Aironet 1250 losing Web Interface
Hi;
I configured the bvi interface with a fixed ip address and i am able to ping it and configure it via telnet/ssh. But when i try to configure it via Web Interface it authenticates with my local Usr Credentials and allows me to login, and then if i want to do anything else once i am connected it keeps asking the Usr credentials again and never authenticates. Could someone help me with this ?
Thanks in advance
Rams
I didn't configure too much on it. Just created some username and password and a secret password. And when i connected using Web interface using my usrname and psw it is only allowing to level 1. And if i connect using no usrname and my secret psw it allows me to level 15.
Is there anyway i can tell it to allow to level 15 with my usrname and psw?
Thanks in advance.
Similar Messages
-
Aironet 1100 series web interface times out after few mins of inactivity
Hello,
I just upgraded an Aironet 1121G access point to IOS software version 12.3(8)JEC2 (file name: c1100-k9w7-tar.123-8.JEC2). I noticed that the HTTP web interface now times out after an inactivity of just a few minutes (dont have an exact number, but it times out between 2-4 mins of inactivity). Can this timeout period be changed..!? How? This wasnt happenning on the previous software version: 12.3(8)JEB1.
Also, where can I find the online help files for the latest Cisco IOS software? I cant seem to find it on the Cisco website!
Thanks much for all your help.. really appreciate it.Does anyone have any idea on this..!? Its terrible having to login every couple of mins..!
Thanks :) -
The Aironet 1240AG Autonomous Web Interface authentication
Hi,
I would like to know if the Aironet 1240AG Autonomous, is capable to do Web Interface authentication (like a public hotspot, so no security on Wifi, but you will only get access to the network/internet when one has opened a Internet Browser and got an Username password challange from the Access Point )
I'm planning to use this methode to make a guest access wifi connection to Internet available.
Had this first with a propper WPA key, but lot's of guests had many dificulties to connect this way.
So now I'm want to try it on a way most users are used to due to the Web interface authentication they know from public hotspots (hotels etc. )The only way I found to do this with autonomus is with third party software, that has the function known as "captive portal". You could try the sofware based on freebsd named monowall (its a firewall) with the captive portal feature.
-
TACACS Authorization of Web Interface on Aironet 1200 AP
I have the Aironet 1200 AP setup to authenticate and perform authorization for the CLI via TACACS. That is working fine.
However, the web interface is failing "ip http authentication". (Slight caveat - it works for a local user in the local AP DB - it does not work when it goes to CiscoSecure ACS to authenticate/authorize).
I can get to some pages (prompt and pass authentication), but certain pages (e.g. Services>>SNMP) where configuration steps are taken cause a second prompt is presented, username and password is provided, and it fails.
This is only evident from the output of a "debug ip http authentication"
What do I need to configure in ACS to make this work?
Relevant portion of config:
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
no ip http server
ip http authentication aaa
ip http secure-server
Sep 7 13:40:59.885: HTTP AAA picking up console Login-Authentication List name: default
Sep 7 13:40:59.885: HTTP AAA picking up console Exec-Authorization List name: default
Sep 7 13:40:59.909: HTTP: Authentication failed for level 15
Sep 7 13:41:06.757: HTTP AAA picking up console Login-Authentication List name: default
Sep 7 13:41:06.757: HTTP AAA picking up console Exec-Authorization List name: default
Sep 7 13:41:06.780: HTTP: Authentication failed for level 15
This document appears to describe a scenario similar to mine, but is for http - not HTTPS:
Local Authentication for HTTP Server Users
http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a0080178a51.shtml#tac-win
Any ideas what I may be missing here?
Thanks,
JeffI found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
CiscoSecure ACS:
Group Settings
Shell (exec)
Priv Level = 15
On the AP:
had to enable:
ip http authentication aaa login-authentication AP_Web (Named Method List) -
Aironet 1240AG - cant use the web interface
I am trying to configure a new Aironet 1240AG. After it picked an ip address from the DHCP in my lan, I still can't log in using the web interface. I am using an Internet Explorer 6.0 on Win 2000. It keeps telling me cannot find server. please i need assistance
Hi Obinna,
Sorry about the link :( The problem here is the fact that 12.3.(11)JX is a Lightweight image. Have a look;
Warning: All Cisco Aironet Access Points receiving Cisco IOS Software Release 12.3(11)JX will only function in conjunction with a Cisco Wireless LAN Controller. They will no longer be able to function as Cisco Aironet Autonomous Access Points.
This product bulletin describes the content and delivery information for Cisco IOS Software Release 12.3(11)JX. This is a Cisco Lightweight Access Point Protocol (LWAPP) upgrade and recovery support software image supporting Cisco Aironet 1100, Aironet 1130, Aironet 1200, Aironet 1230 AG, Aironet 1240 AG, and Aironet 1300 Series Access Points.
http://www.cisco.com/en/US/products/ps5861/prod_bulletin0900aecd804b1a72.html
You can use this method to convert the AP back to Autonomous Mode (and access via Web);
Reverting the Access Point Back to Autonomous Mode
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
Using a TFTP Server to Return to a Previous Release
Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5 Disconnect power from the access point.
Step 6 Press and hold MODE while you reconnect power to the access point.
Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
From this doc;
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
Hope this helps!
Rob -
Aironet 1200 - error in web interface
Hi
I am attempting to configure 2 Cisco Aironet 1200 series devices for conection to an existing WLAN. Neither AP will be the Radius server.
I am able to connect to the device using IE and the IP address - however - as soon as I make any changes in any screen the screen then displays a message "Error on Page with a "!" in triangle.
This then prevents me from Applying the change asnd so configuring the device.
Anyone seen this before and know the solution - is there a bug in the web interface?Is there an explanation along with it? Can you include a screenshot to your response? Screenshot will be helpful to diagnose the problem.
-
SSL for Web interface of Aironet 1200
IS there a way to enable SSL or any security for the web interface of the Aironet APs?
I found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
CiscoSecure ACS:
Group Settings
Shell (exec)
Priv Level = 15
On the AP:
had to enable:
ip http authentication aaa login-authentication AP_Web (Named Method List) -
Not able to use Aironet 3500 web interface
Hi, I can ping my aironet 3500 AP but when I put the ip on the address bar of web browser it wont give the interface.
I can not set it up, how can i enable the web interface?
i really appreciate your help,
ThanksIs there a way I can upgrade the software so its autonomus?
Yes and no.
Yes, you can upgrade to autonomous ... IF you can find the software.
No, if you run into configuration issues, TAC will not help you and you're on your own.
Thanks for your help Im really troubled with this...
Talk to the vendor who sold you the item and tell them to replace it with the ones I've mentioned previously. -
Help using Custom ssl cert in Aironet https web Interface
I spent a few hours learning how to import certificates, and I think I did ok with that part. If I use the selfsigned cert when HTTPS is enabled through the web interface, HTTPS works just fine, but the second I
ip http secure-trustpoint test
I get a connection reset error in my test browsers.
ip http secure-trustpoint TP-self-signed-3349201592
doesn't fix it, it just gives me an "invalid certificate" error. I'm going to include what I did to get to where I am now, and hopefully you can see where I'm going wrong.
In Linux:
openssl genrsa -out test.key 2048
openssl req -new -nodes -key test.key -out test.csr
got csr cert and root ca from CACert
openssl rsa -in test.key -des3 -passin pass: -out keyout.pem
password:12345678
scp root.ca [email protected]:flash:/root.ca
scp keyout.pem [email protected]:flash:/test.key
scp test.crt [email protected]:flash:/test.crt
In Aironet IOS
crypto ca trustpoint test
crypto ca import test pem url flash:/test 12345678
% Importing CA certificate...
Source filename [test.ca]? root.crt
Reading file from flash:root.crt
% Importing private key PEM file...
Source filename [test.prv]? test.key
Reading file from flash:test.key
% Importing certificate PEM file...
Source filename [test.crt]?
Reading file from flash:/test% PEM files import failed.
ok so that didn't work, but I can see that the root.crt imported at least
show crypto ca trustpoints
Trustpoint TP-self-signed-3349201592:
Subject Name:
cn=IOS-Self-Signed-Certificate-3349201592
Serial Number: 01
Persistent self-signed certificate trust point
Trustpoint test:
Subject Name:
[email protected]
cn=CA Cert Signing Authority
ou=http://www.cacert.org
o=Root CA
Serial Number: 00
Persistent self-signed certificate trust point
I then tried to import just the keypair
crypto key import rsa test pem url flash:/test 12345678
% Importing public key or certificate PEM file...
Source filename [test.pub]? test.crt
Reading file from flash:test.crt
% Importing private key PEM file...
Source filename [test.prv]? test.key
Reading file from flash:test.key% Key pair import succeeded.
Strangely, that worked, and now I have my keypair.
show crypto key mypubkey rsa
% Key pair was generated at: 03:39:07 GMT Jul 29 2009
Key name: BenCloud
Usage: General Purpose Key
Key is not exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00CAC0D9 4C79D716 140D38BF C97C1120 8A0FDCED DDDF5438 8A4BDC5C 00629676 .......
Now to apply it to the trust point, I also tried to mimick the selfsigned TP's settings, and this is what I ended up with
show
enrollment selfsigned
subject-name cn=CA Cert Signing Authority
revocation-check none
rsakeypair test
end
vs
show
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3349201592
revocation-check none
rsakeypair TP-self-signed-3349201592
end
Then I tried applying this new TP to the HTTPS server
ip http secure-trustpoint test
Which caused the error I discribed earlierThat isn't the problem, it says "The connection was interrupted" when I use my own Trust Point.
As I said, if I disable HTTPS, then reenable it, through the WebUI, it regenerates the self signed keys and works just fine. I think I'm assigning the keys incorrectly, but I don't know where I'm going wrong. -
4 Aironet 1250's and a controller?
Hi guys,
I'm about to order a four Aironet 1250's and a 2106 Wireless LAN Controller. From what I've read, I'll need the controller to manage the APs if I want them all to offer the same broadcast domain and subnet, and offer roaming to the users. Often times what I read and understand turns out to have little to do with reality, so my question is, am I correct about this?
Thanks in advance!
Joehttp://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42ovrv.html#wp1133151
These hardware features are not supported on 2000 and 2100 series controllers:
•Power over Ethernet (PoE) [2000 series controllers only]
Note Ports 7 and 8 on 2100 series controllers are PoE ports.
•Service port (separate out-of-band management 10/100-Mbps Ethernet interface)
These software features are not supported on 2000 and 2100 series controllers:
•VPN termination (such as IPSec and L2TP)
•Termination of guest controller tunnels (origination of guest controller tunnels is supported)
•External web authentication web server list
•Layer 2 LWAPP
•Spanning tree
•Port mirroring
•Cranite
•Fortress
•AppleTalk
•QoS per-user bandwidth contracts
•IPv6 pass-through
•Link aggregation (LAG) -
Last Character In Crystal Report cut off when ran via BO web interface
I created a report in Crystal and uploaded it to the Business Objects Web Interface.
On my detail row, the last character is getting cut off regardless of the length of the text. Even short words like "Yes" are losing the last character, and appearing as "Ye", and there is plenty of room available between the right margin.
The column header extends out further with no issues.
Does anyone have a solution for this?Hi Dean,
Try with this:
Go to the following registry sub key:
HKEY_USERS\[your security profile]\Software\Crystal Decisions\10.2\Crystal Reports\Export\Pdf
Right-click the sub key and click New > DWORD Value. Name the DWORD value "ForceLargerFonts" and set it to the value of 1.
Regards,
Shweta -
Aironet 1250 Configuration Help
Hello to all,
I'm an vmware\linux system administrator with very low skills in networking, I just bought 3 Cisco Aironet 1250 2.4ghz + 5ghz for my testing network and I need help to configure them.
Scenario:
1 - I have 3 Cisco Aironet 1250
2 - I want to create 2 wifi networks, SSID guest (vlan 11) and SSID production (vlan 1) in 2.4ghz + 5ghz
2a- I want to configure security WPA2-PSK without RADIUS Server.
3 - Aironet 1250 # 1 is connected to ethernet vlan1 (production)
4 - Aironet 1250 # 2 is connected to ethernet vlan11 (guest)
5 - Aironet 1250 # 3 is connected to ethernet vlan1 (production)
These are the first configuration commands found:
configureno ip domain-lookupline vty 0 4no exec-timeoutenableconfigure terminalinterface dot11radio 0encryption vlan 1 mode ciphers aes-ccmssid Productionvlan 1authentication openauthentication key-management wpa version 2wpa-psk ascii password1guest-modeend interface dot11radio 1encryption vlan 11 mode ciphers aes-ccmssid Guestvlan 11authentication openauthentication key-management wpa version 2wpa-psk ascii password2guest-modeend
When I try to set the repeater configuration webinterface tells me configuration errors.
Any help is welcome, sorry for my newbie!
Thanks a lot!Since each AP is connected via Ethernet, you don't need to set any as a repeater. Here are some links that show you what you need to have multiple SSID's and multiple vlans.
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_11_JA/configuration/guide/s11ssid.html
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml
Tech Guides
http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_configuration_examples_list.html
Sent from Cisco Technical Support iPhone App -
I have an interesting problem. I have an aironet 1250. For months my wireless clients has been connecting with no problems. One day there was a power failure, don't remember making any chnages which I should of saved. After, all of my equipment rebooted with no problems. Now I'm seeing my 802.11N clients having connectivity problems. After 10 to 40 mins I believe they get logout, but the client don't get updated to this. The G and the B no problems. Some are Intel chip sets and some are apples base computers.
Anyone seen this?
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname blackhole
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
ip domain name javabeans
ip ssh version 2
dot11 ssid JavaBeans
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 033E5D060F0EB78723C3E1815142B053225535E52754556204D116C577F784846032369512E0C40553B2301080C5219177A683E16
dot11 ids mfp distributor
dot11 ids mfp detector
dot11 ids mfp generator
power inline negotiation prestandard source
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid JavaBeans
antenna gain 2
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 128
station-role root
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 input-address-list 750
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid JavaBeans
antenna gain 3
dfs band 1 2 3 4 block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel width 40-above
channel 5180
station-role root
no dot11 extension aironet
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 input-address-list 750
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.5.15.1 255.255.0.0
ip helper-address 10.5.20.1
no ip route-cache
ip default-gateway 10.5.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging history size 50
logging history notifications
logging 10.5.20.1
snmp-server community java RO
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
line con 0
session-timeout 30
line vty 0 4
session-timeout 30
sntp server 10.5.1.1
sntp broadcast client
endthis is what I got from the AP
2009-04-17 15:59:47 Local7.Info 10.5.15.1 214: Apr 17 19:59:46.885: %DOT11-6-ASSOC: Interface Dot11Radio0, Station blackhole 0013.e871.5b29 Associated KEY_MGMT[WPAv2 PSK]
2009-04-17 15:59:52 Local7.Info 10.5.15.1 215: Apr 17 19:59:51.969: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0013.e871.5b29 Reason: Sending station has left the BSS
2009-04-17 16:00:55 Local7.Info 10.5.15.1 216: Apr 17 20:00:54.298: %DOT11-6-ASSOC: Interface Dot11Radio0, Station blackhole 0013.e871.5b29 Associated KEY_MGMT[WPAv2 PSK]
2009-04-17 17:04:56 Local7.Warning 10.5.15.1 218: Apr 17 21:04:55.640: %DOT11-4-CCMP_REPLAY: AES-CCMP TSC replay was detected on a packet (TSC 0x102313) received from 0013.e871.5b29.
2009-04-17 17:05:24 Local7.Warning 10.5.15.1 219: Apr 17 21:05:23.570: %DOT11-4-CCMP_REPLAY: AES-CCMP TSC replay was detected on a packet (TSC 0x10C31F) received from 0013.e871.5b29.
it looks like the clients reconnect 30mins later after, what ever happens. -
Aironet 1250 and AIR-ANT2430V-R
Hello,
I've just installed a Aironet 1250 and AIR-ANT2430V-R antenna.
I could do with some pointers on configuring the 2.4Ghz radio interface.
Role: Access Point
Goal: Blanket office coverage
Channel width: 20Mhz or 40+ ?
External Antenna Configuration: Enable
Gain: ??db
Currently I'm seeing speeds between 1Mbps and 144Mbps, with sporadic coverage.
I was expecting £900+ equipment to be better than the £10 D-link POE WAP currently installed! =]
Thank you in advance
KDo you have the rp-tnc connectors fastened tightly?
How are you measuring the bitrate?
Also, have you tried using a tool such as iperf to measure actual throughput and not bitrate?
If you are running 802.11n rates on the 2.4 spectrum and plan to deploy more APs on the network, you will want to stay away from channel bonding.
We do not run 802.11n on the 2.4 side, only the 5Ghz side. -
Tough Decision: Gmail Web Interface or Gmail Via Pop Using Mac Mail
Thought I would open a discussion about this since I have been having a tough time making a decision. I love using Gmail's web interface but hate losing the integration with Mac OS. I forward all my email from different providers to my Gmail so I can access all my email from any computer. This is very handy for me.
I have tried using the mail app to access gmail via pop, but one thing I hate is when I reply to an email from a different provider than gmail it will use the gmail reply address. Gmail's web interface will use the account that the email was sent to as the reply address automatically.
I am almost certain that others are in the same quandry as I am. If so, what is your solution?
20" iMac Mac OS X (10.4.7)You can enter the email addresses for your other providers in Mail and have them show up in a pop-up menu when you compose new mail; then you can select which address to use as the outgoing mail address.
Go to Mail->Preferences->Accounts, and undeer the Account Information, look for the Email Address field (below the Description filed). Enter your other email addresses in there, separated by commas, then close the Preferences and Save the changes.
Now create a new email and the pop-up menu should let you choose which email address will show up on the email.
Mulder
If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
iMac G4 700Mhz Mac OS X (10.3.9)
Maybe you are looking for
-
How can i find PP Order & Plan Order from Sales Documents?
I want to trace all PP Orders & Plan Orders form Sales Documents No.(Item) What logic can make me achive?(AFPO?) TKS a million~~
-
Hi. I'd like to ask how to create / edit a Report Group? I'd like to create one, put 2 reports there and write transaction which will launch that report group. I'd be thankful for help or links Greetings. P.
-
WLAN Connectivity problems using Nokia 5800 Xpress...
Folks, I really need help here. I am trying to connect to my company WLAN called BLUESSO. The visible config settings required to access this hidden WLAN access point are as seen in the attachment also seen below: SSID: BLUESSO Encryption type: TKIP
-
Thanks, Praveen Edited by: Praveen Pasi on Feb 9, 2011 3:29 AM
-
Upgraded from CS 6 to CC 2014 with CS4 Extension
I recently upgraded from Adobe CS6 to CC 2014. I had a custom DW CS4 extension installed and working in CS6. When I converted the mxp file to a zxp file, and then attempted to install the zxp file to CC 2014, I received an error message stating "THe