Super-Networking Blog

Say goodbye to your old WEP 128-bit keys and say hello to AES and WPA2. If you want to really secure down your Cisco Aironets follow these settings.

*Personal with Pre-Shared Key*

In the Windows Client (If you have your SSID Hidden and you are using Microsoft’s Zero Config)

1) Do properties on you wireless connection
2) Go to the Wireless Networks Tab
3) Under Association Tab:

Network Name “Your SSID”
Network Authentication “WPA2-PSK”
Data encryption “AES“

*Enterprise without Pre-Shared Key*

In the Windows Client (If you have your SSID Hidden and you are using Microsoft’s Zero Config)

1) Do properties on you wireless connection
2) Go to the Wireless Networks Tab
3) Under Association Tab:

Network Name “Your SSID”
Network Authentication “WPA2”
Data encryption “AES“

You might need the following patch.

*Personal with Pre-Shared Key*

In Aironet

Under Security Menu
1) Encryption Manager

Select your VLAN
Encryption Modes “Cipher - AES CCMP”
Encryption Keys “Blank”
Global Properties “Disable Rotation

2) SSID Manager

Choose your Current SSID
Methods Accepted: “Open Authentication”
Client Authenticated Key Management “Mandatory” + “WPA” + Pre-shared Key of at least 10 characters.

*Enterprise without Pre-Shared Key*

In Aironet

Under Security Menu
1) Encryption Manager

Select your VLAN
Encryption Modes “Cipher - AES CCMP”
Encryption Keys “Blank”
Global Properties “Disable Rotation

2) SSID Manager

Choose your Current SSID
Methods Accepted: “Open Authentication with EAP”
Client Authenticated Key Management: “Key Management: Mandatory and Check WPA”
General Settings: “Check Advertise Extended Capabilities of this SSID”

Version of Software on Aironets - 12.3(8)JA2

This is by far not all the tweaks that can be done but will get you off the ground and very secure. If you are currently running WEP you should be able to keep all your other settings in the aironet except change these and you will be 100s of time more secure.

Questions please leave a comment.