Access Point Specific Configurations

Hi All,
just a question of a thumb...
If i had a 2 Controller Scenario with some AP Specific Configurations, for example AP Groups VLAN, and one Controller fails, the APs move to the other Controller. What about the specific config? Assume that the Controller Config (dyn Interfaces lets say) is correct.
Any Hint Welcome
BR, Michael

If you keep specific configurations same on both controllers, in this example, if the backup controller has the same AP-Group, SSID configurations and same dynamic interface names with primary controller, when the AP join the backup controller, the AP will be put into the same AP-group and everything stays same for the AP. You don't have to configure APs on difference controllers. You only need to specify primary, backup controller and AP-Group for the AP from WCS.

Similar Messages

  • Cisco 1242AG Access Point proper configuration

    Hello everyone,
    Here is the situation:
    Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
    For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
    Next, I made the followings configurations in the autonomous AP through WEB Console:
    Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
    VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
    I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
    Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
    In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
    Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
    I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
    As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
    IPs:192.168.55.10 and 192.168.55.11
    SNET:255.255.255.0
    GWY:192.168.55.1
    Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
    The problem:
    Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP,  VLAN20 IP, neither each other.
    What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
    Thank you in advance for any help

    Hello Madhuri,
    below is the latest run config output from the access point
    Building configuration...
    Current configuration : 3743 bytes
    ! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
    ! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname RCT_THP_AP1
    enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
    aaa new-model
    aaa group server radius rad_eap
    server 192.20.10.35 auth-port 1645 acct-port 1646
    aaa group server radius rad_mac
    server 192.20.10.35 auth-port 1645 acct-port 1646
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    clock timezone +0200 2
    ip name-server 192.20.11.2
    dot11 ssid RCTHP
       vlan 20
       authentication open mac-address mac_methods eap eap_methods
       authentication key-management wpa
    power inline negotiation prestandard source
    username Cisco password 7 00271A150754
    username 00236867a192 password 7 101E594B56414A5D5B057B7276
    username 00236867a192 autocommand exit
    username 00236867a19b password 7 091C1E5B4A534F445C0D557329
    username 00236867a19b autocommand exit
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 20 mode ciphers aes-ccm
    ssid RCTHP
    channel 2462
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 subscriber-loop-control
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    bridge-group 20 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    no dfs band block
    channel dfs
    station-role root
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface FastEthernet0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface BVI1
    ip address 192.20.10.35 255.255.254.0
    no ip route-cache
    ip default-gateway 192.20.10.200
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    snmp-server view dot11view ieee802dot11 included
    snmp-server community public view dot11view RO
    snmp-server contact IS
    radius-server local
      no authentication eapfast
      nas 192.20.10.35 key 7 03130807055F2C1F
      user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
      user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
    radius-server vsa send accounting
    bridge 1 route ip
    line con 0
    line vty 0 4
    sntp server 192.20.10.2
    sntp broadcast client
    end
    Regards
    Vasilis

  • Access Point Switchport configuration for OOB NAC

    Hello.
    Here we have to implement Out of Band with WLC and NAC, I have already checked this guide:
    http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a138cc.shtml
    But I have a little doubt. On the document showed above does not specific which vlan should be configured on switch's access port facing access points. Should I configure this with trusted or untrusted VLAN? I know all traffic from wireless clients go to WLC through a CAPWAP tunnel, but I am not really sure on the Out of Band deployment which access vlan should be for access points.
    Greettings.

    Just to add again to another one of Steve's post:)  You don't want to put the AP traffic through NAC, but only the traffic for the wireless clients which egress out of the WLC.  So if your wireless clients are being placed in VLAN30 (just an example), you can have an untrusted layer 2 vlan VLAN29 which hit the NAC untrusted and if remediation id good, then placed in VLAN30.  Makes sense?
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Access Point Bridge Configuration

    I have two 1262N access points with 5Ghz antennas, and I have configured one of them as a root bridge and the other as a non-root bridge; both using the same ssid.  I have enble both dott11Radio interfaces on each access point.  The problem I am having is that they do not associate.  I have not configured them for any encryption or security.  I just want to make sure the connect before I add any other configuration.  Is there anything else that I need to configure to make them associate.

    Wrong forum, post in "wireless". You can move your post using the actions panel on the right.

  • HWIC-AP-AG-A, Access Point HWIC Configuration

    Hi All,
    I have a Hwic-AP-AG-A  in my 2811 Router. However I don't know how to configure this particular Model.
    Can anyone assist ?
    Cheers
    WIC Slot 1:
            Dual Band 802.11 A+B/G Radio Access Point HWIC
            PCB Serial Number        : FOC09363ZMA
            Hardware Revision        : 1.0
            Part Number              : 73-9388-03
            Board Revision           : A0
            Top Assy. Part Number    : 800-25210-01
            Deviation Number         : 0
            Fab Version              : 03
            CLEI Code                : IPUIANDRAA
            RMA Test History         : 00
            RMA Number               : 0-0-0-0
            RMA History              : 00
            Product (FRU) Number     : HWIC-AP-AG-A

    Go to:  https://supportforums.cisco.com/thread/2028286

  • Cisco 1242AG Access Point backup configuration

    Hi everyone,
    Is there any way to export the running or startup configuration of the Access Point but in a way that I'll be able to reload it in case something goes baddly wrong?
    Thx
    VP

    If you want to manually send a copy of your startup or running config to your TFTP server you can use the command (base on IOS version):
    sh start | redirect tftp:///filename.extension
    Note:  The first time you've downloaded the file to your TFTP server, do not use Notepad to open it (because Notepad can't understand UNIX carriage return).  Open the file using WordPad and save it.  The next time you can use Notepad.

  • Access point specifications

     Cisco Aironet - AIR-SAP2602I-E-K9  specifications and its capabilities. 
    -          It supports Fat protocols and works in standalone since we do not have the controller, and it is not LWP. 
    -          What is the required electrical power and cable length supported in the absence of PoE
    -          What is maximum length of uplink cable supported on it
    -          Number of antennas (4 ??) and the wireless driving distance for the end user reachability. 
    -          Number of RF channels supported without interfering the existing Motorola Wi-Fi setup on the sites

    It supports Fat protocols and works in standalone since we do not have the controller, and it is not LWP.
    There is no such thing as a "Fat protocol".  It's either autonomous-based IOS or controller-based IOS.  
    What is the required electrical power and cable length supported in the absence of PoE
    15.4w
    What is maximum length of uplink cable supported on it
    100 metres at 1 Gbps or 150 metres at 10 Mbps.  PoE will only support up to 100 metres.
    Number of antennas (4 ??) and the wireless driving distance for the end user reachability.
    2602E requires FOUR (4) dual band antennas.  Distance will depend in so many factors.  Since you've got an optional antenna mount, then the factors simply quadruple.  
    Number of RF channels supported without interfering the existing Motorola Wi-Fi setup
    on the sites
    Depends on a number of factors.  With little information provided, I can't provide you with any concrete answers.   Because the AP will be autonomous-based, then you don't enjoy CleanAir feature.  

  • How can i change regulatory domain C to A of access point

    Recently my office got an access point - (AIR-CAP2602E-C-K9)  which is not synchronizing with controller (AIR-CT2504-5-K9 )as it is in domain A , all other AP also in domain A. Now can i change the domain of access point or what is the possible solution to add new AP with controller ? is it possible to run both domain (A, C)  at the same time with one controller ?   

    Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain
    The Japanese government has changed its 5-GHz radio spectrum regulations. These regulations allow a field upgrade of 802.11a 5-GHz radios. Japan allows three frequency sets:
    •J52 = 34 (5170 MHz), 38 (5190 MHz), 42 (5210 MHz), 46 (5230 MHz)
    •W52 = 36 (5180 MHz), 40 (5200 MHz), 44 (5220 MHz), 48 (5240 MHz)
    •W53 = 52 (5260 MHz), 56 (5280 MHz), 60 (5300 MHz), 64 (5320 MHz)
    Cisco has organized these frequency sets into the following regulatory domains:
    •-J regulatory domain = J52
    •-P regulatory domain = W52 + W53
    •-U regulatory domain = W52
    Regulatory domains are used by Cisco to organize the legal frequencies of the world into logical groups. For example, most of the European countries are included in the -E regulatory domain. Cisco access points are configured for a specific regulatory domain at the factory and, with the exception of this migration process, never change. The regulatory domain is assigned per radio, so an access point's 802.11a and 802.11b/g radios may be assigned to different domains.
    For more information please refer to the link-
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/321930RN.html#wp111182

  • Access-Point going up/down

    Hello All
    We got Issue with One Access Point [ model - AP1242AG ] - it goes up/down.  Users connected on this Access Point get disconnected or time-out connecting to Server. The access-point was installed around 3-4 weeks back. We checked the cable connecting to the Access Point but didnt notice like disconnected or time-out.
    [ Access Point was configured with these options ]
    AP Name -  JD1
    status - Enabled
    AP mode - Local
    IP address - Static
    No of Radio Interface - 2
    802.11 b/g/n
    802.11 a/n
    which debug command will help to identify the issue or GUI option
    thanks in advance
    Cisco Kid

    Hi All
    I restarted the Access Point and will see what happens. Our Access Point and WLC are in the Same VLAN.
    WLC is connected to Layer3 switch and the port is configured as Trunk port with additional command switchport trunk native vlan 12.
    The access point ports configured are also configured as
    switchport mode trunk
    swichport trunk native vlan 12
    Are these configuration correct for controller and Access Point.
    The following is the show interface output where the AP is connected
    sh interfaces fastEthernet 0/9
    FastEthernet0/9 is up, line protocol is up (connected)
      Hardware is Fast Ethernet, address is 0021.a1d2.ee09 (bia 0021.a1d2.ee09)
      Description: **AP3**
      MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 100Mb/s, media type is 10/100BaseTX
      input flow-control is off, output flow-control is unsupported
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:40, output 00:00:00, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 518000 bits/sec, 130 packets/sec
         25673274 packets input, 5670744879 bytes, 0 no buffer
         Received 2413785 broadcasts (0 multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog, 557119 multicast, 0 pause input
         0 input packets with dribble condition detected
         16665439077 packets output, 10663148678995 bytes, 0 underruns
         0 output errors, 0 collisions, 1 interface resets
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier, 0 PAUSE output
         0 output buffer failures, 0 output buffers swapped out

  • Nokia N8 Protected Access Point Removal

    I recently purchased a second hand n8. The phone itself works perfectly but it is from vodafone and i'm on an orange  contract. The phone still has all the vodafone access point etc stored in it and I cannot seem to delete them as i am told they are protected. I have added my orange access points and can use them without a problem but the phone seems to still attempt to connect to the vodafone AP's first even though i have made the orange ones a higher priority
    Is there any way to get rid of these? Really sick of the "Connection Failed" pop up every time I do something that needs a connection.
    Thanks,
    Stuart

    Hi,
    If Orange access point is fixed as top Access Point, move  Vodafone by going to setting > connectivity >settings> destinations > internet > press and hold the vodafone access point >  select move to other destination and choose any destination that apears e.g. (intranet). 
    You should also check if Orange Access Point is configured in some applications like positioning settings in Maps. Change this by going to settings > application settings > positioning > positioning server > server settings > define server as supl.nokia.com by going to options > new server. If you press supl.nokia.com it will show you the first priority access point. 

  • Repeater Access Point 1240 works like WGB client

    Hello, i have a problem. In my Network i have 5 Access Point. 4 Aironet 350 and 1 Aironet 1242. IOS for aironet 350 is12.2(13)JA1, E .
    Ios for Aironet 1242 is 12.4(10b)JDA3.
    Then .. I have an Access Point 350 configured as Access Point/root while all the other Access Point are configured as Repeater/non root.
    My problem is that the Cisco Aironet 1242 is the last Access point in the chain, but not work fine.
    all the Wifi client connected to Aironet 1242 not access to wired LAN.
    I not ping all the Wifi client connected to Aironet 1242.
    p.s.
    My Aironet 1242 is seen in the association table of the its parent Access point like WGB_CLIENT.
    any suggestion

    Hi,
    here is the link which mat help you!!
    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_example09186a00805b9b87.shtml
    Regards
    Surendra

  • LAP Access Point - trunk or switchport ?

    Hi Folks.
    I always thought that an access point (unless configured not to) would tunnel back to the controller, so would be connected to a switchport in the same VLAN as the management interface. However, if you apply smartport, it configures the port as a trunk port.
    Which is the correct way to go ?
    Many thanks,
    NM

    Hi, Surendra.
    Thanks for the reply, however it doesn't really answer the question. I can set the port to be a trunk port and the access point will get an IP address if there is DHCP on the default VLAN and it will be fine if the access point management port is also on the same VLAN.
    Or I can set it to be a switch port in the native VLAN 1, where the curreent management ports are and there is DHCP.
    The question is, "If best practice tells us to use a switchport for access points, why does the smartport role make the switch port a trunk port ?"
    That's what I want to know, there must be a reason for it.
    NM

  • WRT54Gv7 and 2 Netgear Access Points WG602

    Hi,
    is it possible with a WLAN Broadband Router Linksys WRT54Gv7 and with 2 Netgear Access Points WG602 configure a Multi Point Bridging?
    is it right that the WRT54G version 7 can not be upgraded to a own Firmware?
    does the WRT54G version 7 supporting WDS?
    thank you very much.

    the router can only be configured as an access point..it cannot be configured in repeater or bridge mode...
    also , i don't think that it can be upgraded to a third party firmware ..

  • Connection between lightweight access point and switch?

    Hello everybody,
    I am a bit confused about cisco 1000 series access point connection. On wireless lan controller and lightweight access point basic configuration example document id 69719 (http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080665cdf.shtml), I understood the access point has two vlans associated with (vlan 3 and 4). Am I correct?
    Why is connection between access point and catalyst port just access port rather 802.1q trunk? How vlan traffic can traverse from the access point to controller?
    Please advice.
    Many thanks,
    Nitass

    Nitass,
    The AP itself does not need to be a trunked port, but the uplink to the controller does. When using a Lightweight enviroment, all the traffic passes thru an encrypted LWAPP tunnel from the AP to the controller, and then gets sent out the correct VLAN interface on the controller.

  • Is there any way I can control which specific access point I connect (and stay connected) to from amongst a set of access points with the same SSID?

    I'm working from a boat in a harbor in which the ISP has deployed numerous access points around the periphery.  All the access points share the same SSID and each is configured to use either channel 1, 6 or 11.   From my location, there are over a dozen of these access points "visible" (based on the the output of WiFi Scanner) with a range of RSSI and S/N values that vary over time.
    The ISP has told me that the quality of my connection should be "perfectly fine" for any access point with an RSSI value better than -75, but I know from experience that my connection quality is miserable (i.e. < 50Kbps download) for almost all of these, including those with RSSI values better than -75.  There is at least one exception, however, which gives me on the order of 2Mbps download, which is "great" in this context.
    I've tried using a more powerful USB antenna plugged into my MacBook Air (mid 2011), but as far as I can tell, it really doesn't make much difference.  Neither does my location within the boat.   The overriding factor seems to be which access point I happen to connect up to.
    I should point out that the closest access points are about 75 yards away, with many of them being several hundred yards away or more.  I'm guessing that even though the signal strength of some of the distant access points is causing them to get "chosen" some times, the results are unacceptable due to the distance.
    I'm hoping that I can determine, through experimentation, which access point(s) provide(s) acceptable performance and then configure my Mac to limit my connection to those points through whatever mechanism I need to use (e.g. channel, MAC id, etc.).

    Establishing a wireless connection with a client computer is left to the access point for various reasons. One reason that your Mac may not connect to the strongest access point is that it may have reached a limit of the number of clients it can serve, leaving it unable to accept a connection with another. The limit may not be very large.
    Suppose that happens, and your Mac establishes a connection with a more distant access point having a weaker signal. Then, suppose a client drops off the network. Doesn't this mean your Mac will switch to the stronger access point? Not necessarily. The throughput delivered to and from your Mac would have to drop below a threshold specified in the AP for it to drop the client, leaving your Mac free to connect with another one. The reason for this is to prevent rapid switching from one AP to another in an area in which two signals are of approximately equal quality. If that were to occur the frequent and repetitive handshaking between the two devices would slow throughput to zero.
    In an environment in which several access points are broadcasting the same SSID, Apple provides no insight as to how it determines which access point to choose. This is the reason I suspect this "choice" is a function of the router, or access point. The connection originates with it, not the Mac.
    Now, what would solve your dilemma would be to determine a way to control the access point with which your Mac connects, by specifying the access point's unique MAC address for example. In this happy circumstance, you could maintain an editable "whitelist" or "blacklist" of the harbor's access points and be able to choose which among them you prefer.
    I do not believe OS X maintains such a record of MAC addresses though, only those of the routers it uses. If I am correct about that, such a solution is unlikely to exist. Don't let that discourage you from searching for one though... I would concentrate on something like "selecting access point by specific MAC address".
    I did find this patent application though:
    Roaming Network Stations Using A Mac Address Identifier To Select New Access Point
    Perhaps it's a start

Maybe you are looking for

  • No service for system SAPABI, client 800 in Integration Directory

    Hi, We are getting the error in BI "No service for system SAPABI, client 800 in Integration Directory", when we extract the data from R/3 (ECC6) into BI System. It was working fine earlier, till XI-BI integration was done. But, After XI integration i

  • Vendor List for PO

    Hi Experts, when i am doing PO with xyz material. i am trying to search vendor. through radio button Vendors : By material .  so i go list of vendors but  vendor number and info record and plant. how can i get vendor number and NAME in that Hit list.

  • Performance Analyzing using SE30

    Moved to correct forum by moderator.  Please take care in future. HI... can you people help me with this.Suppose i am analyzing one program in SE30.In that particular program i have PERFORM.The same PERFORM is used in three different places of the pr

  • Flash Player 8 doesn' install

    Anyone knows how to install Flash Player 8 on a B&W G3/400 1 GB RAM? I'm running OSX 10.3.9 and Safari 1.3.1 It says there's an error and that there's no enough privileges access to install it. I'm the Admin so I don't get it. Iv'e tried all the sugg

  • How do I set up my security questions?

    My son is needing to set up his security questions, how do I do it?