Foro en Español

Reply
Occasional Contributor II

Como conecta mis clientes tkip o AES?

Hola, ¿cómo puedo saber que tipo de cifrado estan usando mis clientes si en el mismo SSID estoy permitiendo wpa-tkip wpa-aes wpa2-aes y wpa2-tkip?

 

Me gustaría eliminar el tkip.

 

Gracias. Un saludo

Aruba Employee

Re: Como conecta mis clientes tkip o AES?

¿Entiendo que es una controladora?  El comando:

 

#show wlan ssid-profile <ssid-name>

 

Saca un resumen de la SSID:

 

(7008-1) (SSID Profile "WebCC_pruebas") #show wlan ssid-profile WebCC_pruebas

SSID Profile "WebCC_pruebas"
----------------------------
Parameter Value
--------- -----
SSID enable Enabled
ESSID WebCC_pruebas
Encryption wpa2-psk-aes
Enable Management Frame Protection Disabled
Require Management Frame Protection Disabled
DTIM Interval 1 beacon periods
802.11a Basic Rates 6 12 24
802.11a Transmit Rates 6 9 12 18 24 36 48 54
802.11g Basic Rates 1 2
802.11g Transmit Rates 1 2 5 6 9 11 12 18 24 36 48 54
Station Ageout Time 1000 sec
Max Transmit Attempts 8
RTS Threshold 2333 bytes
Short Preamble Enabled
Max Associations 64
Wireless Multimedia (WMM) Disabled
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave Enabled
WMM TSPEC Min Inactivity Interval 0 msec
Override DSCP mappings for WMM clients Disabled
DSCP mapping for WMM voice AC (0-63) N/A
DSCP mapping for WMM video AC (0-63) N/A
DSCP mapping for WMM best-effort AC (0-63) N/A
DSCP mapping for WMM background AC (0-63) N/A
WMM Access Class of EAP traffic default
Multiple Tx Replay Counters Disabled
Hide SSID Disabled
Deny_Broadcast Probes Disabled
Local Probe Request Threshold (dB) 0
Auth Request Threshold (dB) 0
Disable Probe Retry Enabled
Battery Boost Disabled
WEP Key 1 N/A
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
WPA Hexkey N/A
WPA Passphrase aruba123$
Maximum Transmit Failures 0
EDCA Parameters Station profile N/A
EDCA Parameters AP profile N/A
BC/MC Rate Optimization Disabled
Rate Optimization for delivering EAPOL frames Enabled
Strict Spectralink Voice Protocol (SVP) Disabled
High-throughput SSID Profile default
802.11g Beacon Rate default
802.11a Beacon Rate default
Video Multicast Rate Optimization default
Advertise QBSS Load IE Disabled
Advertise Location Info Disabled

 

Si quieres cambiar el opmode:

 

(7008-1) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(7008-1) (config) #wlan ssid-profile WebCC_pruebas
(7008-1) (SSID Profile "WebCC_pruebas") #opmode ?
dynamic-wep WEP with dynamic keys
opensystem No encryption
static-wep WEP with static keys
wpa-aes WPA with AES encryption and dynamic keys using
802.1X
wpa-psk-aes WPA with AES encryption using a pre-shared key
wpa-psk-tkip WPA with TKIP encryption using a pre-shared key
wpa-tkip WPA with TKIP encryption and dynamic keys using
802.1X
wpa2-aes WPA2 with AES encryption and dynamic keys using
802.1X
wpa2-psk-aes WPA2 with AES encryption using a pre-shared key
wpa2-psk-tkip WPA2 with TKIP encryption using a pre-shared key
wpa2-tkip WPA2 with TKIP encryption and dynamic keys using
802.1X
<cr>

 

¿Qué versión de software tienes?

 

Saludos,


David

Occasional Contributor II

Re: Como conecta mis clientes tkip o AES?

Hola, gracias David por tu pronta respuesta.

 

Efectivamente es controladora (7220) y la versión de AOS es 6.5.4.0

 

He ejecutado el comando que me indicas pero no sabría identificar si tengo clientes conectado con tkip. Es decir, lo que busco es conocer cuantos clientes estan conectado con tkip y cuantos con AES, ya que el modo de operación permite varias posibilidades.

 

Pego salida del comando abajo.

Un saludo.

 

SSID Profile "eduroam_SSID"
---------------------------
Parameter                                         Value
---------                                         -----
SSID enable                                       Enabled
ESSID                                             eduroam
Encryption                                        wpa-tkip wpa-aes wpa2-aes wpa2-tkip
Enable Management Frame Protection                Disabled
Require Management Frame Protection               Disabled
DTIM Interval                                     1 beacon periods
802.11a Basic Rates                               6 12 24
802.11a Transmit Rates                            6 9 12 18 24 36 48 54
802.11g Basic Rates                               1 2
802.11g Transmit Rates                            9 11 12 18 24 36 48 54
Station Ageout Time                               1000 sec
Max Transmit Attempts                             8
RTS Threshold                                     2333 bytes
Short Preamble                                    Enabled
Max Associations                                  64
Wireless Multimedia (WMM)                         Enabled
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave  Enabled
WMM TSPEC Min Inactivity Interval                 0 msec
Override DSCP mappings for WMM clients            Disabled
DSCP mapping for WMM voice AC (0-63)              N/A
DSCP mapping for WMM video AC (0-63)              N/A
DSCP mapping for WMM best-effort AC (0-63)        N/A
DSCP mapping for WMM background AC (0-63)         N/A
WMM Access Class of EAP traffic                   default
Multiple Tx Replay Counters                       Disabled
Hide SSID                                         Disabled
Deny_Broadcast Probes                             Disabled
Local Probe Request Threshold (dB)                0
Auth Request Threshold (dB)                       0
Disable Probe Retry                               Enabled
Battery Boost                                     Disabled
WEP Key 1                                         N/A
WEP Key 2                                         N/A
WEP Key 3                                         N/A
WEP Key 4                                         N/A
WEP Transmit Key Index                            1
WPA Hexkey                                        N/A
WPA Passphrase                                    N/A
Maximum Transmit Failures                         0
EDCA Parameters Station profile                   N/A
EDCA Parameters AP profile                        N/A
BC/MC Rate Optimization                           Enabled
Rate Optimization for delivering EAPOL frames     Enabled
Strict Spectralink Voice Protocol (SVP)           Disabled
High-throughput SSID Profile                      default
802.11g Beacon Rate                               default
802.11a Beacon Rate                               default
Video Multicast Rate Optimization                 default
Advertise QBSS Load IE                            Disabled
Advertise Location Info                           Disabled
Advertise AP Name                                 Disabled
Traffic steering from WLAN to cellular            Disabled
802.11r Profile                                   N/A
Enforce user vlan for open stations               Disabled
Enable OKC

Aruba Employee

Re: Como conecta mis clientes tkip o AES?

Ok, perdona .... es que antes de quitar tkip, quieres saber si hay dispositivos empleandolo ....

 

Puedes sacar la info del datapath:

 

(7008-1) #show datapath station table

Datapath Station Table Entries
------------------------------

Flags: W - WEP, T - TKIP, A - AESCCM, M - WMM N - .11n client
S - AMSDU, G - AESGCM, R - DATA READY, I - INACTIVE, r - ROAMED

MAC BSSID VLAN Bad Decrypts Bad Encrypts RSN cap Aid HomeVlan A-MsduSize A-MsduTxQ Seq Flags
----------------- ----------------- ---- ------------ ------------ ------- ---- -------- ---------- ------------------- --- -----
24:A0:74:F2:FB:12 A8:BD:27:CD:5F:33 1 0 0 0000 0001 1 7935 0001/0005/0004/0000 124 AMNSR
DC:4A:3E:CE:7D:35 A8:BD:27:CD:5F:20 1 0 0 0000 0001 1 0 0000/0000/0000/0000 166 AMNR
AC:BC:32:01:45:6F A8:BD:27:CD:5F:34 42 0 0 0000 0001 42 0 8000/0000/0000/8000 169 AMNR
B4:18:D1:74:B9:9B A8:BD:27:CD:5F:23 1 0 0 0000 0001 1 0 0000/0000/0000/0000 62 AMNR
E4:E4:AB:71:14:6D A8:BD:27:CD:5F:21 42 0 0 0000 0001 42 0 0000/0000/0000/0000 83 AMNR

 

Saludos,

 

David

Occasional Contributor II

Re: Como conecta mis clientes tkip o AES?

Hola, tengo pocos clientes que usen TKIP, así que lo hemos eliminado de la configuración.

También lo intenté por airwave, pero cuando busco un cliente la información de modo de seguridad y cifrado está en blanco, ¿debería aparece algo en estos campos?

 

Muchas gracias.

Un saludo.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: