I needed some old Cisco 1242 APs to support WPA 2 wireless clients. The AP support AES-CCM encryption which is primarily used by WPA2 (TKIP for WPA) but there's no option for WPA version 2 under the SSID key management configuration.
ap#show version
Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 06-Oct-05 09:45 by evmiller
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
ap uptime is 5 weeks, 14 hours, 1 minute
System returned to ROM by power-on
System image file is "flash:/c1240-k9w7-mx.123-7.JA1/c1240-k9w7-mx.123-7.JA1"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-AP1242AG-A-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FOC09400ABC
PowerPCElvis CPU at 266Mhz, revision number 0x0950
Last reset from power-on
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:14:69:40:12:34
Part Number : 73-9921-23
PCA Assembly Number : 800-26574-56
PCA Revision Number : A0
PCB Serial Number : FOC09400ABC
Top Assembly Part Number : 800-26807-89
Top Assembly Serial Number : FTX09451234
Top Revision Number : B0
Product/Model Number : AIR-AP1242AG-A-K9
Configuration register is 0xF
ap#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ap(config)#dot11 ssid WPA2-SSID
ap(config-ssid)#authentication key-management wpa ?
cckm allow CCKM clients
optional allow legacy clients
ap(config)#interface Dot11Radio0
ap(config-if)#encryption vlan 1 mode ciphers ?
aes-ccm WPA AES CCMP // WPA 2
ckip Cisco Per packet key hashing
ckip-cmic Cisco Per packet key hashing and MIC (MMH)
cmic Cisco MIC (MMH)
tkip WPA Temporal Key encryption // WPA
wep128 128 bit key
wep40 40 bit key
ap(config-if)#encryption vlan 1 mode ciphers aes-ccm
You'll need to upgrade the IOS of a Cisco 1242 AP to 12.4(10b)JDA3 in order to support WPA2. I've used the command archive tar /xtract tftp://<TFTP IP>/c1240-k9w7-mx.124-10b.JDA3.tar flash: in privileged mode.
ap#show version
Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.4(10b)JA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 24-Oct-07 15:31 by prod_rel_team
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
ap uptime is 4 days, 3 hours, 13 minutes
System returned to ROM by reload
System image file is "flash:/c1240-k9w7-mx.124-10b.JA/c1240-k9w7-mx.124-10b.JA"
<OUTPUT TRUNCATED>
ap#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ap(config)#dot11 ssid WPA2-SSID
ap(config-ssid)#authentication key-management wpa ?
cckm allow CCKM clients
optional allow legacy clients
version Specify WPA version
<cr>
ap(config-ssid)#authentication key-management wpa version ?
<1-2> WPA version
ap(config-ssid)#authentication key-management wpa version 2
ap#show version
Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 06-Oct-05 09:45 by evmiller
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
ap uptime is 5 weeks, 14 hours, 1 minute
System returned to ROM by power-on
System image file is "flash:/c1240-k9w7-mx.123-7.JA1/c1240-k9w7-mx.123-7.JA1"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-AP1242AG-A-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FOC09400ABC
PowerPCElvis CPU at 266Mhz, revision number 0x0950
Last reset from power-on
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:14:69:40:12:34
Part Number : 73-9921-23
PCA Assembly Number : 800-26574-56
PCA Revision Number : A0
PCB Serial Number : FOC09400ABC
Top Assembly Part Number : 800-26807-89
Top Assembly Serial Number : FTX09451234
Top Revision Number : B0
Product/Model Number : AIR-AP1242AG-A-K9
Configuration register is 0xF
ap#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ap(config)#dot11 ssid WPA2-SSID
ap(config-ssid)#authentication key-management wpa ?
cckm allow CCKM clients
optional allow legacy clients
ap(config)#interface Dot11Radio0
ap(config-if)#encryption vlan 1 mode ciphers ?
aes-ccm WPA AES CCMP // WPA 2
ckip Cisco Per packet key hashing
ckip-cmic Cisco Per packet key hashing and MIC (MMH)
cmic Cisco MIC (MMH)
tkip WPA Temporal Key encryption // WPA
wep128 128 bit key
wep40 40 bit key
ap(config-if)#encryption vlan 1 mode ciphers aes-ccm
You'll need to upgrade the IOS of a Cisco 1242 AP to 12.4(10b)JDA3 in order to support WPA2. I've used the command archive tar /xtract tftp://<TFTP IP>/c1240-k9w7-mx.124-10b.JDA3.tar flash: in privileged mode.
ap#show version
Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.4(10b)JA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 24-Oct-07 15:31 by prod_rel_team
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
ap uptime is 4 days, 3 hours, 13 minutes
System returned to ROM by reload
System image file is "flash:/c1240-k9w7-mx.124-10b.JA/c1240-k9w7-mx.124-10b.JA"
<OUTPUT TRUNCATED>
ap#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ap(config)#dot11 ssid WPA2-SSID
ap(config-ssid)#authentication key-management wpa ?
cckm allow CCKM clients
optional allow legacy clients
version Specify WPA version
<cr>
ap(config-ssid)#authentication key-management wpa version ?
<1-2> WPA version
ap(config-ssid)#authentication key-management wpa version 2
No comments:
Post a Comment