Aironet 1240AG WPA2 Disassociation

Similar Messages

• Aironet 1240AG error - "Previous authentication no longer valid" Help!

  Greetings!
  I am an IT professional that is installing my first extended range wireless AP in my companies warehouse. I am very excited!
  Now I have set up many a linksys and repeater wireless networks, so when I was looking into the Aironet 1240AG I thought ?No Problem!?
  And at first, it is not!
  I have the AP and antenna set up here in my office before I take it out and mount it in the warehouse. And I can get connected to it, no security for now, no filters, I just want to connect and make it work.
  I stay connected for maybe 3 minutes, I can get to the internet, I can ping all my servers. Full connectivity. But then for no reason the connection fails and I cannot reconnect.
  The error I get in the log is
  Interface Dot11Radio0, Deauthenticating Station 0006.2510.bbe3 Reason: Previous authentication no longer valid
  So strange! So I have reset the AP to factory defaults and then set the SSID, and I can connect, again for a second, then nothing.
  I have tried with multiple wireless cards, even laptops. Thinking maybe the problem was on the computer side.
  But now I believe I must have some setting wrong.
  Could someone please shed some light on this situation for me! I searched the forums but could not find this error message in this context.
  Thanks!
  Nate York

  Interesting...I am experiencing the same problem, but when adding another laptop to the existing 5 Aironet 1100's. The existing laptops work fine, but when trying to add another node, I see the problem. I get the following error message in the error log as well as the activity screen;
  Interface Dot11Radio0, Deauthenticating Station 0002.2d34.a0fe Reason:
  Previous authentication no longer valid
  Unit - 6 units
  Cisco Aironet 1100 version 12.3.(07)JA
  The error takes place with no other units online, or when other units are in use. Also the laptop in question "shows" connected to the AP (yes I have tried other APs all with negative results). The settings on the laptops are all the same, so i am at a loss.
  Any suggestions greatly appreciated,
  Ralph

• The Aironet 1240AG Autonomous Web Interface authentication

  Hi,
  I would like to know if the Aironet 1240AG Autonomous, is capable to do Web Interface authentication (like a public hotspot, so no security on Wifi, but you will only get access to the network/internet when one has opened a Internet Browser and got an Username password challange from the Access Point )
  I'm planning to use this methode to make a guest access wifi connection to Internet available.
  Had this first with a propper WPA key, but lot's of guests had many dificulties to connect this way.
  So now I'm want to try it on a way most users are used to due to the Web interface authentication they know from public hotspots (hotels etc. )

  The only way I found to do this with autonomus is with third party software, that has the function known as "captive portal". You could try the sofware based on freebsd named monowall (its a firewall) with the captive portal feature.

• Aironet 1240AG - cant use the web interface

  I am trying to configure a new Aironet 1240AG. After it picked an ip address from the DHCP in my lan, I still can't log in using the web interface. I am using an Internet Explorer 6.0 on Win 2000. It keeps telling me cannot find server. please i need assistance

  Hi Obinna,
  Sorry about the link :( The problem here is the fact that 12.3.(11)JX is a Lightweight image. Have a look;
  Warning: All Cisco Aironet Access Points receiving Cisco IOS Software Release 12.3(11)JX will only function in conjunction with a Cisco Wireless LAN Controller. They will no longer be able to function as Cisco Aironet Autonomous Access Points.
  This product bulletin describes the content and delivery information for Cisco IOS Software Release 12.3(11)JX. This is a Cisco Lightweight Access Point Protocol (LWAPP) upgrade and recovery support software image supporting Cisco Aironet 1100, Aironet 1130, Aironet 1200, Aironet 1230 AG, Aironet 1240 AG, and Aironet 1300 Series Access Points.
  http://www.cisco.com/en/US/products/ps5861/prod_bulletin0900aecd804b1a72.html
  You can use this method to convert the AP back to Autonomous Mode (and access via Web);
  Reverting the Access Point Back to Autonomous Mode
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
  Using a TFTP Server to Return to a Previous Release
  Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
  Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
  Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
  Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
  Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
  Step 5 Disconnect power from the access point.
  Step 6 Press and hold MODE while you reconnect power to the access point.
  Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
  Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
  Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  Hope this helps!
  Rob

• Cisco Aironet 1130AG WPA2 Configuration

  Hi everyone,
  First of all, let me introduice myself. I just graduated as an IT-engineer and started working in a company who gives support to their users, but also does installations. One day a week I am permanent located with 1 customer. I give support to users, but also implement new systems. I really love networking, but it's really not my strongest point. Especcialy when it comes to CLI. So I was hoping you could help me.
  With this customer they have 4 floors with on each floor a Cisco Aironet 1130AG. At the moment they are using WEP as a protection with a really long key. The users find this annoying, but I am more concerned about the security perspective. So I want to implement WPA2 with a shorter key for the people to remember. On one floor, I also want to add a public network when other people want to connect and just need internet access.
  Is it possible you guys could help me change the current set-up and give advices regarding the security and implementation. For me I would be great if all of the Access Points could work togheter and just be 1 wireless network. I don't know if this is possible and how to do it? For the public network I know there also need to be some changes in VLAN's, so I would appreciate the help there for setting up trunks. The firewall is a cisco ASA5505.
  At the moment I am running this configuration:
  I tried setting up this with the GUI, but it doesn't look like the configuration at the moment is shown in the GUI or maybe I am just looking in the wrong places.
  Thanks again for helping me configure this!! Much appreciated!
  !version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO-AP-V0!enable secret 5 $1$vhoF$wv3N1r1sMiiuhGgQTpx5b0!no aaa new-model!!!dot11 ssid private-v0   authentication open    guest-mode!power inline negotiation prestandard source!!username Cisco password 7 14341B180F0B!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 FD0B4EB47C9301A55E6A685157C8 transmit-key encryption mode wep mandatory ! ssid private-v0 ! speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 packet retries 128 drop-packet station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption key 1 size 128bit 7 4A476E1E760D683C46307A755A29 transmit-key encryption mode wep mandatory ! ssid private-v0 ! no dfs band block speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.2.220 255.255.255.0 no ip route-cache!ip default-gateway 192.168.2.1ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagbridge 1 route ip!!!line con 0line vty 0 4 login local!end

  Look at those:
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008055c39a.shtml
  HTH
  Amjad

• 1240AG WPA2 and PSK for non radius clients

  does this device support this options?
  We want to move to WPA2 enterprise and use our radius server (windows IAS), but we want to hand out a key to non domain computers. We have production machines that arent on the domain for various reasons.
  2nd question, does the AP allow for creating a 2nd "Guest" wireless for visitors?
  thanks!

  Hi Shayne,
  The Cisco 1240 supports WPA2/AES.Yes, the can provide different security policys via different SSIDs. For example:
  SSID#1 - Corporate - WPA2/AES 802.1X
  SSID#2 - CorporatePSK - WPA2/AES PSK
  SSID#3 - Guest
  There is a good deal of configuration to make this happen. But yes this is supported..
  Here is a link how to configure SSIDs on a autonomous access points
  http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37ssid.html
  Please be so kind to rate helpful post!

• Aironet 1240AG AP

  I have a 1240AG that shows a red light at the Ethernet and Radio indicator on bottome of unit. Can not connect to it thru the web and ip address. Any ideas on what to do?

  That likely means that it has an IOS error. You'll need to console in and see if it's in ROMMON. If it is, perform the following to fix it:
  Configure a TFTP server/PC to use the address 10.0.0.2
  Place a 1240 autonomous image in the TFTP root directory
  Rename the file "c1240-k9w7-tar.default"
  Connect the PC to the AP using a crossover cable (a normal should also work)
  Turn the AP off, then power it back on while holding the MODE button
  Release the button once the AP LEDs turn red
  That should load the IOS image back on for you.
  Jeff

• Enable webinterface on a Cisco Aironet 1240AG

  We installed some time ago a wireless bridge between 2 buildings and disabled the webinterface. does someone know how i can re-enable it from within an SSL connection?
  Thx

  To re-enable the web-browser interface, enter this global configuration command on the access point CLI: ap(config)# ip http server

• Exluding channel 13 in Aironet 1240AG

  Hi guy
  I have a problem with all the device using Atheros AR5006X network wireless card.
  The wireless cards don't work with channel 13 in 802.11G Mode. 
  We are in Italy and Access Point, use channel from 1 to 13 in 802.11G Mode.
  The access point radio interface setting is in "Least congested frequency" and
  I don't wont to force to work to a defined channel because we have a large number of access point.
  Are there a way to exlude channel 13 from "Least congested frequency" list ?
  Unfortunatly the wireless card don't have regional settings.
  Thanks Davide

  When you are on the page for the 2.4GHz radio where you select the channel you can hold the control key I believe it is and select individual channels. 
  For example here in the US I will go in and leave it on least congested channel, but hold controller and click 1,6,11 as that is what we use for your domain. This lets the AP choose from the least congested of those three channels. 
    For your domain you could do the same and select 1,5,9 and just not select 13 from the list so it would not be used. 
    If you were wanting to use the list of all channels 1-12 you could do the same and just not choose channel 13, but I would honestly suggest the other model. 

• WPA2 on 1231 vs 1240

  I'm having a problem configuring WPA2 on a Cisco 1231 Access Point, where I see a command which I cannot do on this one, which I could do on 1240 AP's.
  On the 1240 I've the following config of the SSID:
  vlan 60
  authentication open eap eap_methods
  authentication key-management wpa version 2
  guest-mode
  mbssid guest-mode
  but on the 1231 I cannot do the "authentication key-management wpa version 2", so I have it like:
  vlan 110
  authentication open eap eap_methods
  authentication key-management wpa
  guest-mode
  mbssid guest-mode
  Since I'm having problems with connecting, what can be the solution?
  The working one is running:
  c1240-k9w7-mx.124-10b.JA
  and non working:
  c1200-k9w7-mx.123-8.JEA

  Hi Jorge,
  You may be running into one of these reasons why the 1231 isn't supporting WPA2;
  Q. What Cisco Aironet access points support WPA2 and AES?
  A. The following Cisco Aironet autonomous and lightweight access points support WPA2 and AES: Cisco Aironet 1240AG Series, 1230AG Series, 1130AG Series and 1000 Series access points. Cisco Aironet 1100 Series, 1200 Series and 1300 Series 802.11g radios support WPA2 with a Cisco IOS Software upgrade via Cisco IOS Software Release 12.3(2)JA or later.
  Q. Which Cisco Aironet 1200 Series 802.11a radio modules support WPA2 and AES?
  A. Cisco Aironet 1200 Series radio modules with the part numbers AIR-RM21A or AIR-RM22A support WPA2 and AES. The Cisco Aironet 1200 Series radio module with the part number AIR-RM20A does not support WPA2 or AES.
  Q. Which Cisco Aironet 802.11b access points support WPA2 and AES?
  A. Cisco Aironet 802.11b access points are not upgradeable to support WPA2 and AES.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801e3e59_ps2706_Products_Q_and_A_Item.html
  Hope this helps!
  Rob

• Aironet Dot1x and Active Directory

  I'm trying to enable dot1x authentication on wireless client (windows), that connect to my wifi network through an aironet 1240AG.
  I've configured Radius server into windows server, configured aironet to use this server for EAP requests, and configured client with a certificate.
  But into log I always see error in authentication.
  Anyone know if there is a simple guide to follow and for verify my configuration?
  Thanks
  Daniele

  You didn't mention if you were trying to use PEAP or EAP-TLS but the config on the AP is pretty much the same regardless.
  http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml
  If you need some help with the Radius configs there are some guides that cover that setup where the wireless controller is used. You could just use the part on setting up the Radius server.
  http://www.cisco.com/en/US/partner/products/ps6521/prod_configuration_examples_list.html

• AP1200 and WPA2

  Hi all,
  I need to analyse options for starting using WPA2 with our Wireless network. I have been looking around Cisco web site, but can not find definite answer if our kit can be upgraded (hardware and/or software) to support this.
  We have mixture of following two APs:
  Cisco AIR-AP1220-IOS-UPGRD (PowerPC405GP) processor with 15038K/1336K bytes of memory.
  Product/Model Number: AIR-AP1220-IOS-UPGRD
  System Software Filename: c1200-k9w7-tar.123-8.JA2
  System Software Version: 12.3(8)JA2
  Cisco AIR-AP1231G-E-K9 (PowerPC405GP) processor (revision A0) with 15038K/1336K bytes of memory.
  Product/Model Number: AIR-AP1231G-E-K9
  System Software Filename: c1200-k9w7-tar.123-8.JA2
  System Software Version: 12.3(8)JA2
  Additionally all APs have radio upgraded to 802.11g by by replacing original radio cards with AIR-MP21G-E-K9 cards.
  The main questions I need answered are:
  1) Will our current 1200 Aironets support WPA2 with upgrade (hardware and/or software)?
  2) If yes, what needs to be upgraded?
  I would appreciate help with this.
  Regards,
  Sasa

  My understanding from Cisco was that, if you have 802.11g radios, you can use WPA2 via a software upgrade. But I'd still do as Scott says and either post or research your model numbers to find out for sure.
  The 1231s aren't a concern - they can certainly use WPA2 with an IOS update. The 1220s are the concern for whether the upraded radios can support such a software upgrade or not.

• 1240AG Clients Associate But Can't Communicate with Server

  Ok, we just bought a new Aironet 1240AG and even though I've down a lot of basic route
  setups on Cisco router, I'm stumped as to how make this work.
  I've got an Aironet 1240 AG. I set the static Ip address on the BVI interface and went
  through all of the web-based setup.
  I just setup up the minimum 128bit WEP keys, the host name and that's about it.
  But, even though people associate, they can't talk to the server hooked-up to the
  FastEthernet interface.
  All I want is to have two devices, with static IP addresses, associate through the 802.11g
  interface of the 1240AG and be able to transfer data to/from the server that is attached to
  the FastEthernet interface.
  The Cisco docs are all over the place and I can't find just the minimum requirements to make
  this setup work.
  Any help or pointers would be most appreciated.
  BTW, if I did want the wireless client to obtain DHCP addresses, wouldn't they also obtain
  those from the DHCP server attached to the FastEthernet interface, after they associate?
  Thanks,
  Bob

  If you just have an AP connected directly to a server, you should be connecting via a crossover cable. Are you using one instead of a straight-through?
  You should not need VLAN's configured for this connectivity. Confirm that the subnet mask and default gateway is the same for both devices, and that the IP addresses are in the same subnet.
  EX/
  AP IP Address: 192.168.1.15
  AP Subnet Mask: 255.255.255.0
  AP Gateway: 192.168.1.1
  Server IP Address: 192.168.1.20
  Server Subnet Mask: 255.255.255.0
  AP Gateway: 192.168.1.1
  If you're using a crossover cable, you should be able to ping the server from the AP and vice versa. If not, check the link lights on the server NIC and the AP ethernet port to see if they're on and green.
  Hope this helps!

• Aironet 1240 ag setting dhcp range

  How do I set up a dhcp range in the Aironet 1240ag access point? The access point is the dhcp server.

  You can only set the DHCP scope on a AP from the CLI, so you would need to get console/telnet/ssh access. After that is the same setup as a router or switch.

• Minimum safe distance to a Aironet 1242AG

  To whom it may concern,
  I've been trying to conduct safety studies on RF systems I'm using on a project, one of which is the Cisco Aironet 1242AG. The FCC's OET states that for the 2.45GHz frequency range, an RF exposure of 1mw/(cm^2) is acceptable for non-controlled RF. I ran a few calculations for our Aironet coupled with a high gain antenna (15dBi) and determined the minimum safe distance was 4.2" away from the antenna. However, standard documentation in the Quick Start Guide for the Aironet 1240AG series access point claims the minimum safe distance is 7.9". I'm trying to figure out how that 7.9" figure was arrived at. The high gain antenna in use is omnidirectional with a beam height of + - 8 degrees.
  The answer is important to me because we have our antenna mounted near a place where a human could sit. Part of me wonders if 7.9" was arrived at simply because the FCC OET Bulletin 65 Supplement C mentions devices with external omni-antenna being typically mounted 20cm away from where a human could be (pg.19).
  Any insight would be great to this.
  - jevans

  I think the line "Proper installation of this radio according to the instructions found in this manual will result in user exposure that is substantially below the FCC recommended limits" clarifies the fact that FCC recommended and cisco recommendation is different taking human safety into account.