Aironet 1250 losing Web Interface

Similar Messages

• Aironet 1100 series web interface times out after few mins of inactivity

  Hello,
  I just upgraded an Aironet 1121G access point to IOS software version 12.3(8)JEC2 (file name: c1100-k9w7-tar.123-8.JEC2). I noticed that the HTTP web interface now times out after an inactivity of just a few minutes (dont have an exact number, but it times out between 2-4 mins of inactivity). Can this timeout period be changed..!? How? This wasnt happenning on the previous software version: 12.3(8)JEB1.
  Also, where can I find the online help files for the latest Cisco IOS software? I cant seem to find it on the Cisco website!
  Thanks much for all your help.. really appreciate it.

  Does anyone have any idea on this..!? Its terrible having to login every couple of mins..!
  Thanks :)

• The Aironet 1240AG Autonomous Web Interface authentication

  Hi,
  I would like to know if the Aironet 1240AG Autonomous, is capable to do Web Interface authentication (like a public hotspot, so no security on Wifi, but you will only get access to the network/internet when one has opened a Internet Browser and got an Username password challange from the Access Point )
  I'm planning to use this methode to make a guest access wifi connection to Internet available.
  Had this first with a propper WPA key, but lot's of guests had many dificulties to connect this way.
  So now I'm want to try it on a way most users are used to due to the Web interface authentication they know from public hotspots (hotels etc. )

  The only way I found to do this with autonomus is with third party software, that has the function known as "captive portal". You could try the sofware based on freebsd named monowall (its a firewall) with the captive portal feature.

• TACACS Authorization of Web Interface on Aironet 1200 AP

  I have the Aironet 1200 AP setup to authenticate and perform authorization for the CLI via TACACS. That is working fine.
  However, the web interface is failing "ip http authentication". (Slight caveat - it works for a local user in the local AP DB - it does not work when it goes to CiscoSecure ACS to authenticate/authorize).
  I can get to some pages (prompt and pass authentication), but certain pages (e.g. Services>>SNMP) where configuration steps are taken cause a second prompt is presented, username and password is provided, and it fails.
  This is only evident from the output of a "debug ip http authentication"
  What do I need to configure in ACS to make this work?
  Relevant portion of config:
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local
  no ip http server
  ip http authentication aaa
  ip http secure-server
  Sep 7 13:40:59.885: HTTP AAA picking up console Login-Authentication List name: default
  Sep 7 13:40:59.885: HTTP AAA picking up console Exec-Authorization List name: default
  Sep 7 13:40:59.909: HTTP: Authentication failed for level 15
  Sep 7 13:41:06.757: HTTP AAA picking up console Login-Authentication List name: default
  Sep 7 13:41:06.757: HTTP AAA picking up console Exec-Authorization List name: default
  Sep 7 13:41:06.780: HTTP: Authentication failed for level 15
  This document appears to describe a scenario similar to mine, but is for http - not HTTPS:
  Local Authentication for HTTP Server Users
  http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a0080178a51.shtml#tac-win
  Any ideas what I may be missing here?
  Thanks,
  Jeff

  I found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
  CiscoSecure ACS:
  Group Settings
  Shell (exec)
  Priv Level = 15
  On the AP:
  had to enable:
  ip http authentication aaa login-authentication AP_Web (Named Method List)

• Aironet 1240AG - cant use the web interface

  I am trying to configure a new Aironet 1240AG. After it picked an ip address from the DHCP in my lan, I still can't log in using the web interface. I am using an Internet Explorer 6.0 on Win 2000. It keeps telling me cannot find server. please i need assistance

  Hi Obinna,
  Sorry about the link :( The problem here is the fact that 12.3.(11)JX is a Lightweight image. Have a look;
  Warning: All Cisco Aironet Access Points receiving Cisco IOS Software Release 12.3(11)JX will only function in conjunction with a Cisco Wireless LAN Controller. They will no longer be able to function as Cisco Aironet Autonomous Access Points.
  This product bulletin describes the content and delivery information for Cisco IOS Software Release 12.3(11)JX. This is a Cisco Lightweight Access Point Protocol (LWAPP) upgrade and recovery support software image supporting Cisco Aironet 1100, Aironet 1130, Aironet 1200, Aironet 1230 AG, Aironet 1240 AG, and Aironet 1300 Series Access Points.
  http://www.cisco.com/en/US/products/ps5861/prod_bulletin0900aecd804b1a72.html
  You can use this method to convert the AP back to Autonomous Mode (and access via Web);
  Reverting the Access Point Back to Autonomous Mode
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
  Using a TFTP Server to Return to a Previous Release
  Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
  Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
  Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
  Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
  Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
  Step 5 Disconnect power from the access point.
  Step 6 Press and hold MODE while you reconnect power to the access point.
  Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
  Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
  Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  Hope this helps!
  Rob

• Aironet 1200 - error in web interface

  Hi
  I am attempting to configure 2 Cisco Aironet 1200 series devices for conection to an existing WLAN. Neither AP will be the Radius server.
  I am able to connect to the device using IE and the IP address - however - as soon as I make any changes in any screen the screen then displays a message "Error on Page with a "!" in triangle.
  This then prevents me from Applying the change asnd so configuring the device.
  Anyone seen this before and know the solution - is there a bug in the web interface?

  Is there an explanation along with it? Can you include a screenshot to your response? Screenshot will be helpful to diagnose the problem.

• SSL for Web interface of Aironet 1200

  IS there a way to enable SSL or any security for the web interface of the Aironet APs?

  I found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
  CiscoSecure ACS:
  Group Settings
  Shell (exec)
  Priv Level = 15
  On the AP:
  had to enable:
  ip http authentication aaa login-authentication AP_Web (Named Method List)

• Not able to use Aironet 3500 web interface

  Hi, I can ping my aironet 3500 AP but when I put the ip on the address bar of web browser it wont give the interface.
  I can not set it up, how can i enable the web interface?
  i really appreciate your help,
  Thanks

  Is there a way I can upgrade the software so its autonomus?
  Yes and no.
  Yes, you can upgrade to autonomous ... IF you can find the software.
  No, if you run into configuration issues, TAC will not help you and you're on your own.
  Thanks for your help Im really troubled with this...
  Talk to the vendor who sold you the item and tell them to replace it with the ones I've mentioned previously.

• Help using Custom ssl cert in Aironet https web Interface

  I spent a few hours learning how to import certificates, and I think I did ok with that part. If I use the selfsigned cert when HTTPS is enabled through the web interface, HTTPS works just fine, but the second I
  ip http secure-trustpoint test
  I get a connection reset error in my test browsers.
  ip http secure-trustpoint TP-self-signed-3349201592
  doesn't fix it, it just gives me an "invalid certificate" error. I'm going to include what I did to get to where I am now, and hopefully you can see where I'm going wrong.
  In Linux:
  openssl genrsa -out test.key 2048
  openssl req -new -nodes -key test.key -out test.csr
  got csr cert and root ca from CACert
  openssl rsa -in test.key -des3 -passin pass: -out keyout.pem
  password:12345678
  scp root.ca [email protected]:flash:/root.ca
  scp keyout.pem [email protected]:flash:/test.key
  scp test.crt [email protected]:flash:/test.crt
  In Aironet IOS
  crypto ca trustpoint test
  crypto ca import test pem url flash:/test 12345678
  % Importing CA certificate...
  Source filename [test.ca]? root.crt
  Reading file from flash:root.crt
  % Importing private key PEM file...
  Source filename [test.prv]? test.key
  Reading file from flash:test.key
  % Importing certificate PEM file...
  Source filename [test.crt]?
  Reading file from flash:/test% PEM files import failed.
  ok so that didn't work, but I can see that the root.crt imported at least
  show crypto ca trustpoints
  Trustpoint TP-self-signed-3349201592:
  Subject Name:
  cn=IOS-Self-Signed-Certificate-3349201592
  Serial Number: 01
  Persistent self-signed certificate trust point
  Trustpoint test:
  Subject Name:
  [email protected]
  cn=CA Cert Signing Authority
  ou=http://www.cacert.org
  o=Root CA
  Serial Number: 00
  Persistent self-signed certificate trust point
  I then tried to import just the keypair
  crypto key import rsa test pem url flash:/test 12345678
  % Importing public key or certificate PEM file...
  Source filename [test.pub]? test.crt
  Reading file from flash:test.crt
  % Importing private key PEM file...
  Source filename [test.prv]? test.key
  Reading file from flash:test.key% Key pair import succeeded.
  Strangely, that worked, and now I have my keypair.
  show crypto key mypubkey rsa
  % Key pair was generated at: 03:39:07 GMT Jul 29 2009
  Key name: BenCloud
  Usage: General Purpose Key
  Key is not exportable.
  Key Data:
  30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
  00CAC0D9 4C79D716 140D38BF C97C1120 8A0FDCED DDDF5438 8A4BDC5C 00629676 .......
  Now to apply it to the trust point, I also tried to mimick the selfsigned TP's settings, and this is what I ended up with
  show
  enrollment selfsigned
  subject-name cn=CA Cert Signing Authority
  revocation-check none
  rsakeypair test
  end
  vs
  show
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3349201592
  revocation-check none
  rsakeypair TP-self-signed-3349201592
  end
  Then I tried applying this new TP to the HTTPS server
  ip http secure-trustpoint test
  Which caused the error I discribed earlier

  That isn't the problem, it says "The connection was interrupted" when I use my own Trust Point.
  As I said, if I disable HTTPS, then reenable it, through the WebUI, it regenerates the self signed keys and works just fine. I think I'm assigning the keys incorrectly, but I don't know where I'm going wrong.

• 4 Aironet 1250's and a controller?

  Hi guys,
  I'm about to order a four Aironet 1250's and a 2106 Wireless LAN Controller. From what I've read, I'll need the controller to manage the APs if I want them all to offer the same broadcast domain and subnet, and offer roaming to the users. Often times what I read and understand turns out to have little to do with reality, so my question is, am I correct about this?
  Thanks in advance!
    Joe

  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42ovrv.html#wp1133151
  These hardware features are not supported on 2000  and 2100 series controllers:
  •Power over Ethernet (PoE) [2000 series  controllers only]
  Note Ports 7 and 8 on 2100 series  controllers are PoE ports.
  •Service port (separate out-of-band  management 10/100-Mbps Ethernet interface)
  These software features are not supported on 2000 and 2100 series  controllers:
  •VPN termination (such as IPSec and  L2TP)
  •Termination of guest controller tunnels  (origination of guest controller tunnels is supported)
  •External web authentication web server  list
  •Layer 2 LWAPP
  •Spanning tree
  •Port mirroring
  •Cranite
  •Fortress
  •AppleTalk
  •QoS per-user bandwidth contracts
  •IPv6 pass-through
  •Link aggregation (LAG)

• Last Character In Crystal Report cut off when ran via BO web interface

  I created a report in Crystal and uploaded it to the Business Objects Web Interface.
  On my detail row, the last character is getting cut off regardless of the length of the text.  Even short words like "Yes" are losing the last character, and appearing as "Ye", and there is plenty of room available between the right margin.
  The column header extends out further with no issues.
  Does anyone have a solution for this?

  Hi Dean,
  Try with this:
  Go to the following registry sub key:
  HKEY_USERS\[your security profile]\Software\Crystal Decisions\10.2\Crystal Reports\Export\Pdf
  Right-click the sub key and click New > DWORD Value. Name the DWORD value "ForceLargerFonts" and set it to the value of 1.
  Regards,
  Shweta

• Aironet 1250 Configuration Help

  Hello to all,
  I'm an  vmware\linux system administrator with very low skills in networking, I just bought 3 Cisco Aironet 1250 2.4ghz + 5ghz for my testing network and I need help to configure them.
  Scenario:
  1 - I have 3 Cisco Aironet 1250
  2 - I want to create 2 wifi networks, SSID guest (vlan 11) and SSID production (vlan 1) in 2.4ghz + 5ghz
  2a- I want to configure security WPA2-PSK without RADIUS Server.
  3 - Aironet 1250 # 1 is connected to ethernet vlan1 (production)
  4 - Aironet 1250 # 2 is connected to ethernet vlan11 (guest)
  5 - Aironet 1250 # 3 is connected to ethernet vlan1 (production)
  These are the first configuration commands found:
  configureno ip domain-lookupline vty 0 4no exec-timeoutenableconfigure terminalinterface dot11radio 0encryption vlan 1 mode ciphers aes-ccmssid Productionvlan 1authentication openauthentication key-management wpa version 2wpa-psk ascii password1guest-modeend        interface dot11radio 1encryption vlan 11 mode ciphers aes-ccmssid Guestvlan 11authentication openauthentication key-management wpa version 2wpa-psk ascii password2guest-modeend
  When I try to set the repeater configuration webinterface tells me configuration errors.
  Any help is welcome, sorry for my newbie!
  Thanks a lot!

  Since each AP is connected via Ethernet, you don't need to set any as a repeater. Here are some links that show you what you need to have multiple SSID's and multiple vlans.
  http://www.cisco.com/en/US/docs/wireless/access_point/12.2_11_JA/configuration/guide/s11ssid.html
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml
  Tech Guides
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_configuration_examples_list.html
  Sent from Cisco Technical Support iPhone App

• Aironet 1250

  I have an interesting problem. I have an aironet 1250. For months my wireless clients has been connecting with no problems. One day there was a power failure, don't remember making any chnages which I should of saved. After, all of my equipment rebooted with no problems. Now I'm seeing my 802.11N clients having connectivity problems. After 10 to 40 mins I believe they get logout, but the client don't get updated to this. The G and the B no problems. Some are Intel chip sets and some are apples base computers.
  Anyone seen this?
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname blackhole
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone -0500 -5
  clock summer-time -0400 recurring
  ip domain name javabeans
  ip ssh version 2
  dot11 ssid JavaBeans
  authentication open
  authentication key-management wpa version 2
  guest-mode
  wpa-psk ascii 7 033E5D060F0EB78723C3E1815142B053225535E52754556204D116C577F784846032369512E0C40553B2301080C5219177A683E16
  dot11 ids mfp distributor
  dot11 ids mfp detector
  dot11 ids mfp generator
  power inline negotiation prestandard source
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid JavaBeans
  antenna gain 2
  speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
  packet retries 128
  station-role root
  l2-filter bridge-group-acl
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 input-address-list 750
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid JavaBeans
  antenna gain 3
  dfs band 1 2 3 4 block
  speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
  channel width 40-above
  channel 5180
  station-role root
  no dot11 extension aironet
  l2-filter bridge-group-acl
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 input-address-list 750
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.5.15.1 255.255.0.0
  ip helper-address 10.5.20.1
  no ip route-cache
  ip default-gateway 10.5.1.1
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  logging history size 50
  logging history notifications
  logging 10.5.20.1
  snmp-server community java RO
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  session-timeout 30
  line vty 0 4
  session-timeout 30
  sntp server 10.5.1.1
  sntp broadcast client
  end

  this is what I got from the AP
  2009-04-17 15:59:47 Local7.Info 10.5.15.1 214: Apr 17 19:59:46.885: %DOT11-6-ASSOC: Interface Dot11Radio0, Station blackhole 0013.e871.5b29 Associated KEY_MGMT[WPAv2 PSK]
  2009-04-17 15:59:52 Local7.Info 10.5.15.1 215: Apr 17 19:59:51.969: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0013.e871.5b29 Reason: Sending station has left the BSS
  2009-04-17 16:00:55 Local7.Info 10.5.15.1 216: Apr 17 20:00:54.298: %DOT11-6-ASSOC: Interface Dot11Radio0, Station blackhole 0013.e871.5b29 Associated KEY_MGMT[WPAv2 PSK]
  2009-04-17 17:04:56 Local7.Warning 10.5.15.1 218: Apr 17 21:04:55.640: %DOT11-4-CCMP_REPLAY: AES-CCMP TSC replay was detected on a packet (TSC 0x102313) received from 0013.e871.5b29.
  2009-04-17 17:05:24 Local7.Warning 10.5.15.1 219: Apr 17 21:05:23.570: %DOT11-4-CCMP_REPLAY: AES-CCMP TSC replay was detected on a packet (TSC 0x10C31F) received from 0013.e871.5b29.
  it looks like the clients reconnect 30mins later after, what ever happens.

• Aironet 1250 and AIR-ANT2430V-R

  Hello,
  I've just installed a Aironet 1250 and AIR-ANT2430V-R antenna.
  I could do with some pointers on configuring the 2.4Ghz radio interface.
  Role: Access Point
  Goal: Blanket office coverage
  Channel width: 20Mhz or 40+ ?
  External Antenna Configuration: Enable
  Gain: ??db
  Currently I'm seeing speeds between 1Mbps and 144Mbps, with sporadic coverage.
  I was expecting £900+ equipment to be better than the £10 D-link POE WAP currently installed! =]
  Thank you in advance
  K

  Do you have the rp-tnc connectors fastened tightly?
  How are you measuring the bitrate?
  Also, have you tried using a tool such as iperf to measure actual throughput and not bitrate?
  If you are running 802.11n rates on the 2.4 spectrum and plan to deploy more APs on the network, you will want to stay away from channel bonding.
  We do not run 802.11n on the 2.4 side, only the 5Ghz side.

• Tough Decision: Gmail Web Interface or Gmail Via Pop Using Mac Mail

  Thought I would open a discussion about this since I have been having a tough time making a decision. I love using Gmail's web interface but hate losing the integration with Mac OS. I forward all my email from different providers to my Gmail so I can access all my email from any computer. This is very handy for me.
  I have tried using the mail app to access gmail via pop, but one thing I hate is when I reply to an email from a different provider than gmail it will use the gmail reply address. Gmail's web interface will use the account that the email was sent to as the reply address automatically.
  I am almost certain that others are in the same quandry as I am. If so, what is your solution?
  20" iMac   Mac OS X (10.4.7)  

  You can enter the email addresses for your other providers in Mail and have them show up in a pop-up menu when you compose new mail; then you can select which address to use as the outgoing mail address.
  Go to Mail->Preferences->Accounts, and undeer the Account Information, look for the Email Address field (below the Description filed). Enter your other email addresses in there, separated by commas, then close the Preferences and Save the changes.
  Now create a new email and the pop-up menu should let you choose which email address will show up on the email.
  Mulder
  If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
  iMac G4 700Mhz   Mac OS X (10.3.9)