AP problem Cisco aironet 1040

I have a Cisco aironet 1040.
On my Accespoint i have 2 vlans: 1 for my wifi phones and 1 for my network.
Wifi Lan has the SSID LAN with WPA enterprise authentication to a radius server(ms server 2008).
Wifi Phone has SSID PHONE and vlan 50 with local radius authentication.
This Works all fine, Except when i enable AP for my wifi phones.
When AP is enabled the authentication for my lan doesn’t go to my server but local.
How do I configure my accesspoints so that the cisco phones use the local radius server with AP and my windows computers connect using the ms radius server?
Hope some one can help
Attached is my current config.

aaa group server radius rad_eap
server auth-port 1645 acct-port 1646
aaa group server radius WDS-AUTH
server auth-port 1812 acct-port 1813
aaa group server radius VOICE-AUTH
server auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
Both of the SSID are calling to eap_methods.  What you need to do is configure another aaa authentication line:
** aaa authentication login phone_method group VOICE-AUTH**
then call that as your network-eap:
dot11 ssid VOICE
   vlan 50
   authentication network-eap **phone_method**
   authentication key-management cckm
Change/add the lines between the **.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Similar Messages

  • Hello,good day problem with Cisco aironet 1040 series acces point

    Hello good day to all, how to configure cisco aironet 1040 series using web configuration attaching through patch cord without using the console.
    if possible please send me step by step instruction, any help is gladly appreciated.
    thank you in advance, More power
    mel

    helo good day sir,
    this is the first time i configure this device i am using Cisco aironet 1040 for our wireless using POE for power, and using cisco catalyst 2960 as switch
    i jack the patch cord in and its goes on colored green,
    the thing is how i can configure the aironet 1040  sir?
    waiting for a step by step instruction,
    thank you in advance
    mel

  • How to change default admin password on Cisco Aironet 1040

    How do I change the default username and password on the Cisco Aironet 1040. There is a default set and I want to change that to secure the device. I've checked the manual and can't seem to find the directions. Any ideas?

    Hi Brian,
    If this AP is already registered with a WLC then you can change it via WLC.
    In WLC GUI, go to Wireless -> Select the AP -> Credential -> Override Global Credential-> Update username/pw/enable pw
    In WLC CLI, you can configure it like this. If it is for all APs, then select all, otherwise AP name.
    (WLC3) >config ap mgmtuser add username admin password Cisco123 secret Cisco123 ?
    all            Applies the configuration to every AP that does not have a specific user name.
         Enter the name of the Cisco AP.
    (WLC3) >config ap mgmtuser add username password secret
    (WLC3) >save config
    Are you sure you want to save? (y/n) y
    If it is Autonomous AP you can configure using the "username xxxx password xxx" IOS command
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP

    I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
    https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
    But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.

    I did configure the Server 2008 R2 RADIUS Server using this video below: 
    https://www.youtube.com/watch?v=g-0MM_tK-Tk
    I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
    I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this.

  • Slow connection with Cisco Aironet 1040

    I have been racking my brain for a while and cannot figure out why I am not getting 144Mbps out of my Aironet 1040. I was reading a previous thread (
    https://supportforums.cisco.com/thread/2141961) and set it up exactly like it said. I have set the encryption to Cipher AES CCMP and set the SSID to open authentication. I also set the SSID's key management to enable WPA (WPAv2).
    I was reading that WMM has to be set. I have 3 options: Disabled, Legacy, and dot11d. If i chose dot11d I have to put in a coutry code. Problem is there are no options in the country code pull down. I cannot even manually type it in.
    Another problem is that cell phones cannot connect. It keeps saying authentication fails in the log.
    Any reason why I am having such slow speeds?

    WMM is enabled by default, or at least it should be.
    What type of client are you using?  Check the specs of the WNIC, and see how many spatial streams that it supports.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Cisco aironet 1040: create wireless with wpa2 and mac authentication

    Hi,
    I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
    I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
    Can anyone help me? thanks
    Hi,
    I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
    I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
    Can anyone help me? thanks

    ap#show configuration
    Using 2085 out of 32768 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname ap
    logging rate-limit console 9
    aaa new-model
    aaa group server radius rad_eap
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login default local
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 syslog
    dot11 ssid Svez
       authentication open mac-address mac_methods
       authentication key-management wpa version 2
    username 00907a0f2a55 password 7 1249554E425C0D542C79257D66
    username 00907a0f2a55 autocommand exit
    username administrator privilege 15 password 7 033449040A0620425A0D15564F42
    username 0025d3db778b password 7 055B565D74481D0D1B52404A09
    username 0025d3db778b autocommand exit
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers tkip
    ssid Svez
    antenna gain 0
    station-role root
    world-mode legacy
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address dhcp client-id GigabitEthernet0
    no ip route-cache
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    radius-server attribute 32 include-in-access-req format %h
    radius-server vsa send accounting
    bridge 1 route ip
    line con 0
    line vty 0 4
    end
    ap#

  • Problem username &password in cisco aironet 802 11n

    HI all ,
    I will configure a new AP wireless cisco aironet 802 11n Dual band access  , but i'm blocking in username and password can you anyone help me please how can i recovery this login

    Hi Hossam,
    The default username and password, "Cisco".
    Password Recovery Procedure:
    https://supportforums.cisco.com/docs/DOC-4532
    Regards
    Dont forget to rate helpful posts.

  • How many users are supported on a Cisco Aironet 1141N? 30?

    I have a client that wants to upgrade his Aironet 1131 APs with 1141N.  How many users are supported on a Cisco Aironet 1141N?

    Yes, you could have 30 clients on the AP. 
    Client density all depends on what the client is doing, really.
    So if you have clients that are just web surfing and pulling email 30+ isn't a problem.  If they are all streaming video, then you want to plan for less clients per AP, and more APs.
    Steve

  • Cisco Aironet 1300 QoS

    Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
    Using 1283 out of 32768 bytes
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname LHS-WeightRoom-WCV
    ip subnet-zero
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    dot11 ssid wcv
    authentication open
    guest-mode
    dot11 ssid wcvcisco
    authentication open
    infrastructure-ssid optional
    username root privilege 15 password 7 0247335A05320A2244
    username Cisco privilege 15 password 7 074E164D403D1C061F
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    ssid wcv
    ssid wcvcisco
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
    54.0
    station-role root bridge
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    bridge-group 1
    bridge-group 1 spanning-disabled
    hold-queue 80 in
    interface BVI1
    ip address 10.141.8.6 255.255.254.0
    no ip route-cache
    ip default-gateway 10.141.8.5
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    control-plane
    bridge 1 route ip
    line con 0
    line vty 0 4
    end

    Here is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
    http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html

  • CISCO Aironet 700w

    Can a CISCO Aironet 700w be set up as  Antonius Access Point ? I was able to set up 700i OK no problem
    Need to Set it up for WIFI site Survey Active to test coverage

    The 700W series access point contains two simultaneous dual-band radios, the 2.4 GHz and 5 GHz 802.11n MIMO radios, in a controller-based mode.
    Source: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/702W/quick/guide/ap702Wgetstart.html

  • Cisco Aironet 1131G cannot access BVI

    I have configure our Cisco Aironet 1131G with Multiple SSID with VLAN's
    The Guest VLAN is working well and no problem,
    The issue i have is that I cannot connect to the BVI on the Wireless AP, i have setup to VLAN's
    2 = LAN & NATIVE VLAN
    999 = GUEST VLAN
    this is my config
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname NAFTA_AP_003
    logging rate-limit console 9
    aaa new-model
    aaa group server radius rad_eap
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa group server radius rad_eap2
    server 10.1.122.50 auth-port 1645 acct-port 1646
    aaa authentication login default local
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authentication login eap_methods2 group rad_eap2
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 mbssid
    dot11 syslog
    dot11 vlan-name GUEST vlan 999
    dot11 vlan-name LAN vlan 2
    dot11 ssid Nufarm_EXT
       vlan GUEST
       authentication open
       authentication key-management wpa
       mbssid guest-mode
       wpa-psk ascii 7 053B0918245E6308015546
    dot11 ssid Nufarm_INT
       vlan 2
       authentication open eap eap_methods2
       authentication network-eap eap_methods2 mac-address mac_methods
       authentication key-management wpa
    username nemesis privilege 15 secret 5 $1$SjHa$TGIGBh.IhLNgflxBreKYf.
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan GUEST mode ciphers aes-ccm tkip
    encryption vlan 2 mode ciphers tkip
    ssid Nufarm_EXT
    ssid Nufarm_INT
    channel 2422
    station-role root
    interface Dot11Radio0.2
    encapsulation dot1Q 2 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.999
    encapsulation dot1Q 999
    no ip unreachables
    no ip proxy-arp
    no ip route-cache
    no cdp enable
    bridge-group 255
    bridge-group 255 subscriber-loop-control
    bridge-group 255 block-unknown-source
    no bridge-group 255 source-learning
    no bridge-group 255 unicast-flooding
    bridge-group 255 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    dfs band 3 block
    channel dfs
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface FastEthernet0.2
    encapsulation dot1Q 2 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface FastEthernet0.999
    encapsulation dot1Q 999
    no ip unreachables
    no ip route-cache
    no cdp enable
    bridge-group 255
    no bridge-group 255 source-learning
    bridge-group 255 spanning-disabled
    interface BVI1
    ip address 10.1.2.242 255.255.255.0
    no ip route-cache
    ip default-gateway 10.1.2.254
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 10.1.122.50 auth-port 1645 acct-port 1646 key 7 03516213160B73435E0C2D16110504
    radius-server vsa send accounting
    bridge 1 route ip
    line con 0
    line vty 0 4
    end

    Ah, yeah that would do it, makes the swich want the VLAN to be tagged.  Nice catch on that!
    HTH,
    Steve
    Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

  • Configuring Aironet 1040 with WPA2-PSK

    I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
    This is what I have so far:
    Current configuration : 1684 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname ap1
    logging rate-limit console 9
    enable secret 5 $1$q9i9$V8Z042Zif0H7t4qN5awMM.
    no aaa new-model
    ip domain name Office
    dot11 syslog
    dot11 ssid WLAN
       vlan 30
       authentication open
    username Cisco password 7 05280F1C2243
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers tkip
    ssid WLAN
    antenna gain 0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    ssid WLAN
    antenna gain 0
    dfs band 3 block
    channel dfs
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 192.168.2.2 255.255.255.0
    no ip route-cache
    ip default-gateway 192.168.2.1
    ip http server
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    access-list 111 permit tcp any any neq telnet
    bridge 1 route ip
    line con 0
    access-class 111 in
    line vty 0 4
    access-class 111 in
    login local
    end

    OK, I figured out some of what was going on. The admin account was set to read only instead of read/write, and both radios had not been added to my VLAN. Now I have successfully (?) configured WPA2-PSK on both wireless access points, and they are broadcasting their SSIDs, but I am unable to connect to them for an unknown reason. I am prompted for the pre shared key and then the connection fails. Hmm...

  • Configuration of a Point to MultiPoint link with Cisco Aironet 1310 bridges

    Hi All,
    The previous problem of which I started another conversation here:
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddba023
    somehow dissapeared. It could have been a problem of interferences.
    I have another issue with other (multipoint) wireless WAN link, which I hope has a solution.
    On the central node, we have an Cisco Aironet 1310 bridge configured as root-bridge. It has a panel of four vertical polarity 17 dBi panel 90? antennas, with more than enough gain (there is a 250 mWatts 802.11 b/g amplifier, before the 4-way splitter) and excellent line of sight to three remote bridges.
    The three (03) remote bridges are also Aironet 1310 models, confidured as non-root-bridges.
    The problem we have is that it seems that when the three remote links operate concurrently the amount of lost packets is huge. When I shutdown the radio interfaces of two bridges, the remaining bridge makes an excellent link with the central node.
    It seems that some hours are more critical than others, also the links operate much worse when there is some (small) network traffic in them.
    I have read the 1310 manuals, and I can't find a sample configuration for point to multi-point links.
    Does someone knows what radio interface configuration should I need to use to establish better quality communication?
    I mean, perhaps the 1 x root - 3 x no root configuration is not recommendable for the multipoint link configuration.
    Any hints will be welcome.
    Best Regards,
    Igor Sotelo.

    Hi All,
    Thank you for the information. I configured the distance on the root bridges, but the links showed instability.
    I'm using a bi-directional amplifier. It has two pieces. According to the manuals, one is installed indoors, the other outdoors. I'm not sure if the indoors piece has the transmition module or it's only the injector.
    We could establish connection at 7 km (around 4 milles) distance from the central point, using 24 dBi antennas on the other side.
    However, we have issues with a near located point that is only 1.2 Km (around 0.8 milles) away and has a 13 dBi integrated patch antenna. The signal strenght value we get there is in the -62 to -68 dBm range, and is noticiably (5-10 dBm) lower than the strenght we get at other points of the link. And I have trouble establishing a high quality link with that point, using OFDM modulation. I tend to think that if I remove the amplifier I'm not going to reach that point at all. The EIRP on the central iste is 34 dBm / 2.5 watts, without amplifier it would be 26 dBm / 0.4 watts.
    On the opposite sites the EIRP is 33 dBm / 2 watts using CCK or 28 dBm / 0.63 watts using OFDM.
    When one looks at the central site from that point, an Motorola Canopy with passive reflector (EIRP 48 dBm or around 64 watts) can be seen. It doesn't have the same direction, but the opposite site must be large distance and could interfere with my wireless network. Attached is an amplified photo of the view. It's safe to assume that the Canopy operates in the 2.4 GHz frequency range.
    Once I connect the point at 1.2 Km, the multipoint link loses its quality, and soon the lost packets get too frequent.
    The CCK seems to be much more interfered than OFDM, I guess because of that canopies.
    Another thing I'm wondering about is if the Aironet 1310 can continuosly switch CCK-OFDM over the same point - multipoint link, without losing packets.
    What other parameters should I tweak? Is there a way to avoid interferences fromt the canopy?
    I would like to apply 100 mWatts local power using the radio with OFDM, but it seems that's not possible.
    Best Regards,
    Igor Sotelo.

  • Aironet 1040 Series Apple frequently drops

    I'm running Cisco Aironnet 1040 series routers and all my Apple computers (NOT iPhones or iPads just the computers) continue to get dropped by the routers. The time ranges anywhere from less than a minute to an hour, depending how many clients are connected. I have no trouble at all with any mobile devices and none with non apple computers. This has been going on since we've bought them last year. I'm trying to use WPA authentication. I've read forums and places where you can use MAC authentication and the problem seems to go away. That's not an ideal option for as many clients as I have on the network. I've attempted to update the software, revert the software and reset to default. Nothing has made any difference at all. I've also tried changing the channel it broadcasts on, with no luck. I've double checked the firmware on the Apple computers and they are up to date. My configuration is below.....Any ideas on what I can change or do I need to pursue a different router that isn't Cisco?
    show run
    Building configuration...
    Current configuration : 1401 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname 3FN
    logging rate-limit console 9
    enable secret 5 $1$fMiK$UE/.aUuGGZiuvi17KWbPM0
    no aaa new-model
    dot11 syslog
    dot11 ssid danielwpa
       authentication open
       authentication key-management wpa version 2
       wpa-psk ascii 7 15435C5F517E7871793237
    username Cisco password 7 1531021F0725
    username Admin privilege 15 password 7 06525C7442595A40
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm tkip
    ssid danielwpa
    antenna gain 0
    channel 2437
    station-role root
    world-mode legacy
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.1.0.154 255.0.0.0
    no ip route-cache
    ip default-gateway 10.0.0.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    line con 0
    line vty 0 4
    login local
    transport input all
    end

    Going through the logs I see the MAC addresses of my computers that are disconnected with it saying:
    *Mar 17 18:19:55.169: %DOT11-4-MAXRETRIES: Packet to client 74e5.43cf.b184 reached max retries, removing the client
    *Mar 17 18:19:55.175: %DOT11-4-MAXRETRIES: Packet to client c09f.4227.2cfc reached max retries, removing the client
    *Mar 17 18:19:55.179: %DOT11-4-MAXRETRIES: Packet to client 80c1.6e1c.ef26 reached max retries, removing the client
    Not sure if that helps at all or not. I see plenty of logs showing my computer connecting just fine and moving from one AP to another but it appears to timeout (rather quickly I might add) and drop the connection. So it's obviously something with the router. I can always connect right back to the network without a problem. It doesn't ask for a password or anything.

  • Unstable Cisco Aironet 1231

    I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
    I have one SSID and uses WPA-PSK (TKIP).
    The configuration seams wary straight forward, but something is wrong.
    The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
    What could be the course of instability?
    The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
    Best Regards
    Martin
    AP1#sh run
    Building configuration...
    Current configuration : 2227 bytes
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname AP1
    enable secret xxx
    clock timezone GMT 1
    ip subnet-zero
    ip domain name mydom.com
    aaa new-model
    aaa group server radius rad_eap
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 ssid myssid
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii xxx
    username Cisco password xxx
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers tkip
    ssid myssid
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2412
    station-role root
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no cdp enable
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    hold-queue 160 in
    interface BVI1
    ip address 192.168.1.105 255.255.255.0
    no ip route-cache
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    access-list 111 permit tcp any any neq telnet
    no cdp run
    radius-server local
    no authentication leap
    no authentication mac
    radius-server attribute 32 include-in-access-req format %h
    radius-server vsa send accounting
    control-plane
    bridge 1 route ip
    line con 0
    access-class 111 in
    line vty 0 4
    access-class 111 in
    sntp server 212.242.xx.207
    sntp broadcast client
    end
    AP1#

    A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
    The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
    Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
    "Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
    If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
    Good Luck
    Scott

Maybe you are looking for

  • How can I get the love back?

    Remember the anthem in 1984? The call for independence? The hammer that shattered the drone which kept us all in line - servants to the man? I do. I begged the hammer to be thrown and cheered when the glass shattered. I evangelized for the awakening

  • Problem with sorting

    Hi all, I am trying to sort an array using Bubble sort, But it can't seem to work. can you please look at my code below and tell me where I am going wrong bubbleSort class public class bubbleSort {     int size;     int[] array;     public bubbleSort

  • Odd iPhone DHCP behavior.

    I'm getting strange ARP/DHCP behavior with an iphone on a local network. The output from arpwatch (on a linux system) shows: May 14 12:23:43 milonga arpwatch: bogon 0.0.0.0 0:1b:63<protected> eth0 May 14 12:23:44 milonga arpwatch: bogon 0.0.0.0 0:1b:

  • VPN ACL IP range - IP range not working

    Hi I'm having a smaller problem and need some help to clarify it. I'm NAT'ing my inside to my external interface when passing traffic through the VPN So access-list vpn extended permit ip external_interface 192.168.20.1 255.255.255.0 I get hitcounts

  • Master pdf from multiple smaller pdf files

    I know that I can merge several pdf files into one larger file and I am having to do so because of a footer that has to be on every single page. My question is.. can I create a "master" pdf which is made up of the other pdf files so that if one is ed