In this post, we will see how to configure WPA-PSK (WiFi Protected Access – Pre Shared Key).
WPA key management support two mutually exclusive management types: WPA & WPA-PSK. Using WPA key management client & authentication server authenticate to each other using an EAP (Extensible Authentication Protocol) method and client & server generate a pairwise master key(PMK). Using WPA server generate the PMK dynamically and passes it to the Access point.
Using WPA-PSK, however you configure a pre-shared key on both the client & the access point (AAP) and that pre-shared key is used as the PMK.
We will configure “data2” SSID with WPA-PSK. Highlighted the WPA-PSK related commands. Keep in mind “open” or “network-eap” authentication required for WPA
dot11 ssid data2 vlan 13 mbssid guest-mode authentication open authentication key-management wpa wpa-psk ascii 0 1234567890 ! interface Dot11Radio1 encryption vlan 13 mode ciphers tkip
You can verify the configuration by using Anyconnect client to connect to this SSID as shown below
There are additional configurations you can do under authentication key-managment section as shown in the below. You can specify WPA “version 2 ” if you require highest security. If you configure CCKM (Cisco Centralized Key Management) this will enhance fast-roaming of cisco compatible clients. If you specify “optional” any other types of key management can be used associate to this SSID & not limited to WPA & CCKM. You can configure all these options if required.
dot11 ssid data2 vlan 13 mbssid guest-mode authentication open authentication key-management wpa version 2|cckm|optional wpa-psk ascii 0 1234567890
Under Radio interface vlan encryption section you can configure multicple encryption methods in order to support different type of encryption (in case certain clients may have limitations). Below shows both AES-CCM & TKIP encryption allowed configuration.
interface Dot11Radio1 encryption vlan 13 mode ciphers aes-ccm tkip
1. Autonomous AP with WEP Security
2. Autonomous AP as Local Radius Server
3. Autonomous AP with LEAP Security
4 Autonomous AP with EAP-FAST Security
5 Autonomous AP with EAP-TLS Security
9. Autonomous AP – QoS