AP Authentication feature in Cisco 1242AG/1310G

Similar Messages

• PoE for Cisco 1242AG and 1310G Access Points

  Dear All,
  we purchased a Cisco 1242AG and a 1310G Access Point and in the DataSheet it was specified that these APs support Power-over-Ethernet. The problem is we don't see any RJ-45 port in either AP which could be used for connecting the AP to an PoE Switch. Can you please tell us how we can connect these APs to an 802.11af compatible PowerBridge (by Intermec) ? Thanks.

  Hi Thorsten,
  The 1242 should be good to go but the 1310 is powered quite differently. Have a look;
  AP 1240 Series - Hardware (see diagram)
  http://www.cisco.com/en/US/products/ps6521/products_installation_guide_chapter09186a008079b7f4.html#wp1071972
  Connecting the Ethernet and Power Cables
  http://www.cisco.com/en/US/products/ps6521/products_installation_guide_chapter09186a008079b7f4.html#wp1052781
  1300 Series Power
  Power
  The access point/bridge receives inline power from the Cisco Aironet Power Injector (hereafter called the power injector). Dual-coax cables are used to provide Ethernet data and power from the power injector to the access point/bridge. The power injector is an external unit designed for operation in a sheltered environment, such as inside a building or vehicle. The power injector also functions as an Ethernet repeater by connecting to a Category 5 LAN backbone and using the dual-coax cable interface to the access point/bridge.
  The power injector is available in two models:
  Cisco Aironet Power Injector LR2 standard version (included with the access point/bridge)
  48-VDC input power
  Uses the 48-VDC power module (included with the access point/bridge)
  Cisco Aironet Power Injector LR2T optional transportation version
  12- to 40-VDC input power
  Note The power injector and the power module must not be placed in an outdoor unprotected environment. The power module must not be placed in a building's environmental air space, such as above a suspended ceiling.
  http://www.cisco.com/en/US/products/ps5861/products_installation_guide_chapter09186a008079b93b.html#wp1051840
  Dual coaxial cable to run from the power injector to the 1300. See attached notes:
  Cisco Aironet 1300 Series
  Cisco Aironet 1300 Series Access Point/Bridge Power Injector
  The Cisco Aironet 1300 Series Outdoor Access Point/Bridge Power Injector,converts the standard 10/100 BaseT Ethernet interface that is suitable for weather protected areas to a dual F-Type connector interface for coax cables that are more suitable for harsh outdoor environments. The Power Injector also provides power to the outdoor unit over the same cables with a power discover feature and surge protection. To support longer cable runs from your wireless network switch or router, the Power Injector LR is designed to accommodate up to a 100 meter coaxial cable run plus 100 meters of indoor cat5 cable?enabling total cable runs up to 200 meters. The Cisco Aironet 1300 Series Outdoor Access Point/Bridge ships with the Power Injector LR2 and an AC power supply.
  From this link:
  http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a008022551d.html
  Cisco Aironet 1300 Series Outdoor Access Point/Bridge Hardware Installation Guide
  Ethernet Ports
  The access point/bridge dual-coax Ethernet ports consists of a pair of 75-ohm F-type connectors, linking the unit to your 100BASE-T Ethernet LAN through the power injector. The dual-coax cables are used to send and receive Ethernet data and to supply inline 48-VDC power from the power injector to the access point/bridge.
  From this link:
  http://www.cisco.com/en/US/products/ps5861/products_installation_guide_book09186a00804d3095.html
  AIR-PWRINJ-BLR2
  F-Type Connectors
  Dual coaxial cable carries full-duplex Ethernet, DC power, and full-duplex console port (RS-232 connection)
  From this link:
  http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a00802252e1.html
  Hope this helps!
  Rob

• AP Authentication in 1242AG/1310G Autonomous Mode

  Hi guys,
  how does the AP Authentication feature in autonomous Cisco APs work ? In the SSID Manager you can select a defined AP Authentication credential. And I created exactly the same username/password on the Radius Server. But where can I define that it's mandatory for all APs to authenticate to the network via Radius ? Even if I enter a wrong password in the AP Authentication section the AP still is accepted by the Radius Server and can serve WiFi-Clients in the same SSID. Any help is greatly appreciated. Thanks.

  Go to Wireless Domain services -settings and configure the Radius server there.

• Cisco aironet 1310G non_native vlan and dhcp

  hi evrybody
  i have problem with my cisco aironet 1310G
  non-native vlan can not get(dynamicly)ip address from cisco aironet 1310G
  this is all my configuration please can someone help me
  ip dhcp excluded-address 20.20.20.20
  ip dhcp excluded-address 20.0.0.0
  ip dhcp excluded-address 30.0.0.0
  ip dhcp excluded-address 30.30.30.30
  ip dhcp excluded-address 10.0.0.0
  ip dhcp excluded-address 10.0.0.10
  ip dhcp excluded-address 10.1.0.0
  ip dhcp excluded-address 10.1.0.10
  ip dhcp pool d01
  network 10.0.0.0 255.255.255.0
  default-router 10.0.0.10
  ip dhcp pool d02
  network 20.0.0.0 255.255.255.0
  default-router 20.20.20.20
  ip dhcp pool d03
  network 30.0.0.0 255.255.255.0
  default-router 30.30.30.30
  no aaa new-model
  dot11 ssid vlan01
  vlan 1
  authentication open
  dot11 ssid vlan02
  vlan 2
  authentication open
  dot11 ssid vlan3
  vlan 3
  authentication open
  username cisco password xxx
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  broadcast-key vlan 2 change 100
  broadcast-key vlan 3 change 100
  ssid vlan01
  ssid vlan02
  ssid vlan3
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root access-point
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  interface Dot11Radio0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 subscriber-loop-control
  bridge-group 3 block-unknown-source
  no bridge-group 3 source-learning
  no bridge-group 3 unicast-flooding
  bridge-group 3 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  hold-queue 80 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  no bridge-group 2 source-learning
  bridge-group 2 spanning-disabled
  interface FastEthernet0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  no bridge-group 3 source-learning
  bridge-group 3 spanning-disabled
  interface BVI1
  ip address 10.0.0.10 255.255.255.0
  no ip route-cache
  interface BVI2
  ip address 20.20.20.20 255.255.255.0
  no ip route-cache
  interface BVI3
  ip address 30.30.30.30 255.255.255.0
  no ip route-cache
  control-plane
  bridge 1 priority 9000
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 2 priority 10000
  bridge 2 protocol ieee
  bridge 3 priority 3100
  bridge 3 protocol ieee
  line con 0
  line vty 0 4
  login local
  end

  hi friend
  i did what you sugested but it is styl not working so plz find below the show run and debug ip dhcp server in ordr to help us thanks for all your suport
  ip subnet-zero
  ip dhcp excluded-address 20.0.0.20
  ip dhcp excluded-address 30.0.0.30
  ip dhcp excluded-address 10.0.0.10
  ip dhcp pool d01
  network 10.0.0.0 255.255.255.0
  default-router 10.0.0.10
  ip dhcp pool d02
  network 20.0.0.0 255.255.255.0
  default-router 20.0.0.20
  ip dhcp pool d03
  network 30.0.0.0 255.255.255.0
  default-router 30.0.0.30
  aaa new-model
  dot11 ssid vlan01
  vlan 1
  authentication open
  guest-mode
  dot11 ssid vlan02
  vlan 2
  authentication open
  dot11 ssid vlan03
  vlan 3
  authentication open
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  broadcast-key vlan 2 change 100
  broadcast-key vlan 3 change 100
  ssid vlan01
  ssid vlan02
  ssid vlan03
  station-role root access-point
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  interface Dot11Radio0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 subscriber-loop-control
  bridge-group 3 block-unknown-source
  no bridge-group 3 source-learning
  no bridge-group 3 unicast-flooding
  bridge-group 3 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  hold-queue 80 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  no bridge-group 2 source-learning
  bridge-group 2 spanning-disabled
  interface FastEthernet0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  no bridge-group 3 source-learning
  bridge-group 3 spanning-disabled
  interface BVI1
  ip address 10.0.0.10 255.255.255.0
  no ip route-cache
  interface BVI2
  ip address 20.0.0.20 255.255.255.0
  no ip route-cache
  interface BVI3
  ip address 30.0.0.30 255.255.255.0
  ip helper-address 30.0.0.0
  no ip route-cache
  and debug ip dhcp server {events | packets | linkage}
  *Mar 1 01:06:37.054: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
  Station 0011.a304.2b65 Reason: Sending station has left the BSS
  *Mar 1 01:06:40.140: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0011.a304
  .2b65 Associated KEY_MGMT[NONE]

• What is the difference in the features between Cisco prime 1.2 and Cisco prime 1.4 ?

  Dears,
  Please i need to know what is the difference in the features between Cisco prime infrastructure 1.2 and Cisco prime 1.4.
  Already i see the release note for each one but the release indicate only the New feature for every one. so i need to know the difference between them not new features.
  Wait your kind feedback plz
  Regards,

  Hi,
  New Features and Enhancements
  The following topics describe new features and enhancements in Cisco Prime Infrastructure 1.4.
  Management Support for WLC Release 7.5
  Support for 802.11ac Module
  Support for Cisco AP 700
  Policy Classification Engine
  FlexConnect Audit Support
  Autonomous AP Support
  Client Stateful Switchover
  Cable Modem Monitoring
  Support for Secure File Transfer Protocol
  and please go through the link and check the data sheet for further clearance.
  http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/datasheet-c78-729879.html

• 802.1x Critical Authentication feature 12.2(25)SEE

  The critical authentication feature does not seem to work. Port does not move to authorized state if RADIUS (ACS) server is not available. In fact, it even seems to break the Authentication Fail VLAN functionality.
  If RADIUS server is not available and user/machine tries to authenticate, the port fails authentication and remains in unauthorized state and does not even move to AuthFail VLAN.
  Any ideas?

  dot1x and aaa related switch configuration follows:
  Global Config:
  aaa new-model
  aaa group server radius acsrad
  server A.B.C.D auth-port 1645 acct-port 1646
  server W.X.Y.Z auth-port 1645 acct-port 1646
  aaa group server tacacs+ acstac
  server A.B.C.D
  server W.X.Y.Z
  aaa authentication login default group acstac local
  aaa authentication dot1x default group acsrad
  aaa authorization exec default group acstac if-authenticated
  aaa authorization network default group acsrad if-authenticated
  aaa accounting update periodic 5
  aaa nas port extended
  aaa session-id common
  tacacs-server host A.B.C.D key 7 XXXXXXXXXXX
  tacacs-server host W.X.Y.Z key 7 XXXXXXXXX
  tacacs-server directed-request
  radius-server dead-criteria time 5 tries 2
  radius-server host A.B.C.D auth-port 1645 acct-port 1646 test username XXXX idle-time 1 key 7 XXXXXXXXXX
  radius-server host W.X.Y.Z auth-port 1645 acct-port 1646 test username XXXX idle-time 1 key 7 XXXXXXXXXXXX
  radius-server source-ports 1645-1646
  radius-server deadtime 1
  radius-server vsa send authentication
  dot1x system-auth-control
  dot1x critical recovery delay 2000
  dot1x critical eapol
  Interface configuration:
  switchport access vlan x1
  switchport mode access
  dot1x critical recovery action reinitialize
  dot1x pae authenticator
  dot1x port-control auto
  dot1x timeout quiet-period 30
  dot1x timeout server-timeout 5
  dot1x reauthentication
  dot1x guest-vlan x2
  dot1x auth-fail vlan x2
  dot1x critical vlan 101
  arp timeout 60
  spanning-tree portfast
  ================================
  I have tried making the critical vlan to be the same as the access vlan as well as the Auth-Fail vlan but the results are same.

• Drag and Drop dialing Feature on Cisco IP Communicator

  Hi everyone,
                First of all I'm a beginner of voip. I'm searching  feature of Cisco IP communicator ver 7.0.  and found this document http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cipc/7_0/english/user/guide/CIPCUG70.html there is feature drag and drop dialing.you can drag the phone number  from another application on window and drop to ip communicator for dial.I try to drag file type html,xml,xls,word and txt . it not  work. please guide me to use this feature.
  Thanks for your help.
  Piyawat Jinsang

  Hi,
  You can drag a phone number from another application and drop it into Cisco IP Communicator to initiate a call.
  do you drag number or the file itself ?
  HTH
  Anas
  don't forget to rate the helpful posts

• Help- How many cisco 1242AG

  How many cisco 1242AG non-root AP can assiocate with root APs in an mesh design?
  thanks

  Hi,
  the below link may help you!!
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch8_MESH.html
  The mesh design constrains will let u know.. lemme know if this answered your question
  Regards
  Surendra

• Softphone feature for Cisco Jabber Client

  Hello everyone,
  I have a CUCM cluster v.8.6.2 and a CUPS v.8.6.4. I've installed my full CUWL licenses as well as my CUP Licenses AND the Jabber for Everyone COP file. I've managed to install Jabber on Mac and on Windows and have all the features such as Chat, Desktop phone integration and Visual Voicemail with Cisco Unity Connection working as well. The only feature I'm having a huge hassle getting to work is the Softphone feature. I've tried adding a CUPC device with the user (btw everything is integrated and uses LDAP for authentication) as the digest account for it as well as the Owner ID. I've tried adding a CSF device as well (I remember reading it somewhere) but the Jabber client never discovers a Softphone device and all of the options on the client are grayed out for me to put in the device settings. I thought I saw it once looking for a device name CSFACILLI (ACILLI being my username) in the System Diagnostics for the Jabber for Mac client but now it just shows:
     Soft Phone Server
  Server Address:           cucm02.mycompany.net
  Server Port:                     2748
  Server Protocol:           --
  Device:                               --
  Line ID:                               --
  Status:                               Disconnected
  Any help or thoughts on this would be greatly appreciated! Thanks!
  Tony

  Aaron,
  Here's the bit I found interesting from the reporting function:
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CCUCMClient::downloadConfig -- begin:
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CCUCMClient::getCnfFile -- begin: , strDeviceName.c_str()=CSFacill, bHttp=FALSE
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CTFTPClient::Get -- begin: , remotefile=CTLFile.tlv, host=cucm02.mycompany.net, bIsAsyMode=TRUE, port=69
  -- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] -  TFTP_Error Select error
  -- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] -  TFTP_Error Can't get packet, retrycount=3
  -- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] -   CTFTPClient::ContinueGet -- end!
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CTFTPClient::Get -- end!
  -- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] -  CTFTPClient::ReceiveData -- end!
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CCUCMClient::getCnfFile -- end!
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CCUCMClient::downloadConfig -- end!
  -- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] -  CPhone::setPhoneMode -- end!
  -- 2012-07-25 08:31:01.000 DEBUG [0xb030b000] -  CTFTPClient::ReceiveData -- begin: , nCookie=5, bIsAsyMode=TRUE
  It looks like it's trying to get CTLFile.tlv from my TFTP servers (which are my subscribers). I went under TFTP File Management under OS Administration on the Subscribers and no such file exists. Is this something I have to download from Cisco? It does look like it's trying for the correct device, just can't get the Configuration File it needs... Your thoughts?
  Thanks,
  Tony

• Ciscoworks 2000 and Cisco 1242AG-LAP

  hi
  i have a problem with my cisco works,the software is manages all the devices in my network including the 19 1242AG-LAPs,even thogh the LAPs appear on the management software they are appearing as red which in normal conditions indicate a faulty device.How do i make sure that the access-points appear as green.The access-points are managed through the Cisco WLC 4402.

  Make sure LMS 2.6 in order to get the AP1200 v3.0 package to support 1240 APs.

• Cut-Through Proxy / Authentication Proxy on Cisco ASA using ISE as AAA Server for allocating SGTs

  Hi,
  We are trying to setup ASA to do cut-through authentication proxy, and use ISE as RADIUS. We can successfully authenticate the user from Radius on the ASA, while he opens a web-page, but then it displays the error: authorization denied.
  What we want:
  ISE to allocate a security group tag to the user session when he logs in, that tag would carried within out cisco network infrastrucutre to define the access
  policy for that user.
  Can someone please help me with a sort of step by step thing for ISE configuration to allocate SGTs/SGACL for the user session after authentication is completed.
  Thanks
  Lovleen

  Please refer to below step by step config guide for security group access policies
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html

• These problem about features in Cisco PI 1.2

  Dear Cisco Support Team ,
  Currently , I am using PI 1.2 .I have some confuses  about these features on this .
  1. Alarm and Event :
  - When 1 port on any devices down , I don't see any alarm about this . Plz tell me What kinds of alarm in PI ?
  - I can't receive any syslog on these devices although I have configured  and received on LMS .
  2. Client and Users :
  - What is the client ? On some Switchs just has 24 ports but show more 24 clients .
  Thanks!

  Hi Predrag ,
  Thanks for advisors .
  - About the syslog  :
  I have configured syslog on device to send to PI , some devices can send to PI , almost switchs .We monitor 40 devices , have 9 switchs in the network but on PI just see syslog on 2 switchs , no syslog on all router  ? The flowing is status on PI :
       Last login: Mon Apr  8 14:08:41 2013 from 10.7.15.224
       srv-pi-01/admin# ncs status
       Health Monitor Server is running.
       Reporting Server is running
       Ftp Server is running
       Database server is running
       Tftp Server is running
       Matlab Server is running
       NMS Server is running.
       SAM Daemon is running ...
       DA Daemon is running ...
       Syslog Daemon is running ...
       status
  - About the Client :
  For example :
  I have 2 switchs  . They have connected ( Switch A-- Switch B on port 24 ). On 1 switch A have connect 1 router A  , from router A connected router B .
  When I show client on PI on Switch B I see router B as client although it not connect with Switch B .
  Plz help to check this problem .
  Regards

• Wireless Point to Point Cisco 1242ag

  Hi
  Is it possible to set up some sort of authentication where the root bridge and non-root bridge only associate with the opposites MAC address?

  Have a look at the link provided.  There are ways of adding encryption and passwords to your point-to-point bridge.  My recommendation is to go this way.  It's alot quicker and easier to maintain.
  Wireless Bridges Point-to-Point Link Configuration Example
  http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml
  I hope this will help.
  Please don't forget to rate useful posts.  Thanks.

• Automatic contain feature in cisco wlc for rouge AP

  hi all,
  I need to know what is the meaning of "contain" for the detected rouge AP on cisco wireless lan controller ??
  thanks in advance 

  Rogue Containment
  Containment is a method of using over-the-air packets to temporarily interrupt service on a rogue device until it can physically be removed. Containment works by spoofing de-authentication packets with the spoofed source address of the rogue AP so that any clients associated are kicked off.
  Source: 
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html

• How to enable pin authentication features for hp laserjet 9050dn printers for all users?

  There Is A requirement to Enable Pin Authentication for all the users . We have hp laserjet 9050dn  Pinters
  We would Like to Save Papper hence wanted to enable this feature to all our printers.
  We would like to enable Pin authentication for all the users so that when a user fire a print out it would be in queue and when the user enters the PIN manually on the printer it would print and if the user doesnt require the pintout that he fired he dosent have to entr the PIN. Thus  End of the day all such  unrequired prints that were fired out will be in queu and they will be deleted end of th day.
  Thus we could save lots of Paper ..
  Can Some one Help Me to get this done...... Please post you Comments It Would be really Helpful....

  The product you have seems to be a commercial printer. For the best chance at finding a solution I would suggest posting in the forum for HP Business Support!
  You may find the Commercial Laserjet board here.
  http://h30499.www3.hp.com/t5/Printers-LaserJet/bd-p/bsc-413
  You can also find the article related to this product here:
  http://h20000.www2.hp.com/bizsupport/TechSupport/Home.jsp?lang=en&cc=us&prodTypeId=18972&prodSeriesI...
  (User manual, troubleshooting tips, drivers, and more info)
  Hope this helps!
  Help the community by marking this post as a solution if it solved your issue!.
  If my post helped you in any way, please click the blue KUDOS star under my name! It would mean a great deal.