Posts tagged ‘Cisco’

How to enable WPA2-PSK AES on Cisco AP1231G

November 10, 2015, 20:31

I own two (I know these are older ones) Cisco 1231 with a G-radio, software version 12.3(8)JEE, RELEASE SOFTWARE (fc1), cisco AIR-AP1231G-E-K9.

The APs are setup using WPA-PSK TKIP and I would like to switch to WPA2. There are many pages describing how to enable WPA2-PSK AES, but my tries to enable wpa2 always stopped with an error message.

The normal documented way to enable WPA2-PSK is:

configure terminal
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!

Every time I got an error entering this line:

AP1(config-ssid)#authentication key-management wpa version 2
                                                    ^ 
% Invalid input detected at '^' marker.

The trick is to ignore the “version 2”. The software will automatically use WPA2 when you enter “aes-ccm” as the encryption mode cipher. So instead of the above use the following config commands:

configure terminal
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!

Thanks to Cisco not mentioning that in there standard documenation and thanks for one or two guys pointing that out in internet.

*replace the text inside the <> brackets with your SSID and password.

Tags:
Category: Tips  |  2 Comments

Cisco Aironet 1200 AP1231G WPA-PSK clients do not connect

November 7, 2015, 08:58

For the esp-link project I tried to set my standard WLAN for the esp-link ESP-8266 ESP-01 modul. Unfortunately the ESP-8266 was unable to connect. My WLAN uses simple WPA PSK and TKIP and I did not have that connection issues before. The Cisco AP1231 access points work reliable.

After some digging and asking around with no solution I added one more access point (a TP-Link WA500G) and configured a wireless network with WPA2 PSK and AES. The ESP-8266 immediately was able to connect. This was OK for some time but why add an additional AP only for one client?

A friend then lead me to take a look at the Cisco event log and I saw many “Packet to client 18fe.34a6.ed4e reached max retries, removing the client” entries

 

Packet to client 10d3.8af5.16ff reached max retries, removing the client

when the ESP-8266 tried to connect to the Cisco wireless network. After some research the tip found was to increase the packet retries parameter on the Cisco AP:

AP1#enable
 AP1#conf t
 Enter configuration commands, one per line.  End with CNTL/Z.
 AP1(config)#interface dot11radio 0
 AP1(config-if)#packet retries 128 drop-packet
 ...
AP1#copy running-config startup-config

The Cisco radio did a reset and then I tried to connect the ESP-8266 again. This time the ESP connected successfully.

Another issue solved.

 

Tags:
Category: Tips  |  1 Comment