802.1 aaa entries cisco aironet question

Is it possible to have multiple aaa entries for RADIUS servers on a Cisco Aironet?
What im trying to achieve is two SSID's, one on one VLAN and another on another VLAN..
The trouble is that our RADIUS servers are using MSCHAP v2 authentication and they are for two separate servers with different user accounts on two separate VLANs
What I am hoping to do is create two SSID's on seperate VLAN's, with a separate radius entry for both SSIDs

yes it is possible. On the ssid manager page you have the option of setting up EAP server and prioritize it according to the SSID.

Similar Messages

Problem username &password in cisco aironet 802 11n

HI all ,
I will configure a new AP wireless cisco aironet 802 11n Dual band access , but i'm blocking in username and password can you anyone help me please how can i recovery this login

Hi Hossam,
The default username and password, "Cisco".
Password Recovery Procedure:
https://supportforums.cisco.com/docs/DOC-4532
Regards
Dont forget to rate helpful posts.

Question regarding the use of Cisco Aironet 1140 series

We are looking at deploying some of the Cisco Aironet Access Points as standalone. We are essentially setting up a hotspot. They will mainly be in conference rooms at each of our field offices so visitors attending our meetings can have internet access. Do clients have to use Cisco wireless adapters in order to connect
to any of Cisco Aironet Access Points or can they use whatever wireless card they have as long as it supports the bands available?
Thx in advance for any advice given.

Any product which displays the Wi-Fi Certified logo, including everything from Cisco, should interoperate with any other Wi-Fi Certified gear.

Setting up Cisco Aironet 1250 for home use

Hey everyone,
I'm rather new to the whole Enterprise Router lines. I've set up countless networks with Linksys routers in the past. However, this Aironet is giving me more trouble than I'd want it to. I was wondering if anyone could help. I've assigned it an IP Address and accessed that In-Browser interface and set up an SSID and activated the two extensions. I've been able to connect to the router with my computer and access the internet without restriction. However, when I attempt to connect a second PC or Laptop to the network, it won't allow network access to the second device. I've been stuck there forever. Is there any specific setup method I need to use to make sure more than one workstation/device? I want to use this router for home use, I often use laptops and move around the house a lot, so the advantage of better connection signal and speed is well worth it. Any help is highly apprieciated. If you need more information, don't hesitate to contact me.

Sorry for my late reply. Here is the config:
It wasn't connected to anything. This was a raw pull from a fresh cold boot.
IOS Bootloader - Starting system.
Xmodem file system is available.
flashfs[0]: 150 files, 7 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31868928
flashfs[0]: Bytes used: 6406144
flashfs[0]: Bytes available: 25462784
flashfs[0]: flashfs fsck took 16 seconds.
Reading cookie from flash parameter block...done.
Base Ethernet MAC address: 54:75:d0:dd:b5:12
Loading "flash:/c1250-k9w7-mx.124-10b.JDA3/c1250-k9w7-mx.124-10b.JDA3"...##################################################################################################################################################################################################################
File "flash:/c1250-k9w7-mx.124-10b.JDA3/c1250-k9w7-mx.124-10b.JDA3" uncompressed and installed, entry point: 0x3000
executing...
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 07-Jun-09 03:50 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01000000
Initializing flashfs...
flashfs[1]: 150 files, 7 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 31868928
flashfs[1]: Bytes used: 6406144
flashfs[1]: Bytes available: 25462784
flashfs[1]: flashfs fsck took 4 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
Warning: the compile-time code checksum does not appear to be present.
Radio 1 A600 8000 0 0 A8030000 30
Radio 1 A600 8000 0 0 B8030000 13
tx_paks 1293
tx_paks 646
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
[email protected]. AIR-AP1252AG-A-K9    (PowerPC 8349) processor (revision C0) with 49142K/16384K bytes of memory.
Processor board ID FTX1423902R
PowerPC 8349 CPU at 533Mhz, revision number 0x0031
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radio(s)
If
cisco
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 54:75:D0:DD:B5:12
Part Number                          : 73-10425-06
PCA Assembly Number                  : 800-27630-06
PCA Revision Number                  : B0
PCB Serial Number                    : FOC142025F4
Top Assembly Part Number             : 800-29039-03
Top Assembly Serial Number           : FTX1423902R
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1252AG-A-K9
Press RETURN to get started!
*Mar 1 00:00:06.211: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:07.039: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:07.543: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:09.587: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:00:09.591: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 07-Jun-09 03:50 by prod_rel_team
*Mar 1 00:00:09.591: %SNMP-5-COLDSTART: SNMP agent on host Cisco1250 is undergoing a cold start
*Mar 1 01:37:52.027: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 01:37:52.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 01:37:52.707: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 01:37:53.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 01:37:53.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 01:37:53.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 01:37:54.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 01:37:54.695: %CDP_PD-4-POWER_OK: Full power - INJECTOR_DETECTED inline power source
*Mar 1 01:37:54.703: %DOT11-4-NO_HT: Interface Dot11Radio1, Mcs rates disabled on vlan 0 due to not using AES encryption or
*Mar 1 01:37:58.303: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5180 selected
*Mar 1 01:37:58.307: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 01:37:58.307: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 0 due to not using AES encryption or
*Mar 1 01:37:58.311: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 13 seconds
*Mar 1 01:37:59.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 01:38:00.307: %LINK-3-UPDOWN: Interface BVI1, changed state to down
*Mar 1 01:38:02.931: %LINK-3-UPDOWN: Interface BVI1, changed state to up
*Mar 1 01:38:11.919: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2462 selected
*Mar 1 01:38:11.923: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 01:38:12.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Cisco1250>enable
Password:
Cisco1250#show running-config
Building configuration...
Current configuration : 1717 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Cisco1250
enable secret 5 $1$jDeQ$cFdx0aHAd8wj8tk6CCmXq/
no aaa new-model
dot11 ssid Home Network
   authentication open
   guest-mode
power inline negotiation prestandard source
username Cisco password 7 05280F1C2243
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 1 size 128bit 7 23D0220D02AE7FA723492AA01E34 transmit-key
encryption mode wep mandatory
ssid Home Network
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption key 1 size 128bit 7 0B4935657C801B3620154AB56630 transmit-key
encryption mode wep mandatory
ssid Home Network
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.1 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community Community RW
bridge 1 route ip
line con 0
line vty 0 4
login local
end
They way I connect it in the network is as follows:
BrightHouse Networks ISP Modem --> Cisco Aironet 1252 --> Incoming connections from computers and laptops.
Any ideas?

AP problem Cisco aironet 1040

I have a Cisco aironet 1040.
On my Accespoint i have 2 vlans: 1 for my wifi phones and 1 for my network.
Wifi Lan has the SSID LAN with WPA enterprise authentication to a radius server(ms server 2008).
Wifi Phone has SSID PHONE and vlan 50 with local radius authentication.
This Works all fine, Except when i enable AP for my wifi phones.
When AP is enabled the authentication for my lan doesn’t go to my server but local.
How do I configure my accesspoints so that the cisco phones use the local radius server with AP and my windows computers connect using the ms radius server?
Hope some one can help
Attached is my current config.

aaa group server radius rad_eap
server auth-port 1645 acct-port 1646
aaa group server radius WDS-AUTH
server auth-port 1812 acct-port 1813
aaa group server radius VOICE-AUTH
server auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
Both of the SSID are calling to eap_methods. What you need to do is configure another aaa authentication line:
** aaa authentication login phone_method group VOICE-AUTH**
then call that as your network-eap:
dot11 ssid VOICE
   vlan 50
   authentication network-eap **phone_method**
   authentication key-management cckm
Change/add the lines between the **.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Cisco Aironet 1131G cannot access BVI

I have configure our Cisco Aironet 1131G with Multiple SSID with VLAN's
The Guest VLAN is working well and no problem,
The issue i have is that I cannot connect to the BVI on the Wireless AP, i have setup to VLAN's
2 = LAN & NATIVE VLAN
999 = GUEST VLAN
this is my config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname NAFTA_AP_003
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap2
server 10.1.122.50 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 syslog
dot11 vlan-name GUEST vlan 999
dot11 vlan-name LAN vlan 2
dot11 ssid Nufarm_EXT
   vlan GUEST
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 053B0918245E6308015546
dot11 ssid Nufarm_INT
   vlan 2
   authentication open eap eap_methods2
   authentication network-eap eap_methods2 mac-address mac_methods
   authentication key-management wpa
username nemesis privilege 15 secret 5 $1$SjHa$TGIGBh.IhLNgflxBreKYf.
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan GUEST mode ciphers aes-ccm tkip
encryption vlan 2 mode ciphers tkip
ssid Nufarm_EXT
ssid Nufarm_INT
channel 2422
station-role root
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.999
encapsulation dot1Q 999
no ip unreachables
no ip proxy-arp
no ip route-cache
no cdp enable
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.999
encapsulation dot1Q 999
no ip unreachables
no ip route-cache
no cdp enable
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
interface BVI1
ip address 10.1.2.242 255.255.255.0
no ip route-cache
ip default-gateway 10.1.2.254
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.1.122.50 auth-port 1645 acct-port 1646 key 7 03516213160B73435E0C2D16110504
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
end

Ah, yeah that would do it, makes the swich want the VLAN to be tagged. Nice catch on that!
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

Configuring wireless card Cisco Aironet 350 PCI

I'm not a newbie in linux but now faced with a trouble. I could not manage to set up the card properly. I just installed Arch 0.8 and it's not quite clear to me how to do this with Arch. I've read all available Arch's docs on this topic.
So my situation's the following:
I have the wireless card Cisco Aironet 350 PCI and I've been using it with Slackware for a year. It works quite fine. But now, when I decided to move to Arch - I cannot set it up. My card's using `airo` module and it is loading well. All the present network devices are recognized. I can see this by ifconfig -a.
I have 2 NICs in my system:
1) simple Ethernet card - eth0. Is switched off in rc.conf
2) wireless. There are 2 different devices for it in my system: eth1 and wifi0 (and it's correct). I don't know why is it so and how about this with other wireless cards.
For example I placed here network configs from my Slackware which works well with them and expect your advice on how to do the same with Arch.
/etc/rc.d/rc.inet1.conf:
##IPADDR[0]="" #wired NIC is off
##NETMASK[0]=""
##USE_DHCP[0]="yes"
##DHCP_HOSTNAME[0]=""
# Config information for eth1:
IPADDR[1]="xx.xx.225.8"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
# Default gateway IP address:
GATEWAY="xx.xx.225.254"
/etc/rc.d/rc.wireless.conf:
# Cisco/Aironet 4800/3x0
# Note : MPL driver only (airo/airo_cs), version 1.3 or later
00:0F:F8:*)
INFO="Cisco/Aironet"
ESSID="MoyEssid"
MODE="Managed"
KEY="xxxx-xxxx-xx open"
Here is the ifconfig and iwconfig output in Slackware:
ifconfig:
eth1 Link encap:Ethernet HWaddr 00:0F:F8:4D:EF:2A
inet addr:xx.xx.225.8 Bcast:xx.xx.225.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
collisions:785 txqueuelen:1000
RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
Interrupt:10 Base address:0xb800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
wifi0 Link encap:UNSPEC HWaddr 00-0F-F8-4D-EF-2A-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:2312 Metric:1
RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
collisions:785 txqueuelen:100
RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
Interrupt:10 Base address:0xb800
iwconfig:
eth1 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thr:off Fragment thr:off
Encryption key:****-****-** Security mode:open
Power Management:off
Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
wifi0 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thr:off Fragment thr:off
Encryption key:****-****-** Security mode:open
Power Management:off
Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
Who is aware - please describe or give me a link on this, how the two devises eth1 and wifi0 are connected to each other and how to set them up in Arch.
Thnx.

Excellent! It works! Thank U very much.
My conclusion - /etc/network-profiles/ is much more suitable way/place to set your wireless network parameters even it's quite steady.
And now I have a couple of extra questions:
1) What should I do with actual network parameters in rc.conf? Currently they looks like:
lo="lo 127.0.0.1"
#eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(lo !eth0)
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
NET_PROFILES=(tier)
and that looks and works OK. What about gateway? Should I comment it here or not?
2)Though everything works fine now, I can see that wifi0 device is not listed by ifconfig now (only by iwconfig), but in my Slackware system it is. Don't have I to mention my wifi0 device in network profile's section:
#WIFI_INTERFACE=wlan0 # use this if you have a special wireless interface
# that is linked to the real $INTERFACE
Thnx!
And sorry for ugly English

Unstable Cisco Aironet 1231

I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
I have one SSID and uses WPA-PSK (TKIP).
The configuration seams wary straight forward, but something is wrong.
The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
What could be the course of instability?
The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
Best Regards
Martin
AP1#sh run
Building configuration...
Current configuration : 2227 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP1
enable secret xxx
clock timezone GMT 1
ip subnet-zero
ip domain name mydom.com
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid myssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxx
username Cisco password xxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid myssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.1.105 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
no cdp run
radius-server local
no authentication leap
no authentication mac
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
sntp server 212.242.xx.207
sntp broadcast client
end
AP1#

A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
"Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
Good Luck
Scott

Cisco Aironet 1140: 3 of our 4 are always hanging

Our office has 4 Cisco Aironet 1140 access points mounted on the ceiling. They are all powered via PoE. Every few days 3 of the 4 access points hang and have to be rebooted. When they hang I am not able to connect to their web interface to check the logs. The fourth, for some reason, always seems to stay alive.
I checked the configuration for all AP's and "Hot Standby" is disabled
They are all using static IP addresses. I've tried 2 different banks of static IP addresses and 3 of 4 still hange so I don't think this is an IP conflict
I have saved the configurations and compared them and they are all identical, where possible.
They all have software version: 12.4(21a)JA1
They all have bootloader version: 12.4(23c)JA1
I have tried to download the latest software/firmware, but unfortunately I do not have a valid service contract in place with Cisco and therefore can't download the latest version. All of our CISCO hardware was purchased from Amazon resellers and they can't seem to help me with this. I have also tried to contact Cisco and they can't seem to help either. If anyone has a suggestion on how I can get a valid service contract that information would also be very helpful!!!
Does anyone have any ideas why 3 of our 4 access points would hang? When they hang, I can't login to the web interface and the logs seem to reset when I reset each access point. I have also set up an rsyslog server and I don't see a log entry that would indicate a problem.
Any ideas?
Thank you

Here is the config for one of the AP's that keeps hanging:
! Last configuration change at 09:18:05 -1000 Mon Jan 30 2012 by admin
! NVRAM config last updated at 09:18:05 -1000 Mon Jan 30 2012 by admin
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXX2
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone -1000 -10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
dot11 syslog
dot11 ssid XXX2
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 01234567890123456789012
username admin privilege 15 password 7 01234567890123456789012
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid XXX2
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.100.252 255.255.255.0
no ip route-cache
ip default-gateway 192.168.100.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community MyCommunity RO
bridge 1 route ip
line con 0
line vty 0 4
sntp server 192.43.244.18
sntp broadcast client
end

Cisco Aironet 1200 wireless network very slow

I have a simple wireless network set up, 2 - Cisco Aironet 1200 AIR-AP1220B-A-K9 wireless access points with 2 dBi Diversity Omni directional Ceiling Mount Antennas. They are the only devices connected to a Multitech Routfinder router, the WAN side the router is connected to a dedicated DSL connection. They are powered by AIR-PWRINJ3 power injectors. The WAP get the IP address from the DHCP in the router.
When connecting to the wireless network it runs very very slow, the signal strength is excellent and the connection speed is 54 mbps. But when opening a web browser it takes for ever to load a simple page like msn.com. If I connect the notebook directly to the router it runs very fast. We have tested with several notebooks and have the same problem. When I view the available wireless networks in range the only two that show up are the two Cisco 1200 WAP.
I have done the following with no improvement:
Change the channels from auto to 6 on one and 11 on the other.
Reset to factory defaults.
Update the firmware to c1200-k9w7-tar.123-7.JA2.tar
Replace the 802.11b radios with 802.11g radios AIR-MP21G-A-K9.
Disable the Aironet extensions.
Following is the configuration from one of the access points (before the firmware update):
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname MMA1
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
username xxxx privilege 15 password xxxx
username xxx privilege 15 password xxxx
ip subnet-zero
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid MMA1
authentication open
guest-mode
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.10.100 255.255.255.0
no ip route-cache
ip default-gateway 192.168.10.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip http authentication aaa
bridge 1 route ip
line con 0
line vty 5 15
End
Any suggestions would be greatly appreciated.
Best regards,
Randy

Thanks for the info.
The documentation say not to switch from auto to full duplex or half duplex when using inline power, well I think it says the AP may reboot. I may have tried half duplex before I upgraded the firmware.
While upgrading I disconnected the AP, used a patch cord to connect it to the router and pluged the power directly into it to make sure the wiring to the AP was not the problem and it did the same thing.
However, when trying to upgrade the firmware it took ~ 45 minuets to upload the image and filed a couple of times retrying. I connected the AP to the notebook directly with a crossover cable and it uploaded in about 45 seconds.
That got me to thinking that there may be a problem with the router so I have replaced it with a Linksys.
In the mean time the DSL went down yesterday so I have not been able to test the new setup.
The cables are T568B
W/O
O/W
W/G
B/W
W/B
G/W
W/B
B/W
Best regards,
Randy

Multiple Cisco Aironet 1131AG access points and same SSID?

We have multiple Cisco Aironet 1131AG devices, all wired on one Cisco L2 switch(2560) who is connected to L3 switch (3550). We assigned one VLAN for access point in L3 switch who acts as vtp server (L2 switch is vtp client). All ap's will have static ip address and all will have same SSID and no security and they will be using multiple channels (ex. 1,6,11). They will operate in 3 floor building for roaming wireless client. We won't using any wireless controller.
So my question is this: How to configure APs-all the same with different ip's, can we use L3 switch to create dhcp server for access points VLAN (pool for clients, and the rest for static ip for ap's)? Can one of the ap's be WDS and in the same time local radius server with users without Cisco Secure ACS or similar controller or I didn't understand this quite well :-). I followed guide http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32roamg.html for WDS where the part abou Cisco ACS is a problem, so I can use same ap as Local Authenticator as in guide http://www.cisco.com/en/US/docs/wireless/access_point/12.3_4_JA/configuration/guide/s34local.html#wp1035723.
Many thanks...

Well, just so you know, WDS and local RADIUS authentication is only needed if you're using authentication on your wireless connection. You say you're not planning to use security, so this isn't necessary. However, I'd highly recommend at least using a simple WPA2-PSK to lock down your connection, otherwise you might end up giving free Internet access at best, and at worst you might be giving access to company PCs and servers. If you want to further use an 802.1x or WPA authentication method, then yes, you can use an AP as a RADIUS server and WDS to improve authenticated roaming, but this is far more limited than using a Cisco ACS.
As for your other questions, yes, your APs can all be configured the same except for at least three parameters: IP address, channel, and hostname. Configure your static IP addresses on the AP's BVI1 interface. Don't place it on the Radio or Ethernet interfaces, because if either of these interfaces goes down you'll lose the ability to configure the AP, so it's best to use the BVI1 interface.
And yes, configuring a DHCP scope for your clients on your L3 switch is a good design, or you could also use your DHCP server on a different subnet by using the ip helper-address command on the L3 interface. I hope this helps! Let me know if you need help configuring any of this.
Merry Christmas!
Jeff

How to load a boot image to cisco aironet 1140 series after missing boot image

Hi all,
I need a solution for this. When i switch my cisco aironet 1140 , it s blinking with red light .and gives a message "no boot image to load".
When i tried next time, by pressing escape it shows this message that i have mentioned below.
ap:
ap:
using eeprom values
WRDTR,CLKTR: 0x83000800 0x40000000
RQDC ,RFDC : 0x80000035 0x00000208
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0x40000000
RQDC, RFDC : 0x80000035, 0x00000208
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialized
PCIEx: initialization done
flashfs[0]: 1 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 1536
flashfs[0]: Bytes available: 32383488
flashfs[0]: flashfs fsck took 16 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 28:94:0f:d6:c8:62
Ethernet speed is 100 Mb - FULL duplex
The system is unable to boot automatically because there
are no bootable files.
C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Compiled Tue 18-Oct-11 14:51 by prod_rel_team
ap:
So , now my question is how to load the boot image ? From where will we get this ? OR
I m also having another Cisco aironet 1140 , Can i get bootimage from that . Kindly let me know the solution from genius ?

Take a look at this link as it should have the info you need
https://supportforums.cisco.com/docs/DOC-14636
Sent from Cisco Technical Support iPhone App

Cisco Aironet 1300 QoS

Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
Using 1283 out of 32768 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LHS-WeightRoom-WCV
ip subnet-zero
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 ssid wcv
authentication open
guest-mode
dot11 ssid wcvcisco
authentication open
infrastructure-ssid optional
username root privilege 15 password 7 0247335A05320A2244
username Cisco privilege 15 password 7 074E164D403D1C061F
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid wcv
ssid wcvcisco
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
interface BVI1
ip address 10.141.8.6 255.255.254.0
no ip route-cache
ip default-gateway 10.141.8.5
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end

Here is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html

CISCO Aironet 700w

Can a CISCO Aironet 700w be set up as Antonius Access Point ? I was able to set up 700i OK no problem
Need to Set it up for WIFI site Survey Active to test coverage

The 700W series access point contains two simultaneous dual-band radios, the 2.4 GHz and 5 GHz 802.11n MIMO radios, in a controller-based mode.
Source: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/702W/quick/guide/ap702Wgetstart.html

Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP

I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.

I did configure the Server 2008 R2 RADIUS Server using this video below:
https://www.youtube.com/watch?v=g-0MM_tK-Tk
I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this.

802.1 aaa entries cisco aironet question

Similar Messages

Maybe you are looking for