Aironet Autonomous 1252 CLI command 802.11n disable

hi,
I am using Aironet Autonomous 1252 AP. The version used is:
Cisco IOS Software, C1260 Software (AP3G1-K9W7-M), Version 12.4(25d)JA1, RELEASE SOFTWARE (fc1)
I want to disable 802.11n on 2.4GHz interface. Please tell the CLI command to do this.
Thanks in advance.
uv.

Why you want to disable 802.11n data rates ?
There are few other ways as well. For 802.11n you should have following
1. WMM enable
2. either Open Authentication or WPA2/AES
So if you are not using 1 & 2 both, you won't get 802.11n data rates. Refer this
https://supportforums.cisco.com/discussion/12078656/aironet-ap-1252-how-use-80211g-only
HTH
Rasika
**** Pls rate all useful responses ****

Similar Messages

Aironet 1252 bridge and 802.11n

Hi,
I have two Cisco Aironet 1252 that I want to configure as a point-2-point bridge. Now I want to know if this configuration supports the 802.11n protocol.
Regards,
Screech

Scott,
I found the following statemen in the release note of IOS 12.4 (25d) (http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_4_25d._JArn.html#wp291685)
802.11n HT Rates Apply Only to No Encryption or WPA2/AES Encryption
The 802.11n HT rates apply only to no encryption or WPA2/AES encryption. They do not apply to WEP or WPA encryption. If WEP or TKIP encryption is used, the 1250 series access points and any 802.11n Draft 2.0 clients will not transmit at the HT rates. Legacy rates (802.11a/b/g) will be used for any clients using WEP or TKIP encryption
Given this statement how do I configure AES encryption on the aironets 1252 that are configured in bridge mode as I do not see this option. If possible please provide steps using the web interface.
Regards,
Screech

Intel 4965 bg wireless???? No 802.11n???

My unit apparently has the 802.11n disabled.
Looking at these specifications,(http://support.lenovo.com/en_US/product-and-parts/detail.page?DocID=PD008989) I can see that some of the units are available with the 802.11n enabled.
How can I enable this functionality, without purchasing a new wireless?
And why in the world would that be disabled in the first place?
Makes no sense.
Thanks in advance
Solved!
Go to Solution.

lenovo_needing wrote:
How can I enable this functionality, without purchasing a new wireless?
And why in the world would that be disabled in the first place?
If your Intel WiFi card is an N disbled version, it will say 4965AG on the printed label on the card.
There is no way to enable 802.11n operation on these cards, as it is disabled in hardware.
These cards were made by Intel as they had shut down the production line for the previous 3945ABG card model, but still needed to produce cards to fulfill market demand for those cards. The 4965AG cards were sold at a lower price than 4965AGN cards... generally at a price point that was compatible with the 3945ABGcard.
They were offered as an option my many laptop suppliers for users who at that time felt they did not need 802.11n capability.
Cheers,
Bill
I don't work for Lenovo

Aironet 1252 / 802.11n / Outdoor Use over 2.7 km (1.7 miles)

Hi There,
We are planning to use two Aironet's 1252 over an 2.7 km point to point link.
One of the options we have it to install three HyperLink Parabolig Grid 5.8 MHz 27 dBi antennas in parallel for every 1252.
I have some concerns because those antennas are not supported by Cisco. In fact, the most gain of Cisco supported antennas is 10 dBi Yagui for 2.4 GHz and 6 dB Omni for 5.8 GHz.
The question is if the 3x 27 dBi antenna array on each side will work without self interferences and what would be the required separation of antennas to get 300 Mbps over the link.
Has anyone tried something like this with the 1252's?
Thanks in advance for any information.
BR,
Igor Sotelo.

Hi Steve,
I have seen the Q&A section for the Aironet 1250:
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6973/ps8382/prod_qas0900aecd806b7c82_ps6973_Products_Q_and_A_Item.html
states that both root and non-root bridge modes are supported.
About that, may I ask if that means that the bridging can work over 802.11n, but is not supported for regulatory reasons. Or the bridging basically only functions in 802.11 a and g modes.
Thanks for the information.
BR,
Igor Sotelo.

Upgrading T61 NIC -- 4956agn (n-disabled) -- to 802.11n

I have a T61 7659-12U. According to the Lenovo specs and what I see using Windows Device Manager, this -12U version of model 7659 comes with the Intel 4965agn wireless card (n-disabled). I am therefore only able to use 802.11g wireless connections, not 802.11n.
The basic specs for the 7659 model indicate that it supports several types 802.11n wireless cards; however, I see nothing in Lenovo specs that show whether this capability applies to all versions of the 7659, or only some versions.
Is it possible for me to just buy and install a Lenovo-approved n-level card in my -12U system -- does my system have all the motherboard connections, antenna capabilities, etc. to support an internal 802.11n NIC, or do I need to use an external PCMCIA wireless card to get 802.11n capability.??
Message Edited by nlitell on 03-06-2009 11:39 PM
T410 2522-K4U QuadCore Intel i7 Processor 8GB RAM 320GB SATA HDD
64-bit Windows7 Pro, with Windows Virtual XP (as included under W7 license)
D-Link 655 Wireless Network WEP encryption MAC Filtering
-- Both 802.11b and g adapters on various network components
Solved!
Go to Solution.

I finally got a Lenovo trouble ticket opened on this, and the answer was yes, I could upgrade the NIC to an N-level card. The antenna and software already support n-level operation.
Apparently Intel makes just one basic 4956 chip design, and then cripples the n-level operation on some of them for installation in lower-cost versions of specific computers. The basic T61 7659 box supports a variety of NICs, and the configuration version (12U in my case) just indicates which mix of options (disk size, NIC, etc.) is installed in that particular computer. The 12U just contains a cheaper set of options than other T61s.
T410 2522-K4U QuadCore Intel i7 Processor 8GB RAM 320GB SATA HDD
64-bit Windows7 Pro, with Windows Virtual XP (as included under W7 license)
D-Link 655 Wireless Network WEP encryption MAC Filtering
-- Both 802.11b and g adapters on various network components

1252 802.11n Throughput, no more than ~140Mbps?

Hello, I have read most of these ports regarding the speed of the 802.11n on the 1252 AP, and can't seem to figure this one out. I have a WISM with a light weight 1252 being powered by a power injector running 7.0.98.0 code. I have everything enabled for 802.11n, and connet with Windows 7 at 300Mbps. After doing many FTP speed tests I can never seem to break the ~140Mbps mark, even after enabling 802.11a 40mhz channel bonding and all the appropriate MCS rates and WMM/WPA2/AES settings. This is a mixed RF environment with clients running a/b/g/n all over. Am I missing something or is really the limit of our environment. I tested 2 different laptops with N cards. My card is an Intel 4965 ABG with latest drivers.
Thanks!

+5 to George. The maximum ever observed in very specific conditions (specific packet size, no one else connected) is around 170/180 "real" Mbps. In a typical real life scenario, reaching 140/150 is good and expected.
For the theoretical explanation, it's the data frame that is sent at 300Mbps. You must also count that EVERY single wireless frame has to be acked by the receiving side, that there are still the beacons and management frames sent at low data rates (1Mbps often, and not 300) and as george said it's half duplex, all in all 802.11a/g offer less than half the speed (20 instead of 54) and with a few protocol improvements 11n offers about really half the speed (150 with 300Mbps data rate).
It's actually the same concept with wired world. Gigabit ethernet means data frames are sent at 1Gbps speed but you have to count the protocol overhead (waiting for tcp ack, etc ...). The difference is that there is very little overhead on wired and it's full duplex so you get very close to 1Gbps.
Hope this clarifies.
Nicolas

Cisco Aironet AIR-SAP2602I-E-K9 WAP -ERROR: VLAN 1000 doesn't exist on 'Radio1-802.11N 5GHZ' (see Services VLAN)

Hey guys,
I'm configuring my access points with two SSID's through the GUI. The first is a corporate SSID and the second a guest SSID. The corporate SSID needs to be attached to native VLAN 1000. The guest SSID needs to be attached to VLAN 1234. Both SSID's / VLAN's are to use WPAv2 AES CCMP with a PSK. Although I'm getting an error message indicating that my VLAN's don't exist on ‘Radio1-802.11N 5GHZ’ . Here are steps I take from start to error...
Create SSID’s with no security. CORP not to broadcast. Set CORP to use native VLAN 1000. Set guest to use VLAN1234.
Within security encryption manager > Set encryption mode cipher to AES CCMP on both VLAN 1000 and VLAN1234.
Within services > VLAN check that both VLAN’s have Radio0-802.11N 2.4GHZ and Radio1-802.11N 5GHZ selected. They do.
Within Security > SSID Manager – set client authenticated key management to mandatory, enable WPA – WPAv2. Set pre-shared key. Hit apply > “ERROR: VLAN 1000 doesn’t exist on ‘Radio1-802.11N 5GHZ’ (see Services > VLAN).
I get the same error for both SSID’s. Radio1-802.11N 5GHZ is "checked" against both VLAN's. Am I missing something? Both Radio0-802.11N 2.4GHZ and Radio1-802.11N 5GHZ are enable interfaces and are "up".
I'm pretty customed to switch and router IOS although have absolutely no exposure to WAP CLI.
Any assistance appreciated.

I've resolved this myself. The GUI is basically terrible and very buggy. I used the CLI and was able to add WPA through the CLI.

1142 Autonomous Cli commands for 40MhZ bonding DFS

Does anyone know of a command that I can issue from the CLI that will inform me of the two channels that the AP is using to bond for the 40MhZ width when I select DFS. I know I can choose either above or below. Does it just use the next channel ? So if DFS selects 36 does it just automatically the next channel up if I have 40Mhz Above selected?
I have autonomous 1142's and I would like to know what the 2nd Channel. Keep in mind these are Autonomous AP's.
Also would like to know a CLI command to find out what the channel currently is for either radio if DFS is selected?
Any docs on CLI commands for the 1142 would be appreciated.
Thank you!

Yes, if you configure 40MHz above it will just use the next channel. Same with 40MHz below, it will just use the next channel down.
To see which channel the AP is currently using you can look under "show controller d1"

802.11N in Aironet?s Products

Hello Everybody
I?m already designing a Unified Wireless Solution for a customer... but my customer tell me that cabletron solution work with 802.11N standard. I was wondering why Aironet?s products doesn?t work with 802.11N
I found that Linksys already works with 802.11N... but do you know good arguments to avoid this standard on Cisco Aironet?

Hi, 802.11n it not yet official. Any product on the market are pre-draft and nothing guaranty they are compatible with each other.
According to the IEEE 802.11 Working Group Project Timelines, the estimated 802.11n publish date is now May 2009.
As for Cisco, they usually release a product a few month after the standard is out. The might release a product 802.11n upgradeable before may2009 like they did for 802.11G.

Disable 802.11n - Force MacBook to use 802.11g

Hello Everyone,
I'm searching for a possibilty to disable 802.11n on my MacBook. I want it to use the G standard instead.
We are using a NETGEAR wn802Tv2 Accesspoint in our office. I can connect to the Router, if the Router is in bg-mode. But connection fails when I try to connect, when the router is in ng-mode. Snow Leopard sys the password is wrong. But it is correct.
I'm not allowed to change the Accesspoint permantly to bg-mode. So I need a possibility to force my MacBook to operate in 802.11g mode.
Im using Snow Leopard 10.6.2 on the new Uniboy MacBook.
Thanks in Advance
Zoidberg

There is no way I am aware of in Mac OS X to force an 802.11n-capable AirPort card to only use 802.11b/g mode.

Problem username &password in cisco aironet 802 11n

HI all ,
I will configure a new AP wireless cisco aironet 802 11n Dual band access , but i'm blocking in username and password can you anyone help me please how can i recovery this login

Hi Hossam,
The default username and password, "Cisco".
Password Recovery Procedure:
https://supportforums.cisco.com/docs/DOC-4532
Regards
Dont forget to rate helpful posts.

Disable 802.11n in 10.5?

It seems that the 802.11n in the MBP performs badly with some access points from random vendors in places I visit routinely, whereas the Core Duo MBP's g card sitting 3 feet away works fine.
Is there a way to force Leopard to fall back to g even if n is available?

I am having the same trouble! And I could NOT find a method on the Mac side to force it down to G.
But at home, I have forced my Wireless router to disable N and use only G.
This seemed to correct/stabilize my Leopard trouble, but at the expense of all the other N machines on the network (4 other PCs)..
It is for sure a Leopard trouble.. Never did I have an issue with Tiger!
APPLE PLEASE FIX THIS STUFF.. IT IS KILLING US!!!! AT LEAST PROVIDE US A WAY TO AFFECT THE TROUBLE!
I, like Djbrashear, would sure like to know how to correct this on the client side, and not have to affect the complete network.
I know this is user to user, but come on.. We are not magicians!
Respectfully,
Chris Aiken
Aiken Development LLC

Autonomous 1252 converted to CAPWAP will not join 5508 WLC

WLC 5508 firmware is v6.0.188.0
I've tried updating the autonomous 1252 via both the upgrade tool 3.4 and 'archive download-sw' from the CLI
I've tried multiple recovery images
c1250-rcvk9w8-tar.124-21a.JA2.tar
c1250-rcvk9w8-tar.124-10b.JDA.tar
After AP reboots with recovery image it joins WLC and downloads new CAPWAP image then reboots again
AP will not rejoin WLC with updated CAPWAP firmware
Any help with this is greatly appreciated!
Thanks in advance and happy holidays,
Scott
Error Msg from 1252 console
*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
Additional info
WLC Debugs Enabled:
MAC address ................................ c4:7d:4f:39:31:e2
Debug Flags Enabled:
aaa detail enabled.
capwap error enabled.
capwap critical enabled.
capwap events enabled.
capwap state enabled.
dtls event enabled.
lwapp events enabled.
lwapp errors enabled.
pm pki enabled.
WLC Debug Output:
*Dec 18 10:51:51.575: dtls_conn_hash_search: Connection not found in hash table - Table empty.
*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: called to get cert for CID 154c7072
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: called to get key for CID 154c7072
*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: match in row 2
*Dec 18 10:51:51.692: acDtlsCallback: Certificate installed for PKI based authentication.
*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=0
*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect:   msg=ClientHello len=44 seq=0 frag_off=0 frag_len=44
*Dec 18 10:51:51.693: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.693: local_openssl_dtls_send: Sending 60 bytes
*Dec 18 10:51:51.694: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=1
*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect:   msg=ClientHello len=76 seq=1 frag_off=0 frag_len=76
*Dec 18 10:51:51.695: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
*Dec 18 10:51:51.696: local_openssl_dtls_send: Sending 314 bytes
*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=2
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=0 frag_len=519
*Dec 18 10:51:51.712: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=3
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=519 frag_len=519
*Dec 18 10:51:51.713: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.713: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=4
*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=1038 frag_len=108
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: locking ca cert table
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_decode()
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <subject> C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1250-c47d4f3931e2, [email protected]
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <issuer> O=Cisco Systems, CN=Cisco Manufacturing CA
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Mac Address in subject is c4:7d:4f:39:31:e2
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert Name in subject is C1250-c47d4f3931e2
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*Dec 18 10:51:51.719: sshpmGetCID: called to evaluate <cscoDefaultMfgCaCert>
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: called to get cert for CID 2ab15c0a
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.719: ssphmUserCertVerify: calling x509_decode()
*Dec 18 10:51:51.730: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (current): 2009/12/18/15:51:51
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotBefore): 2009/11/03/00:47:36
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotAfter): 2019/11/03/00:57:36
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: getting cisco ID cert handle...
*Dec 18 10:51:51.730: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: called with 0x1f1f3b8c
*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: freeing public key
*Dec 18 10:51:51.731: openssl_shim_cert_verify_callback: Certificate verification - passed!
*Dec 18 10:51:51.732: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:52.155: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=5
*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect:   msg=ClientKeyExchange len=258 seq=3 frag_off=0 frag_len=258
*Dec 18 10:51:52.269: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:52.269: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=6
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=CertificateVerify len=258 seq=4 frag_off=0 frag_len=258
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=ChangeCipherSpec epoch=0 seq=7
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=1 seq=0
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=Unknown or Encrypted
*Dec 18 10:51:52.273: openssl_dtls_process_packet: Connection established!
*Dec 18 10:51:52.273: acDtlsCallback: DTLS Connection 0x167c5c00 established
*Dec 18 10:51:52.273: openssl_dtls_mtu_update: Setting DTLS MTU for link to peer 192.168.100.54:62227
*Dec 18 10:51:52.273: local_openssl_dtls_send: Sending 91 bytes
*Dec 18 10:53:06.183: sshpmLscTask: LSC Task received a message 4
Aironet 1252 Console Debug:
*Dec 16 11:07:12.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 18 15:51:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:51:40.999: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 18 15:51:41.695: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:51:41.699: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:51:41.699: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:52:39.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.100.2:5246
*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Dec 18 15:52:40.059: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Dec 18 15:52:40.063: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Dec 18 15:52:40.079: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Dec 18 15:52:40.079: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Dec 18 15:52:50.059: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 18 15:52:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.1

Nathan and Leo are alluding to CSCte01087. Basically the caveat is that DTLS fails on a non-00:xx:xx:xx:xx:xx L2 first hop. e.g. if the APs are on the same VLAN as the management interface, they must have 00 MACs; if they are on a different VLAN, the WLC/AP gateway must have a 00 MAC. If the workaround below does not suit your environment, open a TAC case for an image with the fix.
Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.
   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
Conditions:
At least one of the following conditions pertains:
- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface
- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
Workaround:
If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.
In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:
-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00
-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.
For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
Another workaround is to downgrade to 6.0.182.0. However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.

Configure standalone 1250 AP to support 802.11n

Been searching this forum about 802.11n setup. So far, I learned (from this forum) that to support 802.11n, I must use WPA2/AES (or open auth), and I need to ensure WMM is enable.
Q-1. Besides the above two, are there any other requirement I need to address in my configuration?
Q-2. Do I have to enable both 2.4Mhz and 5Mhz radio for 802.11n performance?
Q-3. Is there WPA2/TKIP option? If so, would this option support 802.11n? Or, it has to be WPA2/AES?
Q-4. From the command line, how can I verify if I have WMM enable?
I have read the 1250 AP Configuration guide, but I don't see specific discussion/chapter about 802.11n. If there is any good reading I can do, please let me know.
Thanks.

I will try to answer your questions:)
Q-1. Besides the above two, are there any other requirement I need to address in my configuration?
You need to configure 40mhz channel width in the AP 802.11a radio
Q-2. Do I have to enable both 2.4Mhz and 5Mhz radio for 802.11n performance?
Only enable 'N' on the 5ghz side due to only having 3 non-overlapping channels on the 2.4ghz
Q-3. Is there WPA2/TKIP option? If so, would this option support 802.11n? Or, it has to be WPA2/AES?
AES is the supported encryption standard for 802.11N.... not TKIP. WPA2/AES or OPEN is your only option
Q-4. From the command line, how can I verify if I have WMM enable?
show wlan
Issue the config wlan wmm {disabled | allowed | required} wlan-id command in order to enable WMM mode

1250 802.11N series in root/non-root bridge mode

Using Yagi's, low loss cable, antenna outside, AP inside.
When operating autonomous 1250 series in root/non-root bridge mode, can I use 802.11N radios? Is it supported?
Or would it be better to use 1242's? This is for a customer, no time for testing, need rock solid design, in and out configuration...

@leolaohoo -
I was just asking for a definitive answer, weather its affirmative or negative, is there a benefit to using the 1252 over the 1242 giving the cost of each, since as you said the 802.11N can not be used to bridge, than I would say a 1242 is better fit for the AP bridge of 350', clear line of site over the 1252.

Aironet Autonomous 1252 CLI command 802.11n disable

Similar Messages

Maybe you are looking for