How to enable WPA2-PSK AES on Cisco AP1231G
I own two (I know these are older ones) Cisco 1231 with a G-radio, software version 12.3(8)JEE, RELEASE SOFTWARE (fc1), cisco AIR-AP1231G-E-K9.
The APs are setup using WPA-PSK TKIP and I would like to switch to WPA2. There are many pages describing how to enable WPA2-PSK AES, but my tries to enable wpa2 always stopped with an error message.
The normal documented way to enable WPA2-PSK is:
configure terminal dot11 ssid <SSID_NAME> authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii <SSID_PASSWORD> ! interface Dot11Radio0 encryption mode ciphers aes-ccm ssid <SSID_NAME> no shutdown !
Every time I got an error entering this line:
AP1(config-ssid)#authentication key-management wpa version 2 ^ % Invalid input detected at '^' marker.
The trick is to ignore the “version 2”. The software will automatically use WPA2 when you enter “aes-ccm” as the encryption mode cipher. So instead of the above use the following config commands:
configure terminal dot11 ssid <SSID_NAME> authentication open authentication key-management wpa guest-mode wpa-psk ascii <SSID_PASSWORD> ! interface Dot11Radio0 encryption mode ciphers aes-ccm ssid <SSID_NAME> no shutdown !
Thanks to Cisco not mentioning that in there standard documenation and thanks for one or two guys pointing that out in internet.
*replace the text inside the <> brackets with your SSID and password.
Massive thank you dude. You saved my day 😉 Works perfectly
Hello.
A lot of thanks. It also works on an AP 1702i standalone. With wpa version 2 setting, the client negociate in WPA2-PSK mode at far slower speeds.
Removing “version 2” from the config keeps WPA2 mode but in AES, allowing fat better and modern throughput.