aironet aes encryption

Its possible that you would.

Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)

show conf | i aes encryption mode ciphers aes-ccm

The technote at

Don't forget that for aes you need the right radio module on the ap, not sure but for old 1130 devices you need to change the radio module in order to support aes.

Bye, Tosh.

The 1130's aren't that old?

The 350 may be. I can do only TKIP/WPA on it.

AP#sh controllers ! interface Dot11Radio0 Radio AIR-MP21G, Base Address 0015.6217.4d40, BBlock version 0.00, Software version 6.11.1

AIR-MP21G supports aes, old AIR-MP20G does not, early 1100 and 1200 series AP were shipped with the old module. The story I know is that aes is offloaded by a dedicated hardware, unless newer releases adds aes support in software (which is very cpu intensive) you need the above module.

Bye, Tosh.

~ >> is saying that you need 12.3(2)JA or later for WPA2 (ie. aes, aka ~ >> aes-ccm). ~ >>

~ ~ >Don't forget that for aes you need the right radio module on the ap, not ~ >sure but for old 1130 devices you need to change the radio module in order ~ >to support aes. ~ ~ ~ The 1130's aren't that old? ~ ~ The 350 may be. I can do only TKIP/WPA on it.

All 1130s support WPA2/AES.

So you could do (WPA with TKIP) and/or (WPA2 with TKIP and/or AES.) Either with EAP or (typically more suitable for hime use) PSK.

Unfortunately, the AP GUI doesn't provide WPA[2]-PSK as an option, so you'll have to do it by hand. Here's a config that should do the needful:

dot11 ssid WPAPSK authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 YOURKEYHERE ! interface Dot11Radio0 encryption mode ciphers aes-ccm tkip ! ssid WPAPSK

Aaron