LEAP (or WPA-Ent) and WPA-PSK to work on a single 1200AP???
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by hax3 on September 26, 2005, 4:01 pm
Please log in for more thread options taking the time to read and help with my issue below.. To make the long story short.. I need to get a new Palm LifeDrive PDA type device to connect to our Cisco Wireless network for Internet access. Palm LifeDrive only support WEP or WPA-PSK. Our Cisco Wlan uses CISCO Leap but we are considering going to WPA-Enterprise. Is there any way that I can configure the same 1200AP so that it can authenticate both our existing LEAP clients and the new WPA-PSK lifedrive devices?? Would this be possible and or make it easier if we upgrade our LEAP to WPA-Enterprise first?? Thanks again... | |||||||||||||
|
Posted by Uli Link on September 26, 2005, 5:13 pm
Please log in for more thread options Distinguish between the authentication and the encryption cipher. > Is there any way that I can configure the same 1200AP so that it can
> authenticate both our existing LEAP clients and the new WPA-PSK > lifedrive devices?? You can use different authentication schemes on separate SSIDs. > Would this be possible and or make it easier if we
> upgrade our LEAP to WPA-Enterprise first?? Depends on the LEAP clients, you can use LEAP as EAP authentication with as you call it WPA Enterprise. For WPA the encryption cypher must be TKIP/Michael (or AES-CCMP). So all your LEAP clients must support TKIP. TKIP does *not* work with Linux, MacOS and MS-DOS drivers for the 350 series PCMCIA or MiniPCI cards. TKIP is supported and works with Windows 2000 and XP with 350 cards with fw 5.30.17 or newer TKIP is *not* supported (but works...) on legacy 340 cards with fw 5.30.17 (or unsupported newer) -- Uli | |||||||||||||
|
Posted by hax3 on September 27, 2005, 12:35 pm
Please log in for more thread options
Uli Link wrote: > hax3 schrieb:
> > Hello.. first and foremost - I'd like to thank everyone in advance for
> > taking the time to read and help with my issue below.. > > > > To make the long story short.. I need to get a new Palm LifeDrive PDA > > type device to connect to our Cisco Wireless network for Internet > > access. > > > > Palm LifeDrive only support WEP or WPA-PSK. Our Cisco Wlan uses CISCO > > Leap but we are considering going to WPA-Enterprise. >
> Distinguish between the authentication and the encryption cipher. Currently our APs are set to MANDATORY WEP ENCRYPTION and NETWORK EAP Authentication. Configuring our AP to support WPA-PSK, I believe I will need to set it to CIPHER TKIP with OPEN Authentication and set a WPA PRE-SHARED KEY (is this correct?). >
> > Is there any way that I can configure the same 1200AP so that it can
> > authenticate both our existing LEAP clients and the new WPA-PSK > > lifedrive devices?? >
> You can use different authentication schemes on separate SSIDs. Do I need to setup VLANs? Or can I setup differnet authentication and encryption schemes on different SSIDS withOUT setting up VLANs? >
> > Would this be possible and or make it easier if we
> > upgrade our LEAP to WPA-Enterprise first?? >
> Depends on the LEAP clients, > you can use LEAP as EAP authentication with as you call it WPA Enterprise. > For WPA the encryption cypher must be TKIP/Michael (or AES-CCMP). > So all your LEAP clients must support TKIP. > > TKIP does *not* work with Linux, MacOS and MS-DOS drivers for the 350 > series PCMCIA or MiniPCI cards. > > TKIP is supported and works with Windows 2000 and XP with 350 cards with > fw 5.30.17 or newer > TKIP is *not* supported (but works...) on legacy 340 cards with fw > 5.30.17 (or unsupported newer) > All clients are either W2k or Palm OS (which TKIP is the only option for WPA-PSK). > --
> Uli | |||||||||||||
|
Posted by Uli Link on September 27, 2005, 3:18 pm
Please log in for more thread options hax3 schrieb:
>
> Configuring our AP to support WPA-PSK, I believe I will need to set it > to CIPHER TKIP with OPEN Authentication and set a WPA PRE-SHARED KEY > (is this correct?). Yes. >
> Do I need to setup VLANs? Or can I setup differnet authentication and > encryption schemes on different SSIDS withOUT setting up VLANs? > Yes and No. You can set different authentication per SSID, but without VLANs the encryption cipher is global per radio. You must set the encryption cipher to the largest common denominator. > All clients are either W2k or Palm OS (which TKIP is the only option
> for WPA-PSK). LEAP with TKIP works with recent drivers and firmware on W2k Don't know for PalmOS. You can only broadcast one SSID. Some braindead cards/fw/drivers don't work reliable without broadcasted SSID. Never found such problems with Aironet cards. HTH -- Uli | |||||||||||||
|
Posted by hax3 on September 28, 2005, 10:35 am
Please log in for more thread options Thanks Uli for all your help.. I was able to do the following to
enable 2 groups access to the same 1200AP.. Set global cipher encryption to TKIP (vs WEP) Set 2 different SSIDs: - one SSID set for WPA-Enterprise (ie NETWORK-EAP authentication with Mandatory WPA KEY MANAGEMENT). - one SSID set for WPA-PSK (ie OPEN Authentication with MANDATORY WPA KEY MANAGEMENT and WPA-PRESHARED KEY pass phrase. 1 issue I have is I can't seem to "hide" (or not-broadcast) both SSID. It automatically broadcasts one - right now it's broadcasting the SSID for WPA-PSK. Not sure how to force hide both SSIDs.. Another issue is if I set the WPA-PSK group for OPEN Authentication with MAC, it erases the WPA-PSK pass phrase - do you know if it's possible to do MAC address authentication AND WPA PreShared Key Passphrase? THanks Uli Link wrote: > hax3 schrieb:
> > > >
> > Configuring our AP to support WPA-PSK, I believe I will need to set it > > to CIPHER TKIP with OPEN Authentication and set a WPA PRE-SHARED KEY > > (is this correct?). >
> Yes. > > >
> > Do I need to setup VLANs? Or can I setup differnet authentication and > > encryption schemes on different SSIDS withOUT setting up VLANs? > > >
> Yes and No. > You can set different authentication per SSID, but without VLANs the > encryption cipher is global per radio. > You must set the encryption cipher to the largest common denominator. > > > All clients are either W2k or Palm OS (which TKIP is the only option
> > for WPA-PSK). >
> LEAP with TKIP works with recent drivers and firmware on W2k > Don't know for PalmOS. > > You can only broadcast one SSID. Some braindead cards/fw/drivers don't > work reliable without broadcasted SSID. > Never found such problems with Aironet cards. > > > HTH > > -- > Uli | |||||||||||||
| Similar Threads | Posted |
| LEAP (or WPA-Ent) and WPA-PSK to work on a single 1200AP??? | September 26, 2005, 4:01 pm |
| LEAP authentication and RSN | January 17, 2007, 11:56 am |
| PCM352 not reauthenticating LEAP automatically | April 2, 2006, 3:44 pm |
| Cisco LEAP on Windows Vista | November 3, 2006, 7:08 pm |
| Aironet CB21ag drivers and LEAP Auth failure | November 10, 2005, 12:43 pm |
| BGP on a single router | October 31, 2005, 11:14 pm |
| Multiple VLANs on Single NIC | January 19, 2006, 8:08 am |
| single BRI Port calls | May 11, 2006, 3:11 pm |
| Single Firewall Deployment | August 10, 2006, 5:42 am |
| two link on a single router | September 21, 2006, 12:14 am |
| Who i can Disabiling STP on a single Port? | January 18, 2007, 7:33 pm |
| Single IPSEC Reboot | March 12, 2007, 12:32 pm |
| BGP multihoming single site, two isp | April 4, 2007, 10:30 am |
| PIX 501 single outside interface and PAT for inbound connections??? | October 27, 2005, 7:33 pm |
| Mutiple external IPs on single interface | January 6, 2006, 7:33 pm |
> taking the time to read and help with my issue below..
>
> To make the long story short.. I need to get a new Palm LifeDrive PDA
> type device to connect to our Cisco Wireless network for Internet
> access.
>
> Palm LifeDrive only support WEP or WPA-PSK. Our Cisco Wlan uses CISCO
> Leap but we are considering going to WPA-Enterprise.