Cisco 877W WPA2 and synch

s0ck · 6 Dec 2009 at 04:33

System image file is "flash:c870-advsecurityk9-mz.124-11.T1.bin

...yet I can only use TKIP for wireless, no AES?

I got this off ebay so no smartnet, etc. Am I screwed or is there some small chance one can get an AES capable image from Cisco?

Anyone here have the option for AES in their IOS?

Also, this router ALWAYS synchs @

Code:

                 Interleave             Fast    Interleave              Fast
Speed (kbps):          1536                0           416                 0

It never varies, up or down.

Init FW: init_AMR-2.6.004.bin
Operation FW: AMR-2.6.004.bin

Is this the culprit? ^

I did scan the changelog for 3+ but I didn't see anything about synch speed issues. The normal ADSL router I was using prior to this was synching around 2.5Mb~.

Yamahahahahaha · 6 Dec 2009 at 11:19

1) ADVSEC will do AES. That version of the firmware is also pretty new, so it shouldn't be a problem. Have you tried using the SDM to set it up?

http://www.cisco.com/en/US/prod/col...s6200/product_data_sheet0900aecd8028a976.html

2) Need to see the line stats before we can comment on the line speed. It wouldn't hurt to try a newer modem firmware if possible.

s0ck · 6 Dec 2009 at 12:45

Everytime I use SDM it fills the config with loads of stuff I don't understand and subsequently breaks something. It looks very comprehensive and I bet it would save me loads of time if I could get it working properly. For now, I've stuck to the cli.

Code:

tupac(config-if)#encryption vlan 1 mode ciphers ?
  tkip    WPA Temporal Key encryption
  wep128  128 bit key
  wep40   40 bit key

I don't seem to have an AES/AES-CCM option? I'm guessing if it's not present here, using SDM will bear no fruit anyway?

Here's the DSL stuff. I've got a pretty poor line by all accounts:

Code:

tupac#sh dsl int a0
ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.1 (G.DMT) Annex A
ITU STD NUM:     0x01                            0x1
Vendor ID:       'STMI'                          'GSPN'
Vendor Specific: 0x0000                          0x0008
Vendor Country:  0x0F                            0xFF
Capacity Used:   41%                             57%
Noise Margin:    23.0 dB                         21.0 dB
Output Power:    18.0 dBm                        12.5 dBm
Attenuation:     56.0 dB                         31.5 dB
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0xAA
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      4046 (0 spurious)
PHY Access Err:  0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR-2.6.004.bin
Operation FW:    AMR-2.6.004.bin
FW Source:       external
FW Version:      2.6.4

                 Interleave             Fast    Interleave              Fast
Speed (kbps):          1536                0           416                 0
Cells:                 8256                0        399462                 0
Reed-Solomon EC:          2                0             0                 0
CRC Errors:               0                0             1                 0
Header Errors:            0                0             0                 0
Total BER:                0E-0           0E-0
Leakage Average BER:      0E-0           0E-0
LOM Monitoring : Enabled
LOM watch configured for 200 times
LOM appeared continuously for 0 times


DMT Bits Per Bin
000: 0 0 0 0 0 0 0 2 3 4 5 6 6 6 7 7
010: 7 7 7 7 7 7 7 6 6 6 5 5 5 4 3 2
020: 0 0 2 4 4 5 6 6 6 7 6 6 7 6 2 6
030: 7 7 7 7 7 7 6 7 7 6 3 4 6 6 6 7
040: 0 6 6 5 5 6 5 5 5 5 5 6 5 5 6 6
050: 6 6 5 6 6 2 5 5 5 5 5 5 5 5 5 5
060: 5 5 4 5 5 5 5 4 4 5 5 4 5 4 5 5
070: 4 4 3 2 3 3 4 4 3 3 3 3 3 3 3 3
080: 3 2 2 2 3 3 3 3 2 3 3 2 2 2 2 2
090: 2 2 0 0 2 2 2 2 0 0 2 2 2 2 0 0
0A0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0B0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0C0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0D0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0E0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

DSL: Training log buffer capability is not enabled
tupac#

Yamahahahahaha · 6 Dec 2009 at 13:40

You've set up tkip but not authentication key management (WEP / WPA / WPA2)

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html

That should put you right

s0ck · 6 Dec 2009 at 14:40

Not sure what you mean fella.

Here's what I've got so far:

Code:

interface Dot11Radio0
 no ip address
 shutdown
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid open
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii etc
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

Which bit is wrong?

Yamahahahahaha · 6 Dec 2009 at 17:02

Ah right, I see the problem now :] Seems a bit arse about face.

http://www.cisco.com/en/US/docs/routers/access/1800/wireless/configuration/guide/s37wep.html

This goes more indepth. It should say aes-ccm in that "encryption vlan 1 mode ciphers" menu. Try doing it anyway, I'm sure it won't work...

In which case, you'll need to grab a new IOS off the Cisco website I guess. D:

s0ck · 6 Dec 2009 at 17:21

mmm. I thought I had ze uber ios but it seems not ;/

Yamahahahahaha · 6 Dec 2009 at 17:58

I've just checked that IOS and indeed it does not support 'Advanced Encryption Standard (AES) - CCMP'

"This feature supports Wi-Fi Protected Access (WPA2) which is the Wi-Fi Alliance specification for interoperable wireless LAN security that supports IEEE 802.11i authentication and AES-CCMP encryption."