MacBook Pro 7,1, 2,4GHz, Mac OS X 10.6.5.
Three user accounts (one for me, two for friend's backup), two of them have admin rights. I'm using one of these accounts.
I'm having a strange issue with *WPA2 Enterprise*-based access points, namely, the private one on my university's campus, and the eduroam one. Eduroam is, roughly, a SSID that is available in participating institutions worldwide, and allows connection from personnel registered in any of these institutions without having to ask for a guest access.
On eduroam, one is supposed to select the eduroam SSID in the list of network available, select "Security: WPA2 Enterprise", and type his institutional email address as a username. "Password" should remain blank for now, and in front of the "802.1X", select "Auto". On clicking the "Connect" button for the first time, a "Check certificate" dialog should appear with three buttons, "Display", "Cancel", "Continue", where one would click "Continue". Finally, a "802.1X authentication" dialog would appear, when a user would put his email address as username, and type in his institutional password to log in. Then, the user would be online without further fuss.
On my university network, it's even simpler. One should select it, type in the IT login, then the corresponding password, before being allowed to be online.
On my normal user account, I never get the "Check certificate" dialog for eduroam, an on the uni's network, it never seems to connect. Ultimately, I get the exclamation point over the wireless waves, meaning that the card self-assigned an IP. Then it tries to connect again (the icon is waving), then fails again. No other authentication is affected, and a quick look in the logs doesn't show anything salient.
On the other user account, the connection to either of these SSID works as written, on the first try.
So it's no hardware issue.
I first tried to create a new wireless profile, and recreate the connection. It failed, once again, for both networks.
So to the Genius Bar I went. Since it's a login issue, we deleted the ~/Library/Keychans/login.keychain item, rebooted. Since the issue couldn't be reproduced in store, he advised me to delete the "session" keychain and reboot if the problem persisted. He asked me if the computer crashed while I was logged in anywhere in the past (before 10.6.5), and yes I said, adding that I let AppleJack do the automated repair. He checked with a colleague, on a tech forum, spent 30 min with me, but came back with the dreaded conclusion that, at least in that store, they ended up doing what he named "partial restore" to correct a similar issue, in contrast to "archive and install".
Off to the uni I went, and recreating the connection failed again. In the Access Keychain, I then removed the session keychain, with both the references and files (default is reference only), since they referred to passwords I already knew, rebooted, logged in, and tried to connect, to no avail. The other user account still works.
What else should I try? Ironically enough, I reinstalled OS X more times in two years than I did Windows in eight, and want to avoid the time-consuming step of reinstalling applications, and the very tricky part - ownership issues - of manually importing documents and only selected settings.I was chasing a similar authentication issue on OS X ≥ 10.5.8 for quite some weeks. My setup does use MS 2008 Server (AD, NPS, Radius) and SonicWall SonicPoint (multi SSID on VLAN).
When I started evaluating the different options, I didn't realize such issues But when it came to the final usage guidelines I had serious issue connecting with Mac OS X to the WPA2 Enterprise Network (BlackBerry and iOS was never an issue)!
I finally did work out, that you can only authenticate once successfully if you use the "Ask to join networks" popup - instead I had to select the network manually from the airport, provide my credentials and select "remember this network"to store the network and it's radius profile! I guess this behavior may have something to do with the credentials stored/reused in/from the keychain for the second login.
Also, I did notice you have to make sure you quit your system preferences each time you expect a change due to newly stored networks or radius profiles!
Hope this may help other users to troubleshoot similar issues! -
Connecting Z10 to WPA2-Enterprise Wifi
Haloo...
Please help by giving any clue to connecting Blackberry Z10 to Office Wifi which is using WPA2-Enterprise security type.
Thank you in advanced
Regards,
Tri HarnokoHey harnoko,
Welcome to the BlackBerry Support Community Forums.
Thanks for the question.
When adding a Wi-Fi network, change the security type to WPA2-Enterprise and fill out the required security information.
Do you receive any specific errors when adding the Wi-Fi network?
Let me know if you have any more questions.
Cheers.
-ViciousFerret
Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
Be sure to click Like! for those who have helped you.
Click Accept as Solution for posts that have solved your issue(s)! -
Certificate renewal with WPA2-Enterprise PEAP MS-CHAPv2
Hello
We have a wireless network which is secured with WPA2-Enterprise with PEAP and MS-CHAPv2. The Radius servers (Windows Server 2008r2 with the Radius Feature installed) currently use a public signed certificate. This is about to expire soon and will need to be renewed.
The clients are non-managed and from all variety (OS, wifi-software, ...).
The Wifi is 4400 controller based and managed with the new Prime Infrastructure 1.3.
What is the best way to do the renewal with as little disturbance for the client as possible? The less manual interaction for the end user the better.
Thanks
PatrickHello Patrick,
As per your query i can suggest you the following steps-
Since the root CA is the most critical CA in the hierarchy, you may prefer to have a strategy here that reduces the need to renew the root certificate often.
The first consideration is choosing the key length of the root's public key and private key pair during setup of the root authority. By using a long key length, which is generally more secure against brute force attack than a shorter key length, you increase the length of time that the CA can use the same private key and have reasonable confidence that it has not been compromised. The second consideration is establishing the validity period of the root certificate itself. In general, you will want to create a root certificate that has a shorter validity period than the estimated lifetime of the key.
For more information you can refer to the link-
http://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx
Hope this will help you. -
Connecting to WPA/WPA2 Enterprise Network
I am trying to configure an Apple TV to connect to our corporate network. I have a service account in AD that I am using in the profile, have pointed to our cert and trusted it in the profile, selected WPA/WPA2 Enterprise, and selected PEAP as the 802.1X authentication. I have done this after going over the settings with our network security engineer. Everything looks correct. After installing the profile and connecting it to the TV, I can only get a 169.X.X.X address (should be our private WiFi network of 10.9.X.X. Has anyone successfuly done this?
This is a user to user help forum only so no one here knows what Apple is working on.
http://www.apple.com/feedback/iphone.html -
10.4.8: Airport busy-loops when in range of a WPA2 Enterprise network
After installing the 10.4.8 upgrade, the airport process hangs at 100% CPU when within range of a network secured with WPA2 Enterprise. The solution has been to kill it via "Activity Monitor". Everythin works fine with a normal WEP network.
The workaround has been to turn airport off before entering the office. Forgetting to can completely disable login. The machine just hangs, without accepting keyboard input for the password. The mouse pointer (that delightful beach ball) moves, though.
Anyone have suggestions as to how this may be fixed?
MacBook Pro 15" Mac OS X (10.4.8)And, yes, I have tried that "remove & add back to preferred networks"-thing.
-
Host in network is not reachable over WPA2-Enterprise encryption
hello together,
i'm running a WRVS4400N router with parallel WPA2-Enterprise and WPA2-Personal wireless networking. If I try to ping a host on the network I get two different results:
The ping over the WPA2-Personal network is working pretty well.
Over the WPA2-Enterprise network the host isn't reachable.
This happens only to one special host, internet and other host are working well.
Do you have any idea why this host is only reachable over the WPA2-Personal network??
Thank you for any help you can provide in this situation.
phaenovumHi,
According to the log, your iPad tried to connect the remote server with IP address 10.100.01.01/32. Please check if it is the correct IP address of the server.
Also, please make sure that your iPad can connect to your VPN network successfully and get a valid IP address so that it can remote your internal server.
Thanks.
Jeremy Wu
TechNet Community Support -
Sunfire 280r security-mode=full
Hi,
I've bought a sunfire 280r off of ebay, but the security mode is set to full. If I replace the IDPROM with another one (PN 525-1788) would that fix the issue, or do I have to send the board to sun to be cleared?
Thanks,
chepatiAlso if someone does have one of these, if the system at least tries to boot from the disk, it might be easiest to construct a disk that will properly boot the machine with a root password you know.
Once the machine is booted, then the root user can reset the security mode for the eeprom. By juggling disks around, making that happen might not be too difficult.
Of course if the security mode is full and the machine is not set to autoboot, then you need a different solution.
Darren
Maybe you are looking for
-
im trying to switch my ipod over from another computer but when i get on my other computer i cant sign in to itunes but on the other computer it does
-
Zeroes after decimal getting trimmed after 1:1 mapping of EDIFACT
hi all i have created 1:1 mapping for XML->EDI. i took the output from XI and gave it as input.However, in the output of the mapping, the zeroes after decimal are getting deleted. for example if the input contain 2500.000, the output of the mapping c
-
Pointer to a function (C .dll files)
Hi, We have a .c dll file that we are trying to use in Labview to talk to a USB transceiver. What happens is that when we try to configure the device we call c functions using the "call library function node" utility in Labview i.e. void open_channel
-
Problem from DECODE function : ORA-00907
Hi Sailaja Good to use sign function Thanks to reply Other than this query 1 select LOCATION, DIST_FR_HC HIGH_COURT 2 decode(DIST_FR_HC, DIST_FR_HC-7<0,0, 3 DIST_FR_HC-7 stage1), 4 decode( DIST_FR_HC, DIST_FR_HC-12<0,0, 5 DIST_FR_HC-12 stage2) 6* FRO
-
How to validate the Email in JSF 2.0
Hi, I am developing web application using jsf2.0. In this case, I wish to validate the email field with the help of import org.hibernate.validator.Email; But it is not working, How to validate the email fileld... Thank.