In a previous blog article I outlined the CLI commands used to configure an autonomous AP for APoS for survey work.
I configured the SSIDs with no encryption, this is not really an issue because I am only using this SSID to measure the RF attenuation in my environment environment, I am not passing sensitive data over this link. However it does invite the possibility that 'some joker' at the customer's site could join this unprotected network. Admittedly they will not be assigned an IP address, nor is it likely they will log in to the AP and change any parameters. The most likely outcome is the LED on the AP will change colour and I will notice this, nevertheless in order to prevent this from happening we can configure our SSIDs with wpa2-psk encryption to prevent any 'funny guys' trying to muscle-in on my survey AP.
To achieve this, 3 steps are required:
dot11radio encryption mode
- dot11 ssid authentication mode
- dot11 ssid wpa-psk to be set
dot11radio encryption mode
Copy
dot11 SSID authentication mode
Copy
dot11 SSID wpa-psk
Copy
Summary
That is it, SSID CISCO-SURVEY 2.4 is now protected with wpa-psk.
This needs to be done again in order to protect the SSID CISCO-SURVEY 5.
SURVEY(config)#int dot11Radio 1
SURVEY(config-if)#encryption mode ciphers aes-ccm
SURVEY(config)#dot11 ssid CISCO-SURVEY 5
SURVEY(config-ssid)#authentication key-management wpa version 2
SURVEY(config-ssid)#wpa-psk ascii 0 CiscoCiscoCopy
Don't forget to save your changes, assuming you are happy with the results.
SURVEY#copy run startCopy