Hi Everyone,
We're in the process of deploying 802.1x across our campus. We primarly
use Cisco's Aironet 1200 series access points. We initially were going to use
mixed mode (support of WPA+WPA2 on the same SSID) in order to provide the best
support, but seem to have run into problems.
When using a windows XP computer with the WPA2 patch installed (KB893357) and
only WPA hardware support (no WPA2), Windows Zero Config (WZC) will always
attempt to connect using WPA and AES (an invalid combination). You can manually
force it to use WPA and TKIP, but if you disconnect and reconnect it will
default back to WPA/AES and fail.
On a macintosh running 10.3 (or 10.4) if the hardware supports WPA2 it will work
fine, but on older hardware that only does WPA1, it won't connect no matter how
you configure it. I'm wondering if this is related to the AP advertising both
TKIP and AES and all the OSes wanting to use the best one (AES) even if the
hardware doesn's support it. Has anyone had similar problems and found a
solution?
<Code snippet for mixed mode>
dot11 ssid restricted.utexas.edu
vlan 312
authentication open eap uteap
authentication key-management wpa
mobility network-id 312
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 312 mode ciphers aes-ccm tkip
!
ssid restricted.utexas.edu
</Code>
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
