Access point hearbeat timeout

Hi,
I am getting below error in our network which has access points 1524.
AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:b8:c9:c9:10:1c:40 Cause=Heartbeat Timeout Status:NA
as a result , the ap disassociates from the controller , then re-associates. However, it keeps going up & down in short spans.
what could be causing this problem.
Thanks in advance.

Hi,
Is the problem happening with all APs or some?
Does it happen with only MAPs? or it happens with RAPs as well?
How do you power the AP? power source or power injector?
Have you made a site survey to check spectrum around the AP is clear with no valuable noise or interference?
Thanks.
Amjad

Similar Messages

1041 Access Point -- Web Management Login Timeout

I've looked thru the various screens but I have not found anywhere to change the Timeout value on the login to Web Management of my 1041 Access Point. Is that definable?
It seems like if you pause for any amount of time, you have to login again before you can do anything. The time window is just annoyingly small and I want to bump it up to something else.
Thanks
Mark

You need to do it thru command line... I havent test it.. but AP accepts the command...
Use THIS COMMAND...
ip http timeout-policy idle seconds life seconds requests value
Example:
Router(config)# ip http timeout-policy idle 30 life 120 requests 100
(Optional) Sets the characteristics that determine how long a connection to the HTTP server should remain open. The characteristics are:
•idle—The maximum number of seconds the connection will be kept open if no data is received or response data cannot be sent out on the connection. Note that a new value may not take effect on any already existing connections. If the server is too busy or the limit on the life time or the number of requests is reached, the connection may be closed sooner. The default value is 180 seconds (3 minutes).
•life—The maximum number of seconds the connection will be kept open, from the time the connection is established. Note that the new value may not take effect on any already existing connections. If the server is too busy or the limit on the idle time or the number of requests is reached, it may close the connection sooner. Also, since the server will not close the connection while actively processing a request, the connection may remain open longer than the specified life time if processing is occurring when the life maximum is reached. In this case, the connection will be closed when processing finishes. The default value is 180 seconds (3 minutes). The maximum value is 86400 seconds (24 hours).
•requests—The maximum limit on the number of requests processed on a persistent connection before it is closed. Note that the new value may not take effect on already existing connections. If the server is too busy or the limit on the idle time or the life time is reached, the connection may be closed before the maximum number of requests are processed. The default value is 1. The maximum value is 86400.

Access-Point going up/down

Hello All
We got Issue with One Access Point [ model - AP1242AG ] - it goes up/down. Users connected on this Access Point get disconnected or time-out connecting to Server. The access-point was installed around 3-4 weeks back. We checked the cable connecting to the Access Point but didnt notice like disconnected or time-out.
[ Access Point was configured with these options ]
AP Name - JD1
status - Enabled
AP mode - Local
IP address - Static
No of Radio Interface - 2
802.11 b/g/n
802.11 a/n
which debug command will help to identify the issue or GUI option
thanks in advance
Cisco Kid

Hi All
I restarted the Access Point and will see what happens. Our Access Point and WLC are in the Same VLAN.
WLC is connected to Layer3 switch and the port is configured as Trunk port with additional command switchport trunk native vlan 12.
The access point ports configured are also configured as
switchport mode trunk
swichport trunk native vlan 12
Are these configuration correct for controller and Access Point.
The following is the show interface output where the AP is connected
sh interfaces fastEthernet 0/9
FastEthernet0/9 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0021.a1d2.ee09 (bia 0021.a1d2.ee09)
Description: **AP3**
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:40, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 518000 bits/sec, 130 packets/sec
     25673274 packets input, 5670744879 bytes, 0 no buffer
     Received 2413785 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 557119 multicast, 0 pause input
     0 input packets with dribble condition detected
     16665439077 packets output, 10663148678995 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Upgrading controllers and access points through NCS

I am currently trying to upgrade all of my controllers and access points to the newest version. I have downloaded the file and loaded it on the ftp server running on the Cisco NCS server. I tried to go to configure>controllers and Download Software(ftp) and go. I setup the schedule and it says failure. The details say %Error:Code file transfer failed - Connection Timeout. Sorry if this is a basic thing that I am missing. I have tried using an internal ftp server as well and it errors out also. Any help would be greatly appreciated.

It is setup with NCS Prime running 4 WiSM blades and 3 WiSM 2 blades in 6509 chassis. I am going in through NCS and doing configure controllers and download software(ftp) from the select a command dropdown. When I setup it up this way I have to select schedule unless I want it to automatically download and reboot the controllers, which I was trying to avoid so that I could do it during the day. It just keeps timing out on the download portion.

AIR-CAP1602E-N-K9 access point

hi,
can any one help me to configure AIR-CAP1602E-N-K9 as standalone acess point.
its a new one with default setting as per my knowledege its a controller based access point so pls help how to convert into standalone access point and which image is compatible with that.

Converting a Lightweight Access Point Back to Autonomous Mode
You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
Note In some LWAPP deployments, the LWAPP controller resides between the access points and the rest of the network. In this topology, all traffic must cross over the controller before communication with network resources, such as a TFTP server, can occur. When converting back to non-LWAPP IOS with an access point that is no longer using the LWAPP protocol, traffic does not cross over the controller to reach the TFTP server.
Note The lightweight 1300 series access points can only be converted back to autonomous mode using a wireless LAN controller.
Using a Wireless LAN Controller to Return to a Previous Release
Follow these steps to revert from LWAPP mode to autonomous mode using a wireless LAN controller:
Step 1 Log into the CLI on the controller to which the access point is associated.
Step 2 Enter this command:
config ap tftp-downgrade tftp-server-ip-address filename access-point-name
Using a TFTP Server to Return to a Previous Release
Note This section does not apply to Cisco C3201WMIC and Cisco C3201LAP.
Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Set the timeout value on the TFTP server to 30 seconds.
Step 4 On the PC where the TFTP server is located, perform these steps:
a. Disable any software firewall products, such as Windows firewall, ZoneAlarm firewall, McAffee firewall, or others.
b. Ensure all Windows files are visible. From Windows Explorer, click Tools > Folder Options > View; then uncheck the Hide extensions for known file types check box.
Step 5 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, c1240-k9w7-tar.default for a 1240 series access point, and c1250-k9w7-tar.default for a 1250 series access point.
Step 6 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 7 Disconnect power from the access point.
Step 8 Press and hold MODE while you reconnect power to the access point.
Step 9 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 10 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 11 After the access point reboots, reconfigure it using the GUI or the CLI.

Can't connect to Access Point that is connected to the Internet (Snow Leopard 10.6.8)

Hi all,
I am normally not someone who posts on support forums since most of the problems can be solved be searching through piles of other questions, but this things has really got me pulling out my hair and I hope that maybe someone can help me with this super weird problem.
So, a few weeks back, my Mac Mini (kind of old, guessing 2007) stopped connecting to Wireless networks. Since all other devices in home (iPhone, MacBook Pro and a PC) are connecting just fine I thought it had to do with my settings. All it says is: "connection timeout".
The Mac Mini connects just fine when I plug in an ethernet cable, but that's a no go since I don't want cables laying around our living room that much.
I tried a lot of things suggested my other people like removing settings, PRAM reset, moving the AP closer, router settings etc etc. Of no avail. Even tried to fix it by reinstalling Snow Leopard, but that didn't do it either.
Though when I turned my MBP into an Access Point it could connect to that network just fine. That made me wonder if it's my router, but once I plug in an ethernet cable into my MBP to share Internet access it won't connect! Tried the same with my router and indeed, it connects just fine once it has no Internet connection.
Tried searching for people that had the same problem, but I couldn't find them. Can anybody here help?
TLDR; Mac won't connect to Wireless network that has an internet connection, but does when it hasn't.
Thanks!

Try disconnecting the router from the internet (WAN port) and plugging a PC directly into one of the LAN ports. After resetting, ignore the smartwifi login, click the two checkboxes, and login manually/directly with the "admin" password and reconfigure.
If you don't want to do all that just yet, try accessing the router from the public IP address assigned by your ISP. That might work

Recovering Embeded access point 881-w password

Can anybody help, I simply need to recover an embeded access point password.
I have the passwords to the 881-w router, but passwords to the embeded access point I don't have.
can anybody run me through either the recovery process for it, or the password reset process for the embeded access point.

// Could you tell me what the configuration would look like for the access point... The router config is below. Only One VLAN, so we're just gonna need a single SSID.
hostname dmidev3
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$TWeA$xn4svL1JR.N93GTPU99gk0
enable password 7 022229720A122D036F1F
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no ip source-route
ip cef
no ip bootp server
ip domain name dmi.dev.local
ip name-server 192.168.9.1
ip name-server 192.168.9.3
ip name-server 192.168.10.46
no ipv6 cef
username admin privilege 15 secret 5 $1$I9/e$MqVbmafwrR5famypO23Pr.
username dmiadmin password 7 08056147080D2735315A
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.17.244 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip tcp adjust-mss 1452
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.17.254
ip route 192.168.9.41 255.255.255.255 192.168.12.254
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

Cannot determine MAC address of connected Access Point using Access Connections version 5

I recently installed the newst version of Access Connections (version 5) and discovered I am unable to determine the MAC address of the connected access point. The 'Graphical' screen shows the SSID, IP address of client etc - but does not show the MAC address of the access point. The 'Details' screen shows the MAC address of the access points - but the radial button on the left does not indicate the cfurrently associated access point.

Is it the switch where the node is directly connected ?
Is the NIC at node side, working fine ?
Another fact to consider is, a mac will wipe itself out after the MAC-age timeout.
Parvesh

Problems conecting to WPA security access point [solved]

I am trying to set up a wireless in my university (to the access point). I have IBM ThinkPad R61 notebook with Intel ipw4965 wireless card. I have installed ipw4965, iwlwifi, netcfg2, wpa_supplicant by pacman and I have succsesfully configured my home wireless with WPA security. Has anybody any suggestions what is wrong with my configuration?
University gives this information:
The example of .config:
CONFIG_IEEE8021X_EAPOL = y
CONFIG_EAP_MD5 = y
CONFIG_MSCHAPV2 = y
CONFIG_EAP_TLS = y
CONFIG_EAP_PEAP = y
The example of wpa_supplicant.conf:
network={
ssid="MIF"
eap=PEAP
key_mgmt=WPA-EAP
identity="my user name"
password="my password"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
My configuration:
My wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="MIF"
eap=PEAP
key_mgmt=WPA-EAP
identity="my username"
password="my password"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
My [mifwifi] (wireless profile in /etc/network.d/mifwifi):
DESCRIPTION="MIF wireless"
CONNECTION="wireless"
INTERFACE=wlan0
SCAN="yes"
SECURITY="wpa"
ESSID="MIF"
USEWPA="yes"
IP="dhcp"
TIMEOUT=20
WPAOPTS=""
When I try to run [netcfg2 mifwifi] to set up university wireless I get the error similar to this:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
Passprase must be between 8..63 characters
P.S. Sorry for my language mistakes, I just learning English.
Last edited by Edd (2008-02-07 07:56:10)

Hello,
If you want to use your wpa_supplicant.conf file, you should set SECURITY="wpa-config" in your netcfg2 profile, and add WPA_CONF=/path/to/wpa_supplicant.conf (in the same file). The passphrase error is probably caused by the fact that netcfg2 is not reading your wpa_supplicant conf file, and there is no password defined anywhere else.

Arch Linux wireless access point -- need some help

Hi everyone,
After yet another problem with my wireless gateway, I've decided to turn my old laptop into a router.
Setup:
1. Gateway
Cable internet -> 4 IP's over ethernet
2. Laptop ("router")
An old Compaq Presario laptop with RTL-8139/8139C/8139C+ ethernet and BCM4318 wireless card. It receives an IP from the gateway using dhcpcd.
Goal:
Turn laptop into a wireless router.
Accomplished so far:
1. Master mode on wireless card
Used hostapd:
-bluemoon-16:13-~$ grep -v "^#" /etc/hostapd/hostapd.conf | grep -v "^$"
interface=wlan0
bridge=br0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=bluemoon
hw_mode=g
channel=6
beacon_int=100
dtim_period=2
max_num_sta=6
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
wpa=2
wpa_passphrase=********
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
This puts wlan0 into a Master mode.
2. Of course, hostapd required bridge
-bluemoon-16:13-~$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0014a57528a6 no eth0
wlan0
Basically, I can associate with my newborn AP from another machine.
Problems:
DHCP.
More precisely, I can't configure dnsmasq to serve IPs. Everytime I run dhcpcd on an associated client machine, I get a timeout. Here is my dncmasq.conf:
interface=br0
no-hosts
expand-hosts
domain=cr1520.fs.pa.us
dhcp-range=192.168.2.100,192.168.2.200,12h
Miscelanneous configs:
-bluemoon-16:15-~$ cat /etc/hosts
# /etc/hosts: static lookup table for host names
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 bluemoon.localdomain localhost.localdomain localhost bluemoon
# End of file
-bluemoon-16:19-~$ cat /etc/resolv.conf
# Generated by dhcpcd from br0
# /etc/resolv.conf.head can replace this line
nameserver 192.168.1.1
nameserver 71.242.0.12
nameserver 127.0.0.1
search cr1520.fs.pa.us
# /etc/resolv.conf.tail can replace this line
-bluemoon-16:19-~$ cat /etc/hosts.{allow,deny}
# /etc/hosts.allow
exim:LOCAL
sshd:ALL EXCEPT 127.0.0.1
domain:ALL
# End of file
# /etc/hosts.deny
ALL: ALL
# End of file
I suspect that this something to do with my resolv.conf or /etc/hosts, by kinda lost...
TIA and Happy Christmas!

put your dhcp server and access point in the same subnet.

Idle Users on Autonomous Access Points

Is there a way to set an idle timeout value on Autonomous Access Points? I have been researching and I see it is possible to do this on a WLC using Lightweights but the only timeouts I can find regarding Autonomous are Session/Holdoff and Re-authentication timeouts.
I would like to set an idle timeout so that only inactive clients will be disassociated however if I set a Re-authentication timeout for say 15 minutes, then someone who is genuinely using the wireless network for that period of time or longer would have to re-authentication also - which is something I would like to avoid.
Thanks.

timeout settings in Autonomous AP
https://supportforums.cisco.com/discussion/12302606/how-configure-session-time-out-cisco-autonomous-ap

Aironet 1600 - A response was not received from the router or access point

Hi,
I'm trying to set up a wireless network with multiple SSID's. The new network only has CISCO products (router, switches). For the moment I'm trying to connect to 1 SSID (Windekind.Gast). the SSID is visible but when connecting devices have te folowing error message in the log:
Connection status summary
Connection started at: 2015-02-17 09:55:49-951
Profile match: Success
Pre-Association: Success
Association: Fail
Security and Authentication: Not started
Root cause:
Wireless association to "Windekind.Gast" failed
A response was not received from the router or access point.
Detailed root cause:
Wireless association to this network failed. Windows did not receive any response from the wireless router or accesspoint.
The signal is perfect (I'm only a few feet away from the AP).
To make sure there is no dhcp problem I tested the swich port in access mode for vlan 30 which supplied an IP correctly. I'm really not seeing the problem and searched the web for days now! Any help would be very much appreciated!
Below the config of the access point (done via de web interface).
! Last configuration change at 05:30:28 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
vlan 50
band-select
authentication open
mobility network-id 50
dot11 ssid Windekind.Gast
vlan 30
band-select
authentication open
authentication key-management wpa version 2
mbssid guest-mode
mobility network-id 30
wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
vlan 40
band-select
mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2452
no preamble-short
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end

Hi Rasika
thanks for the reply! 10.0.0.81 belongs to vlan 1. I changed the config as suggested but no luck.. (same problems are logged in the event viewer). the ap is connected to a switchport in trunk mode and vlan 1 is the native lan (untagged). the port also is joined to vlan 30 (and others).
Below the new config. Hope you can see an error..
! Last configuration change at 22:56:10 UTC Thu Apr 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Default vlan 1
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
   vlan 50
   band-select
   authentication open
   mobility network-id 50
dot11 ssid Windekind.Gast
   vlan 30
   band-select
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   mobility network-id 30
   wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
   vlan 40
   band-select
   mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
no preamble-short
channel 2452
station-role root
payload-encapsulation dot1h
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end
t

Cisco 1142 Wireless access point intermittently will not authenticate

Hi all,
We have a Cisco 1142 standalone access point, and from time to time I will come into the office and it will not authenticate any users to either our guest or corporate networks. I then have to go in and reboot the access point. After that, it begins to work. Any advice? Here's my configuration below:
Current configuration : 6450 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname cisco-chiap01
logging monitor errors
enable secret 5 $1$fsD8$CU42/3/Up5AAlL4hQWvvg0
aaa new-model
aaa group server radius rad_eap
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_eap2
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
login on-failure log
login on-success log
dot11 syslog
dot11 vlan-name Admin vlan 100
dot11 vlan-name DevNetwork vlan 20
dot11 vlan-name Guest vlan 150
dot11 vlan-name Network vlan 16
dot11 ssid DevNetwork
vlan 20
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
dot11 ssid Guest
vlan 150
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 7 142407060101380B013A3A2670435642
information-element ssidl advertisement
dot11 ssid Network
vlan 16
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
username monkeyman privilege 15 secret 5 $1$ZZ7C$rqimu2FNONdfeacMNGAD/.
bridge irb
interface Dot11Radio0
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
parent timeout 120
speed 5.5 11.0 basic-6.0 9.0 12.0 36.0 48.0 54.0
packet retries 128 drop-packet
channel 2462
station-role root
rts threshold 512
rts retries 128
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface Dot11Radio1
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
traffic-metrics aggregate-report
dfs band 3 block
mbssid
parent timeout 120
speed 6.0 12.0 basic-24.0 36.0 48.0 54.0
channel width 40-above
channel dfs
station-role root access-point
interface Dot11Radio1.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio1.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.11
encapsulation dot1Q 11
no ip route-cache
interface GigabitEthernet0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface GigabitEthernet0.100
encapsulation dot1Q 100
ip address 192.168.100.3 255.255.255.0
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
interface GigabitEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
no bridge-group 150 source-learning
bridge-group 150 spanning-disabled
interface BVI1
ip address 172.17.16.251 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface GigabitEthernet0
access-list 1 permit 172.17.16.1
access-list 1 remark Admin network access
access-list 1 permit 192.168.100.0 0.0.0.255
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.17.21.10 auth-port 1812 acct-port 1813 key 7 047958071C3561410D4A44
radius-server host 172.17.16.12 auth-port 1645 acct-port 1646 key 7 08045E471A48574446
radius-server host 172.17.21.10 auth-port 1645 acct-port 1646 key 7 1320051B185D56797F
radius-server timeout 15
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
access-class 1 in
end

When the issue occurs does that affect both 2.4GHz & 5GHz devices ? I would see which band operating devices affected.
I noticed you have set CH11 under Radio 0 statically. I would prefer to configure it as below so AP can change the channel depend on the environment.
int d0
channel least-congested
HTH
Rasika
**** Pls rate all useful responses ****

Iptables redirect to access point

I'm trying to accomplish http://unix.stackexchange.com/questions … point-mode, except with a laptop running Arch Linux instead of a Raspberry Pi. I can't get it to work, no matter what I try. Here's what I've done.
The laptop is running Apache, and it is configured to be 192.168.1.1:
# ip link set up dev wlp2s0
# ip addr add 192.168.1.1/16 dev wlp2s0
dhcpd serves out IP addresses to devices that connect to the laptop:
/etc/dhcpd.conf:
option domain-name-servers 8.8.8.8, 8.8.4.4;
option subnet-mask 255.255.0.0;
option routers 192.168.1.1;
subnet 192.168.0.0 netmask 255.255.0.0 {
range 192.168.1.100 192.168.1.255;
hostapd serves as an access point:
# pacman -S hostapd
# vi /etc/hostapd/hostapd.conf
ssid=MySSID
interface=wlp2s0
driver=nl80211
channel=1
I'm able to connect to the laptop and load a web page from it using the IP address 192.168.1.1.
Now I start iptables on the laptop using systemctl with empty rules. Then I load on the laptop
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:80
Now connecting to the laptop and loading 192.168.1.2, or any domain name, causes the browser to timeout; it doesn't forward to 192.168.1.1 as I want it to. Loading 192..168.1.1 directly still works.
I've also tried all the following kernel parameters, but it still doesn't work:
# sysctl net.ipv4.conf.all.forwarding=1
# sysctl -w net.ipv4.conf.all.route_localnet=1
# sysctl net.ipv4.ip_forward=1
Any ideas?

fish-hp14 wrote:
I always thought you need something like:
iptables -t nat -A POSTROUTING -j MASQUERADE
What does your routing table look like?
Thanks for the tip. I tried adding the command, but it still doesn't work. I only have two PREROUTING commands I had previously mentioned, plus your POSTROUTING. Here's my routing table:
# iptables -nvL
Chain INPUT (policy ACCEPT 3342 packets, 4133K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2482 packets, 287K bytes)
pkts bytes target prot opt in out source destination
# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 3 packets, 694 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.1.1:80
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.1.1:80
Chain INPUT (policy ACCEPT 3 packets, 694 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 223 packets, 14004 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
223 14004 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0

Unable to stop the event logs on access point console

Hi team,
I have an AIR-LAP1131AG-E-K9 access point having ios c1130-k9w8-mx.124-21a.JHB1.
When I am trying to take the console of it there are many logs generated like LWAPP ...Go join the controller, Discover controller etc. and the ap is unable to register to the controller(2112 with ios version 6.0.199.4). I'm trying to enter the command but there are many event msg generated....How do i stop this event log. I tried entering the command no debug all. but still there are many logs...
I want to enter the the following commands
#lwapp ap ip address <ip addr>.
#lwapp a pip default-gateway <gateway ip addr>
#lwapp ap controller ip addr <controller ip>
#wr me
Revert me back on urgent basis
Thanks in advance..

Thanks Rashika,
Now the access point got registered to the controller..This happened becuse of country Code..
I have changed the country code to UK, Belgium it started working fine.
Initially when it was IN the access point was not getting register..
But now the problem which arised is that the user is unable to get authenticated to the radius server.
Radius server is reachable and we have done every changes required for radius server authentication.
Users are getting rejected.
Customer is saying that the radius server is in IN domain and the WLC/access point is in UK,BE and hence the users are unable to connect..
Is it so??
Rply
Thanks in advance...

Access point hearbeat timeout

Similar Messages

Maybe you are looking for