June 5, 2012

Cisco WLC 5508 - Set WPA pass

Step 1 Disable the WLAN by entering this command:

config wlan disable wlan_id

Enable or disable WPA for the WLAN by entering this command:

config wlan{enable | disable}ity wpa enable wlan_id

Step 3 Enable or disable WPA1 for the WLAN by entering this command:

config wlan security wpa wpa1 {enable | disable} wlan_id

Step 4 Enable or disable WPA2 for the WLAN by entering this command:

config wlan security wpa wpa2 {enable | disable} wlan_id

Step 5 Enable or disable AES or TKIP data encryption for WPA1 or WPA2 by entering one of these commands:

•config wlan security wpa wpa1 ciphers {aes | tkip} {enable | disable} wlan_id

•config wlan security wpa wpa2 ciphers {aes | tkip} {enable | disable} wlan_id

**The default values are TKIP for WPA1 and AES for WPA2.
**

Enable or disable 802.1X, PSK, or CCKM authenticated key management by entering this command:

config wlan security wpa akm {802.1X | psk | cckm} {enable | disable} wlan_id

The default value is 802.1X.

If you enabled PSK in Step 6, enter this command to specify a preshared key:

config wlan security wpa akm psk set-key {ascii | hex} psk-key wlan_id

WPA preshared keys must contain 8 to 63 ASCII text characters or 64 hexadecimal characters.

Step 8 If you enabled WPA2 with 802.1X authenticated key management or WPA1 or WPA2 with CCKM authenticated key management, the PMK cache lifetime timer is used to trigger reauthentication with the client when necessary. The timer is based on the timeout value received from the AAA server or the WLAN session timeout setting. To see the amount of time remaining before the timer expires, enter this command:

show pmk-cache all

Information similar to the following appears:

PMK-CCKM Cache
Entry
Type Station Lifetime VLAN Override IP Override
—— ——————- ——– —————— —————
CCKM 00:07:0e:b9:3a:1b 150 0.0.0.0

If you enabled WPA2 with 802.1X authenticated key management, the controller supports opportunistic PMKID caching but not sticky (or non-opportunistic) PMKID caching. In sticky PMKID caching, the client stores multiple PMKIDs. This approach is not practical because it requires full authentication for each new access point and is not guaranteed to work in all conditions. In contrast, opportunistic PMKID caching stores only one PMKID per client and is not subject to the limitations of sticky PMK caching.

Step 9 Enable the WLAN by entering this command:

config wlan enable wlan_id