WPA2-EAP and WPA2-PSK supported Access Points

Similar Messages

• Airport Express broadcasting both WPA2 Personal and WPA2 Enterprise?

  We were recently scanning for wireless access points for a client using a product called Vistumbler.  The client had two older Airport Express wireless routers, set to use WPA2 Personal, but Vistumbler was detecting both WPA2 Personal and WPA2 Enterprise during the scans. Has anyone else seen this before with any other routers or scanning software? If so, was there a way to only broadcast the current encryption setting?

  The AirPorts can be set to WPA2 Personal.......OR........WPA2 Enterprise, but only one setting can be activated at a time.
  In the highly unlikely event that the AirPort Express devices are really broadcasting with two different types of encryption, the devices either have corrupted software settings, or they are defective.
  Try another scanner......like WiFi Scanner, located in the Utilities folder of the Mac,  or another application to see if you get the same results.

• How many clients support access points 1602, 2602, 3602?

  Hi! How many clients support access point 1602, 2602, 3602. I have found for example that the 1602 supports 32 ClientLink clients and max 128 clients, APs 2602, 3602 supports 128 ClientLink clients and max 200 clients. But is it really? And can we say for example that the AP 2602 will withstand max 200 clients?

  The reason the answer varies so much, is because there are so many variables (this is also why the value ranges so much from one manufacture to the next).  When determining the answer you are looking for you need to consider the following factors and likely more:
  AP model and the features it supports
  single, dual, or tri radio AP
  20, 40, or 80Mhz wide channels
  Device type (b/g, b/g/n, a/b/g/n, a/b/g/n/ac, spatial stream support, and channel width support)
  Security/QOS method(s) employed
  Average distance from the AP
  Obstructions between devices and radios
  Number of competing radios for the same channel
  Data rates configuration
  Rogue detection/mitigation configuration
  Surrounding client density not just the area of concern client density
  Noise floor levels
  Application types/per user network load (is it heavy like YouTube traffic or a drone on the network like Pandora)
  Network latency on the switching side - including the internet circuit
  Application of per SSID, per user, and or per application rate limiting
  The list continues, but I think you get the idea
  I have personally seen 80 devices on a 5Ghz radio of a 3500 access point with several other access points and at least 200 other clients in the area and it was working well.  That being said I would never design to expect that many on a single radio, but I think it is better said that you can safely design for 20-30 clients per 2.4Ghz radio and 25-40 clients per 5Ghz radio.
  The default statement of 20-25 per AP and similar low expectation statements concerning Cisco wireless have been around for many years.  It is now 2014.  About 65% of clients support 5Ghz, ~9% support AC (already), ~90% support some form of N, and ~0.01% support B only.  The landscape of wireless is changing fast making questions like this one have ever changing answers.
  I hope this helps :).
  John

• WLC 5508 and remote site (DMVPN) Access Points

  Hi All,
  We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points.  Here are the details:
  The 5508 will live at our home office.  We have multiple remote sites that are connected via Cisco's DMVPN.  Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811.  Can the 5508 manage the remote Access Points?
  Thanks for your help guys!

  Are you are talking about OfficeExtend?
  Cisco OfficeExtend
  https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
  OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
  OfficeExtend Access Point
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890

• Supported access points for the rv220w

  I need to extend my wireless coverage to another building.  What access points, in repeater mode, will the rv220w support?  I need an AP with detachable antennas.  I have an external mounted antenna on the metal building that I need to hook the AP to.  Thanks!

  Hi R. B, thank you for using our forum, my name is Luis I am part of the Small business Support community. As far I know the RV120W and the RV220W uses the same chipsets, so they could be used for WDS bridge setup.
  For your second point the RV120W has antennas and you could remove them. Bellow you will see the review of the RV120W.
  http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps10852/DS_C78-590161-00.html
  I hope you find this answer useful
  Greetings,
  Luis Arias.
  Cisco Network Support Engineer.

• IPhone4 and Cisco Aironet 1141 access point - fail using WPAv2 Personal

  I cannot get my iPhone4 (latest s/w) to connect to a Cisco Aironet 1141 access point if I specify WPAv2 Personal. It is a single access point without radius etc. I have no problems connecting using "no security", WEP or WPAv1. Is there a problem with the iPhone4 implementation of WPA2 as all my other PCs connect just fine on WPAv2?
  With the Aironet 1141 I can switch security between WPAv1 & WPAv2 while keeping all other settings identical. Thus I can clearly demonstrate how the iPhone4 connects when both devices are set to WPAv1 yet will fail to connect when I switch both to WPAv2. As I have said, all other PCs I have connect via WPAv2 without any issues.

  I cannot get my iPhone4 (latest s/w) to connect to a Cisco Aironet 1141 access point if I specify WPAv2 Personal. It is a single access point without radius etc. I have no problems connecting using "no security", WEP or WPAv1. Is there a problem with the iPhone4 implementation of WPA2 as all my other PCs connect just fine on WPAv2?
  With the Aironet 1141 I can switch security between WPAv1 & WPAv2 while keeping all other settings identical. Thus I can clearly demonstrate how the iPhone4 connects when both devices are set to WPAv1 yet will fail to connect when I switch both to WPAv2. As I have said, all other PCs I have connect via WPAv2 without any issues.

• Security and Management of Wireless Access Points

  We have a network of eight (8) Cisco 350 Access Points.
  We would like to enable security through WEP and designating specific MAC (Hardware) addresses.
  Please advise as to the most efficient manner of inputting hardware addresses into all of our access points and managing many access points.

  Hmmm....all these replies, with good information, and no one answered your question!
  You can't cut and paste a list of MACs into a Cisco AP (how come, I don't know). What you need to do is enter one MAC address. Then download a non-default config file out of the AP. Then find the lines that changed, and you have your template for adding MAC address lists in one fell swoop. I made a little excel spreadsheet to let me paste in a list of MACs, then spit out the config file lines that you can add as an "additional configuration file" via the web gui.
  You could also add the list via SNMP.
  There's also an import utility in the cli for the ACS server that will let you suck in MAC addresses.
  Hope this helps.
  Just remembered, the APs for some reason convert the hex format of a MAC into dotted decimal. So, when you paste your list in, you need to convert it from hex to dotted decimal, produce your config lines with those, and then shoot those config lines to the AP. I couldn't find anyone in the TAC that could explain why adding a list of MACs was such a chore.

• Virtual WLC supported Access Points

  Dear All,
  I read minimum code version of AP should be 7.3.
  Someone please tell me the supported AP models for VWLC 7.4 series..?
  KVS

  Many thanks for your reply.
  So, Access points that are supported 7.3 code can be used to register with vWLC..?
  7.3.x
  1522, 1524PS, 1524SB, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, 1552S, 1130, 1240, 1250, 1260, 2600, 3500e, 3500i, 3600e, 3600i, 3500p, 1140, 600 OEAP, AP801, AP802
  Thanks in advance...

• Can you hard code the speed and duplex on lightweight access points

  I have a client that want to set the spped and duplex on the switch port. Is there a way you can configure the fastethernet port on a lightweight access point for speed and duplex.

  Try this step
  configure terminal
  Enter global configuration mode.
  Step 2
  interface fastethernet0
  Enter configuration interface mode.
  Step 3
  speed {10 | 100 | auto}
  Configure the Ethernet speed. Cisco recommends that you use auto, the default setting.
  Step 4
  duplex {auto | full | half}
  Configure the duplex setting. Cisco recommends that you use auto, the default setting.
  Step 5
  end
  Return to privileged EXEC mode.
  Step 6
  show running-config
  Verify your entries.
  Step 7
  copy running-config startup-config

• AEBS and Belkin F5D8233 as Access Point

  I have the latest AEBS 'N' and an 'N' Belkin wireless router. I would like to use the Belkin as an access point to my Apple network. So far, I can't seem to figure it out, and don't know if it's even possible.
  Thanks,
  Bryan

  To configure the Belkin as a Wireless Access Point with the 802.11n AirPort Extreme Base Station (AEBSn), you will need to connect the it to the AEBSn via an Ethernet cable.
  If you desire a wireless connection between the two, then this may not be possible as very few non-AirPort routers are WDS-compatible to do so.

• What is the difference between WPA2 Personal and WPA2 Enterprise

  I am setting up my Airport Extreme and would like to know what is the difference between the WPA2 personal versus the Enterprise, I wish to secure my wireless system.

  wpa2 personal uses preshared passphrases to connect various devices to the wireless network;  this is probably what 99 % of all home users use. the wireless device takes your preshared key and hashes it
  with your ssid name and sends the information via a 4 way handshake to get the current encryption keys and these keys change at regular intervals (default 1 hour)
  im not 100 % sure on this one. but this is the impression i get.
  wpa2 enterprise relies on an authentication server, and i believe each cient is given a different encryption cipher or the server is the one that has the keys and gives the current keys to the client. the cient does not use a preshared key. the only time i ever used wpa2 enterprise was google secure wifi in mountain view

• Configuring ssid and vlans on autonomous access point ?

  here is an a demonstration of how to configure vlans and ssid on a auto-ap , what i dont understand is when i configure the ssid under (interface dot11radio0) and the vlan under that command , why do i need to configure sub-interfaces for the "fastethernet" and the "dot11radio0" if i already configured it under the "interface dot11radio0" , why do i need the "encapsulation dotq x" ? and what is bridge-group ?

  If you want to use multiple SSID with multiple vlan, then you have to configure subinterfaces on Radio interfaces (in both Radio 0 & Radio 1 if you want to use both 2.4GHz & 5GHz band) & Ethernet interfaces.
  AP simply bridge wireless traffic to wired interface using these sub-interfaces. To specify which radio sub-interface traffic to map to ethernet sub-interface, a Bridge-Group number (1-255) is used.
  Bridge-Group 1 always used for native vlan traffic & usually used for AP management.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Cisco 1242AG Access Point proper configuration

  Hello everyone,
  Here is the situation:
  Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
  For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
  Next, I made the followings configurations in the autonomous AP through WEB Console:
  Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
  VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
  I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
  Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
  In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
  Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
  I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
  As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
  IPs:192.168.55.10 and 192.168.55.11
  SNET:255.255.255.0
  GWY:192.168.55.1
  Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
  The problem:
  Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP,  VLAN20 IP, neither each other.
  What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
  Thank you in advance for any help

  Hello Madhuri,
  below is the latest run config output from the access point
  Building configuration...
  Current configuration : 3743 bytes
  ! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
  ! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname RCT_THP_AP1
  enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
  aaa new-model
  aaa group server radius rad_eap
  server 192.20.10.35 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  server 192.20.10.35 auth-port 1645 acct-port 1646
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone +0200 2
  ip name-server 192.20.11.2
  dot11 ssid RCTHP
     vlan 20
     authentication open mac-address mac_methods eap eap_methods
     authentication key-management wpa
  power inline negotiation prestandard source
  username Cisco password 7 00271A150754
  username 00236867a192 password 7 101E594B56414A5D5B057B7276
  username 00236867a192 autocommand exit
  username 00236867a19b password 7 091C1E5B4A534F445C0D557329
  username 00236867a19b autocommand exit
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 20 mode ciphers aes-ccm
  ssid RCTHP
  channel 2462
  station-role root
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  bridge-group 20 subscriber-loop-control
  bridge-group 20 block-unknown-source
  no bridge-group 20 source-learning
  no bridge-group 20 unicast-flooding
  bridge-group 20 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  no dfs band block
  channel dfs
  station-role root
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface BVI1
  ip address 192.20.10.35 255.255.254.0
  no ip route-cache
  ip default-gateway 192.20.10.200
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  snmp-server view dot11view ieee802dot11 included
  snmp-server community public view dot11view RO
  snmp-server contact IS
  radius-server local
    no authentication eapfast
    nas 192.20.10.35 key 7 03130807055F2C1F
    user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
    user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  sntp server 192.20.10.2
  sntp broadcast client
  end
  Regards
  Vasilis

• Problem with PowerBook (but NOT MacBook) and two access points on network

  I recently installed a wall-plugged ethernet adapter system (Netgear XE104 and XE103) and plugged a wireless access point (Netgear WPN802) into one of the adapters (in the part of our house where we lacked a wireless signal) in order to extend the range of our (DSL) wireless network. I configured this new access point--disabled DHCP, assigned an IP address to the access point that does not fall into the wireless router's IP adress range, put the wireless router and access point on different channels (6 and 11), and made sure the router and access point had the same SSID.
  I have had no problems using the resulting setup with our new MacBook--everything goes as planned. BUT I am having a terrible time with my PowerBook G4. It has a really strong signal everywhere, but when I open my browser it says that I am not connected to the internet. The problem seems to be that my PowerBook refuses to change channels once it connects to one. I installed iStumbler to see if I could manually control which access point/channel the PowerBook uses, and, while I can track the signal strengths for both access points, I can't get my PowerBook to switch from one access point to the other.
  I've tried just about everything I can think of. I suppose I could try giving a different SSID to the access point (and then try to switch with the airport menu in the toolbar), but I would like to avoid this if possible.
  I would really appreciate any advice you have. Thank you!

  Can you connect if you temporarily turn off WEP or WPA?
  This will determine if it is a WEP or WPA issue.
  Does your PC support WPA, from both a hardware and a software perspective?
  The problem you are having probably lies with the encryption key.
  Accessing a Airport Network with a Windows XP PC or laptop (with XP SP2)
  http://tech.ifelix.net/1011.html
  Accessing a Airport Network with a Windows XP PC or laptop (with XP SP1)
  http://tech.ifelix.net/1010.html
  Problems connecting an XP PC to an Airport Base Station
  http://tech.ifelix.net/2002.html
  iFelix

• WRT54Gv7 and 2 Netgear Access Points WG602

  Hi,
  is it possible with a WLAN Broadband Router Linksys WRT54Gv7 and with 2 Netgear Access Points WG602 configure a Multi Point Bridging?
  is it right that the WRT54G version 7 can not be upgraded to a own Firmware?
  does the WRT54G version 7 supporting WDS?
  thank you very much.

  the router can only be configured as an access point..it cannot be configured in repeater or bridge mode...
  also , i don't think that it can be upgraded to a third party firmware ..