The default security configuration for AC devices since firmware version 8.5.11 was changed to WPA2 AES with a pre-shared key 0000:0000. For users and operators who do not use wireless security on their AP radios, this can cause a network disruption when this setting is not matched by all client radios. The None option was removed from the UI, so this article will describe how to configure the security setting off with the CLI.
Table of Contents
When an AC radio is reset due to a variety of factors, such as a power surge or short in the cable sending power to the reset pins, up to date AC devices will not have the option in the UI to set Security to None. For networks that do not employ wireless security, this will cause clients to fail the WPA handshake and result in a network disruption.
Steps: How to
- Access the radio command line by your preferred method. SSH is the most common way, and available on any platform. For Windows, the most popular SSH client is PuTTY but you can also use the Windows Subsystem for Linux. On Mac OSX and Linux, OpenSSH is almost always installed by default for use in the terminal emulator. A nice alternative is through the UNMS dashboard.
- Edit /tmp/system.cfg manually, with `vi /tmp/system.cfg`. The key-value pair you're looking for is `aaa.status=enabled`. Edit the value to disabled and save the file.
- Back on the command line, execute the command `save`.
Testing & Verification
After following the steps above, your AP will now have wireless security disabled. Confirm this by logging into the Web UI of the radio and checking the Wireless tab of the configuration. This will allow client radios with no security to re-associate with the AP radio, so you can update their configurations to add WPA2-AES encryption.