WPA ON A 1231?

Is it possible to setup An Aironet 1231 (Fat-AP) to work via wpa, by itself?
IF so does any have any links or docs showing setup?
Thanks,
Pat

Patrick
check this link it should have your answer or point you in the right direction.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml
one word of advice use the GUI interface, do not use the CLI to do this there are to many interrelated statements needed in the config file.
good luck
Bill

Similar Messages

Using Multiple RADIUS servers w/ LEAP & WPA concurrently

Our current Wireless network was setup by someone on the outside an it uses LEAP w/ckip. When we have random employees come in CKIP is a pain since ckip usually isn't supported by any of the laptop OEM wireless drivers. We've had to resort to using the manufacturer's drivers to get it to work. So because of this we started looking at moving to using WPA w/ TKIP or AES. I started out with a small test setup using MS IAS, PEAP and an IOS based Aironet 1231. The test environment seems to be working fine I can associate with it and gain network access so I don't think there are any problems with IAS or PEAP.
My intention is to setup additional SSIDs on new VLANs so I can run the test WPA network in parallel with the in use LEAP networks. My problem I've seem to run into is when I mix the two configs WPA no longer works. I've enable quite a few different debugs get an idea on what might be the problem and the only thing I can come up with at this time is the possibility of wlccp being the problem. When the machine is trying to connect to the WPA SSID I see a lot of wlccp messages which if I understand how this is supposed to work wlccp shouldn't come into play. For the WPA data clients I don't really care about fast roaming which is what I understand wlccp to be for. People aren't walking around with their laptops while doing something network dependent. They sit down in one location and so seemless roaming is a non-issue.
I've attached sanitized version of the two configs. I'll continue to hack on this but I'm hoping I'm just overlooking something that a second set of eyes might catch. Or maybe it's not even possible. I'd also be interested in what others are using as their network EAP methods, EAP-FAST, PEAP, EAP-TLS. I initially chose PEAP since it seems like a happy medium between strength and ease of use from the client end since 98% of all clients will be Windows laptops. Any comments on using WPA-PSK vs LEAP with 7920 phones?
Thanks in advance,
jeff

Jeff
1. it is recommended that the AP you use as the primary WDS has the radiu disabled.
2. It is also standard that your bridge groups be numbered the same as you VLAN's
3. your native VLAN should not have an SSID associated with it. this is not mandatory but again SOP for multiple VLAN configs.
4. heere is an excelent link for configuring WDS of course it shows using an ACS server as your radius server but any radius server will work.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml.
5 as Irene points out PEAP is a better choice for EAP as it is more secure than LEAP and more widely supported.
6. Any version of WPA is prefered over the older security protocls due the the better encryption methods used.
regards
Bill

Autonomous 1231/1242 Radius Config Help. What is this not working?

Hey Guys,
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
And all help is appreciated.
Thanks,
Scott
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname TKS-AP1231-ICTServices
enable secret 5 $1$Izyg$qXSRYpFDI9ZX6F50vDrku0
clock timezone K 10
clock summer-time K recurring
ip subnet-zero
ip domain lookup source-interface BVI1
ip domain name domain.com.au
ip name-server 172.16.###.###
ip name-server 172.16.###.###
aaa new-model
aaa group server radius rad_eap
server 172.16.###.### auth-port 1812 acct-port 1813
ip radius source-interface BVI1
aaa group server tacacs+ tac_admin
aaa group server radius infrastructure
aaa group server radius clients
aaa group server radius central_auth
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server-private 172.16.###.### auth-port 1812 acct-port 1813 key 7 060D062F4B5D1B18045GHW1E0718
server 172.16.###.### auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login method_infrastructure group infrastructure
aaa authentication login method_clients group clients
aaa authentication login method_Central group central_auth local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa authorization exec method_Central group central_auth local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 vlan-name Conference vlan 150
dot11 ssid RadiusTest
   vlan 18
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa
   mbssid guest-mode
dot11 ssid Staff
   vlan 17
   authentication open
   authentication key-management wpa optional
   wpa-psk ascii 7 055E5F5E0555401B161003171928013C22272D6B6370
dot11 ssid Student
   vlan 16
   authentication open
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 02575102282A2323434F1B1D0C1915595A5C
dot11 network-map
dot11 arp-cache optional
username ########## privilege 15 password 7 ###################
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 17 mode ciphers tkip wep40
encryption vlan 16 mode ciphers tkip
encryption vlan 18 mode ciphers aes-ccm tkip
ssid RadiusTest
ssid Staff
ssid Student
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no power client local
power client 50
power local cck 50
power local ofdm 20
channel 2437
station-role root
interface Dot11Radio0.6
encapsulation dot1Q 6 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 16
bridge-group 16 subscriber-loop-control
bridge-group 16 port-protected
bridge-group 16 block-unknown-source
no bridge-group 16 source-learning
no bridge-group 16 unicast-flooding
bridge-group 16 spanning-disabled
interface Dot11Radio0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
bridge-group 17 subscriber-loop-control
bridge-group 17 port-protected
bridge-group 17 block-unknown-source
no bridge-group 17 source-learning
no bridge-group 17 unicast-flooding
bridge-group 17 spanning-disabled
interface Dot11Radio0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 18
bridge-group 18 subscriber-loop-control
bridge-group 18 block-unknown-source
no bridge-group 18 source-learning
no bridge-group 18 unicast-flooding
bridge-group 18 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.6
encapsulation dot1Q 6 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 16
no bridge-group 16 source-learning
bridge-group 16 spanning-disabled
interface FastEthernet0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
no bridge-group 170 source-learning
bridge-group 17 spanning-disabled
interface FastEthernet0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 18
no bridge-group 18 source-learning
bridge-group 18 spanning-disabled
interface BVI1
ip address 172.16.#.### 255.255.255.192
no ip route-cache
ip default-gateway 172.16.#.###
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging history debugging
snmp-server view iso iso included
snmp-server community KingsRO RO
snmp-server community KingsWr1t3 RW
snmp-server trap-source BVI1
snmp-server location ###
snmp-server contact ############################################
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server host 172.16.###.## version 2c cisco udp-port 1620
radius-server host 172.16.###.### auth-port 1812 acct-port 1813 key ##########################
bridge 1 route ip
wlccp ap username wds password #################
wlccp authentication-server infrastructure method_infrastructure
wlccp authentication-server client any method_clients
banner login ^C
^C
line con 0
line vty 0 4
sntp server 172.16.###.###
sntp server 172.16.###.###
sntp server 172.16.###.###
sntp broadcast client
end

You configured your WDS to use empty radius methods. There's no much point to this apart from breaking your setup.
Remove all 3 "wlccp" commands. I suggest to have your normal radius working before you try and do WDS.
If behavior is still the same, then it means that the radius server has to get a request if the clients are proposed EAP-TLS and they are looking for a certificate to authenticate with ...
Did you pre-configure a profile on the client ? Did you configure them for PEAP ? EAP-TLS ? Which method do you allow on your radius server.
Nicolas

Unstable Cisco Aironet 1231

I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
I have one SSID and uses WPA-PSK (TKIP).
The configuration seams wary straight forward, but something is wrong.
The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
What could be the course of instability?
The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
Best Regards
Martin
AP1#sh run
Building configuration...
Current configuration : 2227 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP1
enable secret xxx
clock timezone GMT 1
ip subnet-zero
ip domain name mydom.com
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid myssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxx
username Cisco password xxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid myssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.1.105 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
no cdp run
radius-server local
no authentication leap
no authentication mac
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
sntp server 212.242.xx.207
sntp broadcast client
end
AP1#

A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
"Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
Good Luck
Scott

WPA and WPA2 mixed environment

I have about 30 or so autonomous AP's installed on our campus. Half are 1141n and half are 1231 with radios that cannot do wpa2. Right now we are running ciphers tkip and autherntication wpa on all units.
I would like to change ciphers to aes-ccm on all units and change to wpa2 on the 1141n units but retain wpa on the older 1131's because they are not capable of wpa2.
Will clients be able to roam seemlessly around the campus without having to manually re-associate whenever they move from a 1141n unit to 1231 unit given the proposed change listed above?

Hello John,
i would say this will differ based on client software itself.
however i see you concerned as some old AP's will not have WPA version 2 commands under SSID.
can you please check in one of these old AP's , under the radio
conf t
interface dot11radio X
encryption mode cipher AES ( is this command availble)?
if yes , i believe it should be find if you do WPAv2 -AES on 1140 , and 1230 with AES encryption.
Kind regards
Talal

1231 IOS APs as P-to-P bridges

I'm trying to set-up two b/g 1231s in Point-to-Point bridge mode with local-radius eap on the root and WPA/TKIP.
Config looks identical to what's running on 13xx & 14xx bridges but the local-radius server on the root keeps showing up as dead and the two bridges never complete the auth process.
IOS is c1200-k9w7-mx.123-8.JEB1.
Trunking two vlans, one for mgt. & one for users across the street.
WPA-PSK works and it looks like I could fall back to WEP-LEAP too.
Anybody tried this? Ideas, suggestions?
Thanks!

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?
You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.
Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:
aaa group server radius rad_eap
server 192.168.0.1 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco
radius-server local
nas 192.168.0.1 key cisco
user X password Y

WPA2 on 1231 vs 1240

I'm having a problem configuring WPA2 on a Cisco 1231 Access Point, where I see a command which I cannot do on this one, which I could do on 1240 AP's.
On the 1240 I've the following config of the SSID:
vlan 60
authentication open eap eap_methods
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
but on the 1231 I cannot do the "authentication key-management wpa version 2", so I have it like:
vlan 110
authentication open eap eap_methods
authentication key-management wpa
guest-mode
mbssid guest-mode
Since I'm having problems with connecting, what can be the solution?
The working one is running:
c1240-k9w7-mx.124-10b.JA
and non working:
c1200-k9w7-mx.123-8.JEA

Hi Jorge,
You may be running into one of these reasons why the 1231 isn't supporting WPA2;
Q. What Cisco Aironet access points support WPA2 and AES?
A. The following Cisco Aironet autonomous and lightweight access points support WPA2 and AES: Cisco Aironet 1240AG Series, 1230AG Series, 1130AG Series and 1000 Series access points. Cisco Aironet 1100 Series, 1200 Series and 1300 Series 802.11g radios support WPA2 with a Cisco IOS Software upgrade via Cisco IOS Software Release 12.3(2)JA or later.
Q. Which Cisco Aironet 1200 Series 802.11a radio modules support WPA2 and AES?
A. Cisco Aironet 1200 Series radio modules with the part numbers AIR-RM21A or AIR-RM22A support WPA2 and AES. The Cisco Aironet 1200 Series radio module with the part number AIR-RM20A does not support WPA2 or AES.
Q. Which Cisco Aironet 802.11b access points support WPA2 and AES?
A. Cisco Aironet 802.11b access points are not upgradeable to support WPA2 and AES.
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801e3e59_ps2706_Products_Q_and_A_Item.html
Hope this helps!
Rob

Wireless-Card doesn't not work with WPA/WPA2 but with WEP [Solved]

Hello I have a MacBook (late 2007) with a wireless-card from Broadcam, the card works with WEP and the classic configuration over rc.conf very well. But I can't get the card running with WPA and the net network-profiles.
Here is the link to the driver - http://www.broadcom.com/support/802.11/linux_sta.php
eth2 = wireless-card
eth1 = firewireanything
eth0 = wired-card
rc.conf
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime"
# USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="en_US.utf8"
HARDWARECLOCK="UTC"
USEDIRECTISA="no"
TIMEZONE="Europe/Berlin"
KEYMAP="us"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
#MODULES=(sky2 snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="macbook"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
# DHCP: Set your interface to "dhcp" (eth0="dhcp")
# Wireless: See network profiles below
eth0="eth0 192.168.1.220 netmask 255.255.255.0 broadcast 192.168.1.255"
INTERFACES=(!eth0 !eth1 eth2)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.1.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
NETWORKS=(wireless)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng network net-profiles netfs alsa crond portmap fam hal)
/etc/network.d/wireless
CONNECTION="wireless"
INTERFACE=eth2
HOSTNAME=macbook
IP="static"
IFOPTS="192.168.1.225 netmask 255.255.255.0 broadcast 192.168.1.255"
GATEWAY=192.168.1.1
DNS1=192.168.1.1
# Wireless Settings (optional)
ESSID=3Com
#KEY=
IWOPTS="mode managed essid $ESSID channel 11"
#WIFI_INTERFACE=wlan0 # use this if you have a special wireless interface
# that is linked to the real $INTERFACE
#WIFI_WAIT=5 # seconds to wait for the wireless card to
# associate before bringing the interface up
USEWPA="yes" # start wpa_supplicant with the profile
WPAOPTS="" # use "" for normal operation or specify additional
# options (eg, "-D ipw")
# see /etc/wpa_supplicant.conf for configuration
Can I set here the WPA/WPA2-Key also? Why here ESSID? Do I need still a configuration in wpa_supplicant.conf?
Thats very confusing and not explained.
WPAOPTS? Do I need to add something like "-D wext"?
/etc/wpa_supplicant.conf
# This is a network block that connects to any unsecured access point.
# We give it a low priority so any defined blocks are preferred.
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
network={
key_mgmt=NONE
priority=-9999999
network={
ssid="3Com"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="topsecret"
priority=5
# WPA2
# proto=WPA RSN
I need help. Please
Last edited by hoschi (2009-01-04 20:21:58)

fwojciec wrote:If this info is not in the wiki it might be worth it to add it -- it's all detailed in /etc/network.d/examples/complete.example though.
Thats the reason why I was so confused.
My new and well working configuration:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime"
# USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="en_US.utf8"
HARDWARECLOCK="UTC"
USEDIRECTISA="no"
TIMEZONE="Europe/Berlin"
KEYMAP="us"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
#MODULES=(sky2 snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="macbook"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
# DHCP: Set your interface to "dhcp" (eth0="dhcp")
# Wireless: See network profiles below
eth0="eth0 192.168.1.220 netmask 255.255.255.0 broadcast 192.168.1.255"
INTERFACES=(!eth0 !eth1 !eth2)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.1.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
NETWORKS=(3com)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng network net-profiles netfs alsa crond portmap fam hal)
CONNECTION="wireless"
DESCRIPTION="Very verbose complete wireless example"
INTERFACE=eth2
HOSTNAME=macbook
# Interface Settings (use IP="dhcp" for DHCP)
IP="static"
IFOPTS="192.168.1.225 netmask 255.255.255.0 broadcast 192.168.1.255"
GATEWAY=192.168.1.1
# DNS Settings (optional)
DOMAIN=localdomain
DNS1=192.168.1.1
DNS2=
SEARCH=
# Standard Wireless Settings
ESSID=3Com
SECURITY=wpa-config # One of wep, wpa, wpa-config, none
KEY=""
# Scans to see if network is available before connecting (reccomended)
SCAN="YES"
# Time to wait to connect to a network. Default 15.
TIMEOUT=10
# Pass *custom* options to iwconfig. Usually not needed (optional)
IWOPTS="mode managed essid $ESSID channel 6 key restricted $KEY"
# Any extra arguments for wpa_supplicant
WPA_OPTS=
# For SECURITY='wpa-config' only - filename of a wpa-supplicant config
WPA_CONF=/etc/wpa_supplicant.conf
# This is a network block that connects to any unsecured access point.
# We give it a low priority so any defined blocks are preferred.
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
network={
key_mgmt=NONE
priority=-9999999
network={
ssid="Linksys"
proto=WPA RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="areulookingatmybreasts"
priority=5
network={
ssid="3Com"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="nomam"
priority=5
# WPA2
# proto=WPA RSN
There are also profiles for the Linksys-Router and for wired cable.
Thanks for the help!
Last edited by hoschi (2009-01-04 20:21:23)

Installed airport 3 computers work fine, my old sony laptop is asking for network wep key or wpa key. I tried wpa2 but that won't work and my password

I Installed AirPort Extreme 3 computers work fine. I am trying to use my old sony laptop. It is asking for a network key. I entered wpa2. I also tried my password. What should I do?

Which wireless security type did you configure your AirPort Extreme with? You basically have two choices: WPA Personal or WPA2 Personal. There are actually others, but these are the most common in use today.
What version of Windows is the Sony laptop running and which service pack level is it at? Do you know what wireless security types that this laptop's wireless can support?

Add WPA password to HP Wireless printer on iMac

I have a new (3 months old) and a HP Wireless printer. I did not have security on my wireless network and everything worked fine. Today I added WPA Security and now my printer cant connect to the wireless network. I assume the printer needs the WPA password, but how do I add it?? I tried pushing buttons on the printer but cant find any feature where you can update the wireless network. Do I need to uninstall the printer and reinstall with the new settings? If so, how do I uninstall a printer on my new iMac?
Thank you

Crunkin4JustinRT wrote:
I have a new (3 months old) and a HP Wireless printer. I did not have security on my wireless network and everything worked fine. Today I added WPA Security and now my printer cant connect to the wireless network. I assume the printer needs the WPA password, but how do I add it?? I tried pushing buttons on the printer but cant find any feature where you can update the wireless network. Do I need to uninstall the printer and reinstall with the new settings? If so, how do I uninstall a printer on my new iMac?
Thank you
Access the HP printers internal web setup, security settings can be modified there.

Cisco 3650 Issue with 1231 AP

hi all,
i've got an issue with a new cisco 3650 48 port wherein older AP 1231 keeps on disconnecting.
the connection is just a simple trunk.
#sh run int g1/0/47
Building configuration...
Current configuration : 62 bytes
interface GigabitEthernet1/0/47
switchport mode trunk
end
1231 is working fine on a 3560.
could someone advice if anything else need to do on 3650?
*Apr 21 09:32:33.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:32:34.255: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:32:37.369: %ILPOWER-7-DETECT: Interface Gi1/0/47: Power Device detected: IEEE PD
*Apr 21 09:32:40.406: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/47: PD removed
*Apr 21 09:32:40.407: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi1/0/47: Power given, but Power Controller does not report Power Good
*Apr 21 09:32:48.994: %ILPOWER-7-DETECT: Interface Gi1/0/47: Power Device detected: Cisco PD
*Apr 21 09:32:49.473: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/47: Power granted
*Apr 21 09:32:53.355: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up
*Apr 21 09:32:55.356: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up
*Apr 21 09:34:27.142: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/47: PD removed
*Apr 21 09:34:27.142: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi1/0/47: Power Controller reports power Imax error detected
*Apr 21 09:34:27.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:34:28.855: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:34:39.384: %ILPOWER-7-DETECT: Interface Gi1/0/47: Power Device detected: Cisco PD
*Apr 21 09:34:40.235: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/47: Power granted
*Apr 21 09:34:43.875: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up
*Apr 21 09:34:45.874: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up

pre,
i don't think it's a cable issue. correction on the working AP, it's supposed to be a AIR-SAP1602E.
this AP is working on the 3650.
i've searched and i think the AIR-AP1231 isn't supported on this switch platform.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/release_notes/OL3264701.html#18425
this new switch isn't friendly. first, i had the issue with PVLAN and now this :(

Problem with WPA and ipw3945

Oi, it is me again ...
I have a problem when trying to connect to my wireless router using WPA. The wireless works as long as I leave WPA of, and when I try the same configuration with WPA on an other notebook it does work. I have loaded ipw3945 and started ipw3945d. Without WPA the following woks correct:
iwconfig eth1 essid network
but when I try the following with WPA I can't connect:
iwconfig eth1 essid yyy mode managed key restricted s:xxx
here is some more info:
whome (network profile)
# Network Profile
DESCRIPTION="Home Wireless Profile"
# Network Settings
INTERFACE=eth1
HOSTNAME=hawking
# Interface Settings (use IFOPTS="dhcp" for DHCP)
IFOPTS="dhcp"
GATEWAY=192.168.2.1
# Wireless Settings (optional)
ESSID=yyy
IWOPTS="mode managed essid $ESSID"
WIFI_INTERFACE=eth1 # use this if you have a special wireless interface
# that is linked to the real $INTERFACE
WIFI_WAIT=5 # seconds to wait for the wireless card to
# associate before bringing the interface up
USEWPA="yes" # start wpa_supplicant with the profile
WPAOPTS="-D wext" # use "" for normal operation or specify additional
# options (eg, "-D ipw")
# see /etc/wpa_supplicant.conf for configuration
AUTOWPA="yes" # automatically configure WPA
PASSKEY="xxx" # wpa passkey/phrase. for use with AUTOWPA
wpa_suppificant
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="yyy"
psk="xxx"
key_mgmt=WPA-PSK
proto=WPA
dmesg tells the following about eth1:
eth1: link is not ready
Can someone help me with this problem, it is all very confusing trying to find a way through all the different tools and configuration files...
<_abe>

I have the same card.
installed knetworkmanager (I am using kde) and provided required wpa information at first start and it works.

Problem with radius and wep/wpa

Hi
I have problem with wrv200 (1.0.38) +freeradius (2.0.5) +wpc54g v3.1 with wxp with patch to use wpa/wpa2
I think that authentication in my radius pass correct but there is some problem with wpa mode or wpa compatibility
In my wrv200 I try mode: wpa-enterprise, wpa2-enterprise, wpa2 enterpise-mix and radius. In my wirless card a try: wpa and wpa2 my
freeradius.conf:
andy Auth-Type := Accept, User-Password == "andy"
and log from radius:
rad_check_password: Auth-Type = Accept, accepting the user Login OK: [andy] (from client wrv200 port 0 cli 00-18-F8-aa-aa-aa)
Sending Access-Accept of id 4 to 10.0.0.6 port 1026
my wrv200 still send to syslog:
klogd: @ = Add Host : [00:18:f8:aa:aa:aa] VID 9 LinkID 1 PortNumber 6 klogd: @ = Add Host : [00:18:f8:aa:aa:aa] VID 9 LinkID 1 PortNumber 6
klogd: @ = Add Host : [00:18:f8:aa:aa:aa] VID 9 LinkID 1 PortNumber 6
and i never connect to network and i must still (every 30s) type login and password to authenticate When i use only wep, without radius,it's works
I have dwl900ap+ from dlink and when I use radius + wep 64bit everything works
i don't have any idea
thanks for any help
popo

Hey try disabling the security & try connecting to the network if it works fine, if not i mean if you want to connect using the secured network then would suggest you to upgrade the firmware of the router & keep on holding tightly
the reset button in such a way that power light is blinking on the
router & then do a complete network power cycle i.e., unplug the power
cables from the modem & from the router & then plug in the power cable
to the modem first once all the lights are solid green you could plug
in the power cable to the router & check out it will definately work!!

Problem with wpa and hidden ssid

hi,
I have a powerbook g4 (1,67ghz). i am having trouble connecting to a netgear router mr814 v3 if i use wpa and hidden ssid, i get a message, that the router would not support wpa!
there is no problem with wep and hidden ssid or wpa with no hidden ssid.
is also have no problems with wpa and hidden ssid with an ibook.
the problems occur only with the powerbook with os x 10.3.9 as well as 10.4.2. even after the recent airport update, no change.
thanks for the help,
ben

I would use WPA and broadcast your SSID.
It use to be useful, but closing your Airport or wireless network (sometimes referred to as not broadcasting your SSID) is really no longer a real option when it comes to wireless security.
Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.
WPA is your friend if you value wireless security.
My recommendation is not to worry about broadcasting your SSID but use WPA. This will be more secure than a closed WEP encrypted network. Closing your network makes it very difficult for neighbouring networks to see which channels are free thus causing potential interference problems.
Another thing to consider is that a closed network is still broadcasting and therefore is detectable (regardless of whether it is broadcasting a SSID). If someone was determined to hack into your network, then not broadcasting your SSID and MAC address access control is not going to stop them.
WPA is virtually uncrackable (only really vunerable to a dictionary attack if a real word is used as a password) and therefore will stop the casual user and the determined hacker.

How to connect my macbook to a wpa wifi? Help?

Hiya. I have a late 2007 macbook that is up to date with Snow Leopard. It is running on 10.6.8. My router is a WPA and for some reason my macbook won't connect to it! My macbook pro connects to it just fine and I know that this computer model will connect but there is a configuration I need to do. Does anyone know the specific configuration that needs to be done for it to connect? Thanks!

Hey Sailor_Jay,
There's a really helpful article for Wi-Fi troubleshooting here:
Troubleshooting Wi-Fi issues in OS X Lion and Mac OS X v10.6
http://support.apple.com/kb/HT4628
One of the steps within that is to see the recommended settings for Wi-Fi routers and access points, which I believe is what you're specifically requesting.
Hope that helps,
David

WPA ON A 1231?

Similar Messages

Maybe you are looking for