How to enable WPA2-PSK AES on Cisco AP1231G

Print This Post Print This Post

I own two (I know these are older ones) Cisco 1231 with a G-radio, software version 12.3(8)JEE, RELEASE SOFTWARE (fc1), cisco AIR-AP1231G-E-K9.

The APs are setup using WPA-PSK TKIP and I would like to switch to WPA2. There are many pages describing how to enable WPA2-PSK AES, but my tries to enable wpa2 always stopped with an error message.

The normal documented way to enable WPA2-PSK is:

configure terminal
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!

Every time I got an error entering this line:

AP1(config-ssid)#authentication key-management wpa version 2
                                                    ^ 
% Invalid input detected at '^' marker.

The trick is to ignore the “version 2”. The software will automatically use WPA2 when you enter “aes-ccm” as the encryption mode cipher. So instead of the above use the following config commands:

configure terminal
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!

Thanks to Cisco not mentioning that in there standard documenation and thanks for one or two guys pointing that out in internet.

*replace the text inside the <> brackets with your SSID and password.

One Comment

  1. Anthony says:

    Massive thank you dude. You saved my day 😉 Works perfectly

Leave a Reply