AP problem Cisco aironet 1040
I have a Cisco aironet 1040.
On my Accespoint i have 2 vlans: 1 for my wifi phones and 1 for my network.
Wifi Lan has the SSID LAN with WPA enterprise authentication to a radius server(ms server 2008).
Wifi Phone has SSID PHONE and vlan 50 with local radius authentication.
This Works all fine, Except when i enable AP for my wifi phones.
When AP is enabled the authentication for my lan doesn’t go to my server but local.
How do I configure my accesspoints so that the cisco phones use the local radius server with AP and my windows computers connect using the ms radius server?
Hope some one can help
Attached is my current config.
aaa group server radius rad_eap
server auth-port 1645 acct-port 1646
aaa group server radius WDS-AUTH
server auth-port 1812 acct-port 1813
aaa group server radius VOICE-AUTH
server auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
Both of the SSID are calling to eap_methods. What you need to do is configure another aaa authentication line:
** aaa authentication login phone_method group VOICE-AUTH**
then call that as your network-eap:
dot11 ssid VOICE
vlan 50
authentication network-eap **phone_method**
authentication key-management cckm
Change/add the lines between the **.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered
Similar Messages
-
Hello,good day problem with Cisco aironet 1040 series acces point
Hello good day to all, how to configure cisco aironet 1040 series using web configuration attaching through patch cord without using the console.
if possible please send me step by step instruction, any help is gladly appreciated.
thank you in advance, More power
melhelo good day sir,
this is the first time i configure this device i am using Cisco aironet 1040 for our wireless using POE for power, and using cisco catalyst 2960 as switch
i jack the patch cord in and its goes on colored green,
the thing is how i can configure the aironet 1040 sir?
waiting for a step by step instruction,
thank you in advance
mel -
How to change default admin password on Cisco Aironet 1040
How do I change the default username and password on the Cisco Aironet 1040. There is a default set and I want to change that to secure the device. I've checked the manual and can't seem to find the directions. Any ideas?
Hi Brian,
If this AP is already registered with a WLC then you can change it via WLC.
In WLC GUI, go to Wireless -> Select the AP -> Credential -> Override Global Credential-> Update username/pw/enable pw
In WLC CLI, you can configure it like this. If it is for all APs, then select all, otherwise AP name.
(WLC3) >config ap mgmtuser add username admin password Cisco123 secret Cisco123 ?
all Applies the configuration to every AP that does not have a specific user name.
Enter the name of the Cisco AP.
(WLC3) >config ap mgmtuser add username password secret
(WLC3) >save config
Are you sure you want to save? (y/n) y
If it is Autonomous AP you can configure using the "username xxxx password xxx" IOS command
HTH
Rasika
*** Pls rate all useful responses **** -
Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP
I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.I did configure the Server 2008 R2 RADIUS Server using this video below:
https://www.youtube.com/watch?v=g-0MM_tK-Tk
I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this. -
Slow connection with Cisco Aironet 1040
I have been racking my brain for a while and cannot figure out why I am not getting 144Mbps out of my Aironet 1040. I was reading a previous thread (
https://supportforums.cisco.com/thread/2141961) and set it up exactly like it said. I have set the encryption to Cipher AES CCMP and set the SSID to open authentication. I also set the SSID's key management to enable WPA (WPAv2).
I was reading that WMM has to be set. I have 3 options: Disabled, Legacy, and dot11d. If i chose dot11d I have to put in a coutry code. Problem is there are no options in the country code pull down. I cannot even manually type it in.
Another problem is that cell phones cannot connect. It keeps saying authentication fails in the log.
Any reason why I am having such slow speeds?WMM is enabled by default, or at least it should be.
What type of client are you using? Check the specs of the WNIC, and see how many spatial streams that it supports.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Cisco aironet 1040: create wireless with wpa2 and mac authentication
Hi,
I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
Can anyone help me? thanks
Hi,
I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
Can anyone help me? thanksap#show configuration
Using 2085 out of 32768 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 ssid Svez
authentication open mac-address mac_methods
authentication key-management wpa version 2
username 00907a0f2a55 password 7 1249554E425C0D542C79257D66
username 00907a0f2a55 autocommand exit
username administrator privilege 15 password 7 033449040A0620425A0D15564F42
username 0025d3db778b password 7 055B565D74481D0D1B52404A09
username 0025d3db778b autocommand exit
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid Svez
antenna gain 0
station-role root
world-mode legacy
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
end
ap# -
Problem username &password in cisco aironet 802 11n
HI all ,
I will configure a new AP wireless cisco aironet 802 11n Dual band access , but i'm blocking in username and password can you anyone help me please how can i recovery this loginHi Hossam,
The default username and password, "Cisco".
Password Recovery Procedure:
https://supportforums.cisco.com/docs/DOC-4532
Regards
Dont forget to rate helpful posts. -
How many users are supported on a Cisco Aironet 1141N? 30?
I have a client that wants to upgrade his Aironet 1131 APs with 1141N. How many users are supported on a Cisco Aironet 1141N?
Yes, you could have 30 clients on the AP.
Client density all depends on what the client is doing, really.
So if you have clients that are just web surfing and pulling email 30+ isn't a problem. If they are all streaming video, then you want to plan for less clients per AP, and more APs.
Steve -
Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
Using 1283 out of 32768 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LHS-WeightRoom-WCV
ip subnet-zero
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 ssid wcv
authentication open
guest-mode
dot11 ssid wcvcisco
authentication open
infrastructure-ssid optional
username root privilege 15 password 7 0247335A05320A2244
username Cisco privilege 15 password 7 074E164D403D1C061F
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid wcv
ssid wcvcisco
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
interface BVI1
ip address 10.141.8.6 255.255.254.0
no ip route-cache
ip default-gateway 10.141.8.5
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
line vty 0 4
endHere is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html -
Can a CISCO Aironet 700w be set up as Antonius Access Point ? I was able to set up 700i OK no problem
Need to Set it up for WIFI site Survey Active to test coverageThe 700W series access point contains two simultaneous dual-band radios, the 2.4 GHz and 5 GHz 802.11n MIMO radios, in a controller-based mode.
Source: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/702W/quick/guide/ap702Wgetstart.html -
Cisco Aironet 1131G cannot access BVI
I have configure our Cisco Aironet 1131G with Multiple SSID with VLAN's
The Guest VLAN is working well and no problem,
The issue i have is that I cannot connect to the BVI on the Wireless AP, i have setup to VLAN's
2 = LAN & NATIVE VLAN
999 = GUEST VLAN
this is my config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname NAFTA_AP_003
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap2
server 10.1.122.50 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 syslog
dot11 vlan-name GUEST vlan 999
dot11 vlan-name LAN vlan 2
dot11 ssid Nufarm_EXT
vlan GUEST
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 053B0918245E6308015546
dot11 ssid Nufarm_INT
vlan 2
authentication open eap eap_methods2
authentication network-eap eap_methods2 mac-address mac_methods
authentication key-management wpa
username nemesis privilege 15 secret 5 $1$SjHa$TGIGBh.IhLNgflxBreKYf.
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan GUEST mode ciphers aes-ccm tkip
encryption vlan 2 mode ciphers tkip
ssid Nufarm_EXT
ssid Nufarm_INT
channel 2422
station-role root
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.999
encapsulation dot1Q 999
no ip unreachables
no ip proxy-arp
no ip route-cache
no cdp enable
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.999
encapsulation dot1Q 999
no ip unreachables
no ip route-cache
no cdp enable
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
interface BVI1
ip address 10.1.2.242 255.255.255.0
no ip route-cache
ip default-gateway 10.1.2.254
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.1.122.50 auth-port 1645 acct-port 1646 key 7 03516213160B73435E0C2D16110504
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
endAh, yeah that would do it, makes the swich want the VLAN to be tagged. Nice catch on that!
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later. -
Configuring Aironet 1040 with WPA2-PSK
I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
This is what I have so far:
Current configuration : 1684 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap1
logging rate-limit console 9
enable secret 5 $1$q9i9$V8Z042Zif0H7t4qN5awMM.
no aaa new-model
ip domain name Office
dot11 syslog
dot11 ssid WLAN
vlan 30
authentication open
username Cisco password 7 05280F1C2243
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid WLAN
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
ssid WLAN
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.2.2 255.255.255.0
no ip route-cache
ip default-gateway 192.168.2.1
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
login local
endOK, I figured out some of what was going on. The admin account was set to read only instead of read/write, and both radios had not been added to my VLAN. Now I have successfully (?) configured WPA2-PSK on both wireless access points, and they are broadcasting their SSIDs, but I am unable to connect to them for an unknown reason. I am prompted for the pre shared key and then the connection fails. Hmm...
-
Configuration of a Point to MultiPoint link with Cisco Aironet 1310 bridges
Hi All,
The previous problem of which I started another conversation here:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddba023
somehow dissapeared. It could have been a problem of interferences.
I have another issue with other (multipoint) wireless WAN link, which I hope has a solution.
On the central node, we have an Cisco Aironet 1310 bridge configured as root-bridge. It has a panel of four vertical polarity 17 dBi panel 90? antennas, with more than enough gain (there is a 250 mWatts 802.11 b/g amplifier, before the 4-way splitter) and excellent line of sight to three remote bridges.
The three (03) remote bridges are also Aironet 1310 models, confidured as non-root-bridges.
The problem we have is that it seems that when the three remote links operate concurrently the amount of lost packets is huge. When I shutdown the radio interfaces of two bridges, the remaining bridge makes an excellent link with the central node.
It seems that some hours are more critical than others, also the links operate much worse when there is some (small) network traffic in them.
I have read the 1310 manuals, and I can't find a sample configuration for point to multi-point links.
Does someone knows what radio interface configuration should I need to use to establish better quality communication?
I mean, perhaps the 1 x root - 3 x no root configuration is not recommendable for the multipoint link configuration.
Any hints will be welcome.
Best Regards,
Igor Sotelo.Hi All,
Thank you for the information. I configured the distance on the root bridges, but the links showed instability.
I'm using a bi-directional amplifier. It has two pieces. According to the manuals, one is installed indoors, the other outdoors. I'm not sure if the indoors piece has the transmition module or it's only the injector.
We could establish connection at 7 km (around 4 milles) distance from the central point, using 24 dBi antennas on the other side.
However, we have issues with a near located point that is only 1.2 Km (around 0.8 milles) away and has a 13 dBi integrated patch antenna. The signal strenght value we get there is in the -62 to -68 dBm range, and is noticiably (5-10 dBm) lower than the strenght we get at other points of the link. And I have trouble establishing a high quality link with that point, using OFDM modulation. I tend to think that if I remove the amplifier I'm not going to reach that point at all. The EIRP on the central iste is 34 dBm / 2.5 watts, without amplifier it would be 26 dBm / 0.4 watts.
On the opposite sites the EIRP is 33 dBm / 2 watts using CCK or 28 dBm / 0.63 watts using OFDM.
When one looks at the central site from that point, an Motorola Canopy with passive reflector (EIRP 48 dBm or around 64 watts) can be seen. It doesn't have the same direction, but the opposite site must be large distance and could interfere with my wireless network. Attached is an amplified photo of the view. It's safe to assume that the Canopy operates in the 2.4 GHz frequency range.
Once I connect the point at 1.2 Km, the multipoint link loses its quality, and soon the lost packets get too frequent.
The CCK seems to be much more interfered than OFDM, I guess because of that canopies.
Another thing I'm wondering about is if the Aironet 1310 can continuosly switch CCK-OFDM over the same point - multipoint link, without losing packets.
What other parameters should I tweak? Is there a way to avoid interferences fromt the canopy?
I would like to apply 100 mWatts local power using the radio with OFDM, but it seems that's not possible.
Best Regards,
Igor Sotelo. -
Aironet 1040 Series Apple frequently drops
I'm running Cisco Aironnet 1040 series routers and all my Apple computers (NOT iPhones or iPads just the computers) continue to get dropped by the routers. The time ranges anywhere from less than a minute to an hour, depending how many clients are connected. I have no trouble at all with any mobile devices and none with non apple computers. This has been going on since we've bought them last year. I'm trying to use WPA authentication. I've read forums and places where you can use MAC authentication and the problem seems to go away. That's not an ideal option for as many clients as I have on the network. I've attempted to update the software, revert the software and reset to default. Nothing has made any difference at all. I've also tried changing the channel it broadcasts on, with no luck. I've double checked the firmware on the Apple computers and they are up to date. My configuration is below.....Any ideas on what I can change or do I need to pursue a different router that isn't Cisco?
show run
Building configuration...
Current configuration : 1401 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 3FN
logging rate-limit console 9
enable secret 5 $1$fMiK$UE/.aUuGGZiuvi17KWbPM0
no aaa new-model
dot11 syslog
dot11 ssid danielwpa
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 15435C5F517E7871793237
username Cisco password 7 1531021F0725
username Admin privilege 15 password 7 06525C7442595A40
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid danielwpa
antenna gain 0
channel 2437
station-role root
world-mode legacy
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.0.154 255.0.0.0
no ip route-cache
ip default-gateway 10.0.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
endGoing through the logs I see the MAC addresses of my computers that are disconnected with it saying:
*Mar 17 18:19:55.169: %DOT11-4-MAXRETRIES: Packet to client 74e5.43cf.b184 reached max retries, removing the client
*Mar 17 18:19:55.175: %DOT11-4-MAXRETRIES: Packet to client c09f.4227.2cfc reached max retries, removing the client
*Mar 17 18:19:55.179: %DOT11-4-MAXRETRIES: Packet to client 80c1.6e1c.ef26 reached max retries, removing the client
Not sure if that helps at all or not. I see plenty of logs showing my computer connecting just fine and moving from one AP to another but it appears to timeout (rather quickly I might add) and drop the connection. So it's obviously something with the router. I can always connect right back to the network without a problem. It doesn't ask for a password or anything. -
I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
I have one SSID and uses WPA-PSK (TKIP).
The configuration seams wary straight forward, but something is wrong.
The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
What could be the course of instability?
The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
Best Regards
Martin
AP1#sh run
Building configuration...
Current configuration : 2227 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP1
enable secret xxx
clock timezone GMT 1
ip subnet-zero
ip domain name mydom.com
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid myssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxx
username Cisco password xxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid myssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.1.105 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
no cdp run
radius-server local
no authentication leap
no authentication mac
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
sntp server 212.242.xx.207
sntp broadcast client
end
AP1#A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
"Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
Good Luck
Scott
Maybe you are looking for
-
How can I get the love back?
Remember the anthem in 1984? The call for independence? The hammer that shattered the drone which kept us all in line - servants to the man? I do. I begged the hammer to be thrown and cheered when the glass shattered. I evangelized for the awakening
-
Hi all, I am trying to sort an array using Bubble sort, But it can't seem to work. can you please look at my code below and tell me where I am going wrong bubbleSort class public class bubbleSort { int size; int[] array; public bubbleSort
-
Odd iPhone DHCP behavior.
I'm getting strange ARP/DHCP behavior with an iphone on a local network. The output from arpwatch (on a linux system) shows: May 14 12:23:43 milonga arpwatch: bogon 0.0.0.0 0:1b:63<protected> eth0 May 14 12:23:44 milonga arpwatch: bogon 0.0.0.0 0:1b:
-
VPN ACL IP range - IP range not working
Hi I'm having a smaller problem and need some help to clarify it. I'm NAT'ing my inside to my external interface when passing traffic through the VPN So access-list vpn extended permit ip external_interface 192.168.20.1 255.255.255.0 I get hitcounts
-
Master pdf from multiple smaller pdf files
I know that I can merge several pdf files into one larger file and I am having to do so because of a footer that has to be on every single page. My question is.. can I create a "master" pdf which is made up of the other pdf files so that if one is ed