Bridge Autonomous 1252 AP to lightweight WLAN

I have a Cisco WLC 5508 managing several 1252s in lightweight mode.  There is a portable across campus that has a standalone network but no cabling to tie in to the corporate network.  I have another 1252 that is in autonomous mode.  Could I essentially configure that as a bridge with the same security and SSID in order to bridge the corporate WLAN?  If not, what are my options?  Regards, Dee

Thanks for your response, Stephen.  I'm a little familiar with WGB and have read how you can set up APs to be bridges etc.  Considering that I have a WLC managing several Lightweight APs that make up a WLAN w/ WPA2 and a SSID, how would I implement WGB from the WLC/Lightweight AP's to bridge to the unwired, autonomous AP or Vice Versa.  Which AP would be the root?
Just a bit more information if you could.  I really appreciate it.
Regards,
Dee

Similar Messages

  • Autonomous 1252 converted to CAPWAP will not join 5508 WLC

    WLC 5508 firmware is v6.0.188.0
    I've tried updating the autonomous 1252 via both the upgrade tool 3.4 and 'archive download-sw' from the CLI
    I've tried multiple recovery images
    c1250-rcvk9w8-tar.124-21a.JA2.tar
    c1250-rcvk9w8-tar.124-10b.JDA.tar
    After AP reboots with recovery image it joins WLC and downloads new CAPWAP image then reboots again
    AP will not rejoin WLC with updated CAPWAP firmware
    Any help with this is greatly appreciated!
    Thanks in advance and happy holidays,
    Scott
    Error Msg from 1252 console
    *Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
    *Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
    *Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
    Additional info
    WLC Debugs Enabled:
    MAC address ................................ c4:7d:4f:39:31:e2
    Debug Flags Enabled:
      aaa detail enabled.
      capwap error enabled.
      capwap critical enabled.
      capwap events enabled.
      capwap state enabled.
      dtls event enabled.
      lwapp events enabled.
      lwapp errors enabled.
      pm pki enabled.
    WLC Debug Output:
    *Dec 18 10:51:51.575: dtls_conn_hash_search: Connection not found in hash table - Table empty.
    *Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: called to get cert for CID 154c7072
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: called to get key for CID 154c7072
    *Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: match in row 2
    *Dec 18 10:51:51.692: acDtlsCallback: Certificate installed for PKI based authentication.
    *Dec 18 10:51:51.693: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=0
    *Dec 18 10:51:51.693: local_openssl_dtls_record_inspect:   msg=ClientHello len=44 seq=0 frag_off=0 frag_len=44
    *Dec 18 10:51:51.693: openssl_dtls_process_packet: Handshake in progress...
    *Dec 18 10:51:51.693: local_openssl_dtls_send: Sending 60 bytes
    *Dec 18 10:51:51.694: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227
    *Dec 18 10:51:51.694: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=1
    *Dec 18 10:51:51.694: local_openssl_dtls_record_inspect:   msg=ClientHello len=76 seq=1 frag_off=0 frag_len=76
    *Dec 18 10:51:51.695: openssl_dtls_process_packet: Handshake in progress...
    *Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
    *Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
    *Dec 18 10:51:51.696: local_openssl_dtls_send: Sending 314 bytes
    *Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227
    *Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=2
    *Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=0 frag_len=519
    *Dec 18 10:51:51.712: openssl_dtls_process_packet: Handshake in progress...
    *Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227
    *Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=3
    *Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=519 frag_len=519
    *Dec 18 10:51:51.713: openssl_dtls_process_packet: Handshake in progress...
    *Dec 18 10:51:51.713: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227
    *Dec 18 10:51:51.713: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=4
    *Dec 18 10:51:51.713: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=1038 frag_len=108
    *Dec 18 10:51:51.714: sshpmGetIssuerHandles: locking ca cert table
    *Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_alloc() for user cert
    *Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_decode()
    *Dec 18 10:51:51.719: sshpmGetIssuerHandles: <subject> C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1250-c47d4f3931e2, [email protected]
    *Dec 18 10:51:51.719: sshpmGetIssuerHandles: <issuer>  O=Cisco Systems, CN=Cisco Manufacturing CA
    *Dec 18 10:51:51.719: sshpmGetIssuerHandles: Mac Address in subject is c4:7d:4f:39:31:e2
    *Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert Name in subject is C1250-c47d4f3931e2
    *Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
    *Dec 18 10:51:51.719: sshpmGetCID: called to evaluate <cscoDefaultMfgCaCert>
    *Dec 18 10:51:51.719: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *Dec 18 10:51:51.719: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *Dec 18 10:51:51.719: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *Dec 18 10:51:51.719: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *Dec 18 10:51:51.719: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *Dec 18 10:51:51.719: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: called to get cert for CID 2ab15c0a
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.719: ssphmUserCertVerify: calling x509_decode()
    *Dec 18 10:51:51.730: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (current): 2009/12/18/15:51:51
    *Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotBefore): 2009/11/03/00:47:36
    *Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotAfter): 2019/11/03/00:57:36
    *Dec 18 10:51:51.730: sshpmGetIssuerHandles: getting cisco ID cert handle...
    *Dec 18 10:51:51.730: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: called with 0x1f1f3b8c
    *Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: freeing public key
    *Dec 18 10:51:51.731: openssl_shim_cert_verify_callback: Certificate verification - passed!
    *Dec 18 10:51:51.732: openssl_dtls_process_packet: Handshake in progress...
    *Dec 18 10:51:52.155: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227
    *Dec 18 10:51:52.155: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=5
    *Dec 18 10:51:52.155: local_openssl_dtls_record_inspect:   msg=ClientKeyExchange len=258 seq=3 frag_off=0 frag_len=258
    *Dec 18 10:51:52.269: openssl_dtls_process_packet: Handshake in progress...
    *Dec 18 10:51:52.269: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227
    *Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=6
    *Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=CertificateVerify len=258 seq=4 frag_off=0 frag_len=258
    *Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=ChangeCipherSpec epoch=0 seq=7
    *Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=1 seq=0
    *Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=Unknown or Encrypted
    *Dec 18 10:51:52.273: openssl_dtls_process_packet: Connection established!
    *Dec 18 10:51:52.273: acDtlsCallback: DTLS Connection 0x167c5c00 established
    *Dec 18 10:51:52.273: openssl_dtls_mtu_update: Setting DTLS MTU for link to peer 192.168.100.54:62227
    *Dec 18 10:51:52.273: local_openssl_dtls_send: Sending 91 bytes
    *Dec 18 10:53:06.183: sshpmLscTask: LSC Task received a message 4
    Aironet 1252 Console Debug:
    *Dec 16 11:07:12.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Dec 18 15:51:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
    *Dec 18 15:51:40.999: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *Dec 18 15:51:41.695: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
    *Dec 18 15:51:41.699: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
    *Dec 18 15:51:41.699: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
    *Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
    *Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
    *Dec 18 15:51:46.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
    *Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
    *Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
    *Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
    *Dec 18 15:52:39.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.100.2:5246
    *Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Dec 18 15:52:40.059: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Dec 18 15:52:40.063: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
    *Dec 18 15:52:40.079: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Dec 18 15:52:40.079: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Dec 18 15:52:50.059: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Dec 18 15:52:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
    *Dec 18 15:52:50.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
    *Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
    *Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
    *Dec 18 15:52:55.691: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
    *Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
    *Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
    *Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.1

    Nathan and Leo are alluding to CSCte01087. Basically the caveat is that DTLS fails on a non-00:xx:xx:xx:xx:xx L2 first hop. e.g. if the APs are on the same VLAN as the management interface, they must have 00 MACs; if they are on a different VLAN, the WLC/AP gateway must have a 00 MAC. If the workaround below does not suit your environment, open a TAC case for an image with the fix.
      Symptom:
    An access point running 6.0.188.0 code may be unable to join a WLC5508.
    Messages similar to the following will be seen on the AP.
       %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
       %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
    Conditions:
    At least one of the following conditions pertains:
    - The high order byte of the AP's MAC address is nonzero, and the AP is in
    the same subnet as the WLC5508's management (or AP manager) interface
    - The WLC's management (or AP manager) interface's default gateway's
    MAC address' high order byte is nonzero.
    Workaround:
    If the MAC address of the WLC's default gateway does not begin with 00,
    and if all of the APs' MAC addresses begin with 00, then: you can put
    the APs into the same subnet as the WLC's management (or AP manager)
    interface.
    In the general case, for the situation where the WLC's default gateway's
    MAC does not begin with 00, you can address this by changing it to begin
    with 00. Some methods for doing this include:
    -- use the "mac-address" command on the gateway, to set a MAC address
    that begins with 00
    -- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
    IP as the WLC's gateway.
    For the case where the APs' MAC addresses do not begin with 00, then make
    sure that they are *not* in the same subnet as the WLC's management
    (AP manager) interface, but are behind a router.
    Another workaround is to downgrade to 6.0.182.0.  However, after
    downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
    (i.e. 12.4(21a)JA2) still installed on them will be unable to join.
    Therefore, after downgrading the WLC, the APs will need to have a
    pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.

  • Aironet Autonomous 1252 CLI command 802.11n disable

    hi,
    I am using Aironet Autonomous 1252 AP. The version used is:
    Cisco IOS Software, C1260 Software (AP3G1-K9W7-M), Version 12.4(25d)JA1, RELEASE SOFTWARE (fc1)
    I want to disable 802.11n on 2.4GHz interface. Please tell the CLI command to do this.
    Thanks in advance.
    uv.

    Why you want to disable 802.11n data rates ?
    There are few other ways as well. For 802.11n you should have following
    1. WMM enable
    2. either Open Authentication or WPA2/AES
    So if you are not using 1 & 2 both, you won't get 802.11n data rates. Refer this
    https://supportforums.cisco.com/discussion/12078656/aironet-ap-1252-how-use-80211g-only
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Convert Autonomous IOS AP to Lightweight IOS AP

    Convert  Autonomous IOS AP to Lightweight IOS AP.  Copy Lightweight IOS to AP
    razizov-02#sh flash:
    Directory of flash:/
        2  -rwx       88707   Mar 1 1993 15:50:19 +00:00  event.log
        3  drwx           0   Mar 1 1993 00:00:12 +00:00  configs
        4  -rwx          64  Mar 19 1993 01:17:45 +00:00  sensord_CSPRNG1
        5  -rwx          64   Mar 1 1993 00:00:34 +00:00  sensord_CSPRNG0
        6  drwx         960   Jan 1 1970 00:09:06 +00:00  ap3g2-k9w7-mx.152-2.JB
      205  -rwx    11458560   Mar 1 1993 01:40:22 +00:00  ap3g2-k9w8-tar.152-2.JB3.tar
     But that does not converts. What am I doing wrong? (AP 3600i)

    ap3g2-k9w8-tar.152-2.JB3.tar
    Look at the filename extension.  It's a .TAR.  You need to unpack this using the command "archived download-sw flash:ap3g2-k9w8-tar.152-2.JB3.tar".
    Once the unpack is complete, reboot the AP.

  • Can an autonomous 1252 be converted to Lightweight AP?

    I have incorrectly received a 1252 AP (model number AIR-AP1252AS-E-K9) and was hoping to convert this to a lightweight AP. But in the documentation this device is missing from the list of devices that can be converted.
    I am also unable to find an upgrade tool for this model.
    Is it possible to convert this device?

    Someone on the forum used the latest upgrade tool and siad he was able to convert the 1252 to LWAPP. You can try it or else here are some steps from another member on converting these ap's:
    Here is a method to do the conversion.
    *Method 1 : ( Mode Button )*
    1. Install an external TFTP tool such as tftpd32 tool from http://tftpd32.jounin.net/
    2. Assign IP address in the range 10.0.0.2 - .254 ( Ex : 10.0.0.3) to the tftp server (your laptop or pc).
    3. Download the IOS to lwapp image onto the tftp's root directory. Use http://www.cisco.com or
    http://tools.cisco.com/support/downloads/go/IPCheck.x?defAdv=N&sftAdv=N&image=c1250-rcvk9w8-tar.124-10b.JA3&filepath=/swc/esd/02/crypto/3DES/281235915/guest&filename=c1250-rcvk9w8-tar.124-10b.JA3&advUrl=null&isk=Y&defInd=N&mdfid=281235915&sftType=Autonomous%20To%20Lightweight%20Mode%20Upgrade%20Image&optPlat=&relVer=12.4(10b)JA3&fileId=271159&treeMdfId=278875243&treeName=Wireless
    4. Rename c1250-rcvk9w8-tar.124-10b.JA3 to c1250-rcvk9w8-tar.default
    5. Make sure you set the IP address on the BVI interface of the AP if not set. Set it in the 10.0.0.x range. Default is 10.0.0.1.
    6. Connect the Ethernet port on AP to your TFTP Server ( Laptop )
    7. Hold the mode button and power off the AP.
    8. Power back the AP while continually holding the mode button for 20-30
    seconds.
    *Method 2 : ( Archive Command )*
    1. Install an external TFTP tool such as tftpd32 tool from http://tftpd32.jounin.net/
    2. Assign IP address in the range 10.0.0.2 - .254 ( Ex : 10.0.0.3) to the tftp server (your laptop or pc).
    3. Download the IOS to lwapp image onto the tftp's root directory. Use http://www.cisco.com or
    http://tools.cisco.com/support/downloads/go/IPCheck.x?defAdv=N&sftAdv=N&image=c1250-rcvk9w8-tar.124-10b.JA3&filepath=/swc/esd/02/crypto/3DES/281235915/guest&filename=c1250-rcvk9w8-tar.124-10b.JA3&advUrl=null&isk=Y&defInd=N&mdfid=281235915&sftType=Autonomous%20To%20Lightweight%20Mode%20Upgrade%20Image&optPlat=&relVer=12.4(10b)JA3&fileId=271159&treeMdfId=278875243&treeName=Wireless
    4. Make sure you set the IP address on the BVI interface of the AP if not set. Set it in the 10.0.0.x range. Default is 10.0.0.1.
    5. Connect the Ethernet port on AP to your TFTP Server ( Laptop )
    6. On AP, type archive download-sw /overwrite /force-reload tftp:///c1250-rcvk9w8-tar.124-10b.JA3
    Going the other way (lwapp to autonomous)
    http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp161272
    If you need to manually "prime" the LWAPP:
    AP#lwapp ap ip address
    AP#lwapp ap ip default-gateway
    AP#lwapp ap controller ip address
    AP#lwapp ap hostname
    (optional)

  • Wireless AP 1041 Autonomous to Lightweight

    Is it possible to convert a 1041 in Autonomous AP mode to Lightweight? Since on the cco page there is no upgrade tool under the 1040 series AP,
    and also i didnt find any document with the procedure.
    Thanks in advace.
    Nuno

    Yes,
    Here
    https://supportforums.cisco.com/thread/2065677

  • Wireless Bridge Management options

    Hello,
    I am really new to Wireless Solution. What will be the best management option for the Cisco 1310 or 1410 being used as Bridge(Pairs: Root and Non-Roots)? I am planning to use WLSE for managing 1410 Bridges as suggested in the Cisco Docments but at the same time in one of the documents they are suggesting to migrate from WLSE to WCS!Is it advisable to use WCS instead of WCS for Wireless Bridges? What will you recommend?
    Please advice. Thank you.

    Unfortunately, WCS isn't an option. There is currently no bridging option for Cisco's lightweight solution, and WCS only manages lightweight access points.
    So while WLSE is your only option, it's also EOS/EOL. So... yeah... Cisco needs to step it up and give us some options here.
    Sorry, probably not what you expected to hear :/ You might want to look at a third-party management platform like AirWave, since Cisco doesn't actually have a living solution for autonomous bridging management.

  • Is it possible to config H-REAP/REAP and CAPWAP in Autonomous mode with a WLC?

    I'm going to deploying all new AP as Remote-Edge AP and they will be shipped straight to site.  With a pool of WLCs deployed in central DC locations.  I would like to get local staff to deploy a basic CLI discovery script for the APs.  However, i thought LAPs don't have CLI???
    I'm thinking I must use a Lightweight AP with the WLC to use Remote-Edge AP functionality - However, I'm not sure... the configuration example at the bottom doesn't state whether it an Autonomous AP or a Lightweight one.  
    http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml
    H-REAP Controller Discovery using CLI commands
    H REAPs will most commonly discover upstream controllers via DHCP option 43 or DNS resolution. Without either of these methods available, it may be desirable to provide detailed instructions to administrators at remote sites so that each H REAP may be configured with the IP address of the controllers to which they should connect. Optionally, H REAP IP addressing may be set manually as well (if DHCP is either not available or not desired).
    This example details how an H REAP's IP address, hostname, and controller IP address may be set through the console port of the access point.
    AP_CLI#capwap ap hostname ap1130ap1130#capwap ap ip address 10.10.10.51 255.255.255.0ap1130#capwap ap ip default-gateway 10.10.10.1ap1130#capwap ap controller ip address 172.17.2.172
    Could anyone help?
    Cheers
    Adrian.

    Hi Adrian,
    Further down in the doc you linked;
    H-REAP Controller Discovery using CLI commands
    H REAPs will most commonly discover upstream controllers via DHCP       option 43 or DNS resolution. Without either of these methods available, it may       be desirable to provide detailed instructions to administrators at remote sites       so that each H REAP may be configured with the IP address of the controllers to       which they should connect. Optionally, H REAP IP addressing may be set manually       as well (if DHCP is either not available or not desired).
    This example details how an H REAP's IP address, hostname, and       controller IP address may be set through the console port of the access       point.
    AP_CLI#capwap ap hostname ap1130
    ap1130#capwap ap ip address 10.10.10.51 255.255.255.0
    ap1130#capwap ap ip default-gateway 10.10.10.1
    ap1130#capwap ap controller ip address 172.17.2.172
    Note: Access points must run the LWAPP-enabled IOS® Recovery Image Cisco           IOS Software Release 12.3(11)JX1 or later, in order to support these CLI           commands out of the box. Access points with the SKU prefix of LAP (for example,           AIR-LAP-1131AG-A-K9), shipped on or after June 13, 2006 run Cisco IOS Software           Release 12.3(11)JX1 or later. These commands are available to any access point           that ships from the manufacturer running this code level, has the code upgraded           manually to this level, or is upgraded automatically by connecting to a           controller running version 6.0 or later.
    These configuration commands are only accepted when the access point is       in Standalone mode.
    Cheers!
    Rob

  • 802.11N used as a Bridge -- What antenna spacing for Yagis?

    We want to do a 1km P2P Bridge using 1252 APs and 3 Yagi antennas.
    Q: Can I stack the Yagis vertically on a single pole, or should they be side by side horizontally on 3 separate poles?
    Q: What antenna spacing? I was going to use only about 3 wavelengths -- about 15 inches.
    Thanks,
    Tim

    Just keep in mind that bridging 1252's is not officially supported by Cisco (see link below when I asked).
    You should also verify that you can use Yagi's on a 1252. The last time I checked, Cisco did list any Yagi's for the 1252 (which, from an FCC perspecive, I think means you can't use ANY Yagi antenna with a 1252).
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cd28df1/1#selected_message
    Y

  • Is there any 802.11n wireless bridge or some bridge throughput close to 100M?

    Hi All,
    I'm looking for some enterprise wireless bridge. Is there any cisco 802.11n wireless bridge on the market? or some bridge close to 100Mbps throughput? Thanks.
    Lou

    Hi;
    I'm investigating the exact same thing. After seeing the caveat in the 1250 install guide that said "Don't use it as a bridge!"  (http://www.cisco.com/en/US/docs/wireless/access_point/1250/installation/guide/125h_c1.html) , I called the Cisco WiFi sales engineer assigned to our region, the brilliant and lovely Ms. K.
    She clarified some items for me.
    802.11n relies on several things for increased speed, two of which are multiple spacial data streams (currently two) and the 40MHz increased channel width. When you do point-point, apparently there is just not as much multipoint benefit. She said we would be lucky to see more than 50 Mbps real throughput on a bridge using 1252s at 100m range. BTW, she said that even though the install guide says the 1252s could not be used in bridge mode, she thought it would work; perhaps the 2007 guide is outdated.
    So, we are going to get some antennas and test this. Will try to report back on the results.
    Regarding Exalt, she did confirm that at present Cisco is re-branding and selling them as OEM and support would be direct through Exalt, not TAC. She would not speculate on looming acqusitions, but did jokingly observe that in the past, all the companies that Cisco absorbed went through an OEM re-sell phase ;p
    http://www.exaltcom.com/sublanding.aspx?id=1512
    Steve

  • Use network bridge on Laptop

    Hi,
    on my Desktop PC I use a bridge to be able to use VMs that are automatically integrated in the network.
    I wanted to have the same setup on my laptop to have a as similar as possible environment.
    However I failed to do so: I currently use NetworkManager to manage different WiFi Profiles. My first idea was to create a bridge with netctl, attach ethernet and wlan NIC to it and run dhcpcd on it. Then I tried to disable automatic IP (i.e. DHCP) on the network profiles. However I could not get it to work, dhcpcd always reported a timeout.
    I think it would be easier and less error prone (some networks might combine wireless authentication and IP allocation, e.g. eduroam?) to have NetworkManager take care of the IP addresses and simply attach an bridge to the device that VMs or containers can attach to. Is this possible somehow?

    This will not work properly because I switch networks regularly.
    There are two solutions I`ve come up with
    1.: Use etables to mask the MAC address for outgoing packets (NAT on OSI Layer 2) as described on the debian wiki
    2.: Do normal NAT
    I have yet to try those, I will first try to setup etables, this will allow to copy the setup from my desktop PC. If that wont work I use option 2.
    Last edited by SpacePirate (2015-01-18 15:52:33)

  • 2106 and Wired Guest Access

    Hi,
    It seems that the 2100 models do not support wired guest access. I wondered if the following work around might work?
    We are using a 2106 with a wireless guest network anchored to a 5508.
    Would it be possible to configure an Autonomous AP in WGB mode and configure it to connect to the visitor wlan?
    Would wired clients then be able to connect through the autonmous AP and use web authentication?
    Cheers

    I opened a TAC with Cisco.
    Here was the repsonse.
    Unfortunately this is not a supported feature , please have a look at the following
    ·         These lightweight features are supported for use with a workgroup bridge:
    – Guest N+1 redundancy
    – Local EAP
    ·         These lightweight features are not supported for use with a workgroup bridge:
    – Cisco Centralized Key Management (CCKM)
    – Hybrid REAP
    – Idle timeout
    – Web authentication
    Note If a workgroup bridge associates to a web-authentication WLAN, the workgroup bridge is added to the exclusion list, and all of the workgroup bridge wired clients are deleted.
    So it is not possible. Just thought I'd share this in case anyone else came across the same issue.

  • Mesh design question

    Dear Sirs.
    My customer plans to extend existing wireless coverage and upgrade to controller based network.
    Let me shortly describe the situation based on the attached network map.
    RAP points are installed on the buildings, they have wired uplink.
    MAP points are installed outdoors (in the IP66 sealed ABB boxes) on the poles (height 5 m), only power is present on the poles, no wired uplink.
    Now MAPs (Non root bridges) are connected to RAPs (Root bridges) via 5 GHz interface in bridge mode.
    Red points: already installed Autonomous APs, 1242AG model.
    Green points: APs planned for installation.
    1. In order to upgrage to controller base network I want to install two 2504-25 controllers in failover mode. I have AP-to-LWAPP-Upgrade-Tool and is familiar with the image upgrade procedure. However, I have a question: if I upgrade all existing RAPs and MAPs to LWAPP mode, how the MAPs without wired uplinks will connect to RAPs and then to controller? Should I have physical access to their console port to issue some CLI commands to connect to RAPs?
    2. Can 2504 controller be configured for operation in mesh network mode without additional licenses?
    3. For network expansion I plan to install 3502E access points in sealed boxes. I chose them due to separate 2.4 and 5 GHz antenna ports, in order to use omni antennas for 2.4 client coverage and 5 GHz directional antennas for wireless uplinks. The distance between APs is abou 100 - 250 meters. Is it recomended to use directional antennas for wireless uplinks or I can take 1602E (or 2602E) access points and dual band omni antennas and install a good working mesh network with 5 GHz uplinks on omni antennas?
    4. Can 2504 controller work together with 1242AG, 1602E and 3502E points?
    5. How should MAPs be preconfigured to begin working in mesh network after powering them up on the poles on site?
    Kind reagrds
    Alexei

    1. In order to upgrage to controller base network I want to install two 2504-25 controllers in failover mode. I have AP-to-LWAPP-Upgrade-Tool and is familiar with the image upgrade procedure. However, I have a question: if I upgrade all existing RAPs and MAPs to LWAPP mode, how the MAPs without wired uplinks will connect to RAPs and then to controller? Should I have physical access to their console port to issue some CLI commands to connect to RAPs?
    > The MESH AP's along with your other access points (lightweight) will obtain their code from the WLC when they join. I would always stage the MESH AP's prior to mounting them to certify they work and they can form a link. You would need to purchase a power injectors for each RAP and get a AC power adapter for each MAP.
    The Upgrade tool is to only convert autonomous AP's to lightweight. They stopped supporting 802.11n access points in that tool.
    2. Can 2504 controller be configured for operation in mesh network mode without additional licenses?
    > With the newer code version you will be using, yes. You can have both MESH and traditional Local mode or FlexConnect mode access points.
    3. For network expansion I plan to install 3502E access points in sealed boxes. I chose them due to separate 2.4 and 5 GHz antenna ports, in order to use omni antennas for 2.4 client coverage and 5 GHz directional antennas for wireless uplinks. The distance between APs is abou 100 - 250 meters. Is it recomended to use directional antennas for wireless uplinks or I can take 1602E (or 2602E) access points and dual band omni antennas and install a good working mesh network with 5 GHz uplinks on omni antennas?
    > If these are going to be exposed to the outdoor elements, then you need an outdoor antenna. It's hard to say what antenna you need, but if your using a 3502e, make sure you get an antenna that is a 3 lead so you can utilize all 3 antenna ports. Patches are directional, so if you are going MAP to MAP to MAP to RAP for example, you would need an omni. Patch works if your going Fromm MAP to RAP.
    4. Can 2504 controller work together with 1242AG, 1602E and 3502E points?
    > Yes they can. The code you run in the WLC, you need to make sure it's supported by the access points. Here is a compatibility matrix
    http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
    5. How should MAPs be preconfigured to begin working in mesh network after powering them up on the poles on site?
    > Stage them first. Please reference these guides.
    http://www.cisco.com/en/US/docs/wireless/technology/mesh/7.4/design/guide/mesh74_chapter_010.html
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080b1c101.shtml
    Sent from Cisco Technical Support iPhone App

  • WISM at headquarters and 1121G's at WAN sites (T-1)

    I have approximatley 100 1121G aps that were autonomous and coverted to lightweight on my LAN with various wlans. I have 13 WAN sites that are connected T-1 with about 20 1121G's currently in autonomous mode. Can I convert those aps to lightweight and configure them from my controller at headquarters? Its my understanding the AP-1121G-A-K9 is not REAP or H-REAP compatible. If it is possible, is it acceptable that the wlan would associate to the same interface or is that bad design?

    I appreciate your response. Let me clarify the design to see if we are on same page. The WAN wired LAN network would be lets say 10.1.1.x /24. I would configure lets say a couple local networks on the 6509/720 (headquarters) and create interfaces and associate them to a particular wlans with groups and wlan override. Lets say those two networks are 172.16.1.x /24 (EAP-FAST) and 172.16.2.x /24 (WPA-PSK). So at the WAN site there is an EAP-FAST client. They would authenticate/dhcp and get a 172.16.1.5 ip. At another WAN site, same setup with lightweight ap. Client gets a 172.16.1.10 ip. Is all of this feasible and legitimate design?
    2.1

  • Finding the manufacture date on an access point via software

    I'd like to determine the manufacture date of our access points because we plan on converting to LWAPP? Can someone tell me the what CLI command to use and which field has the answer. thanks.

    Hi Thomas,
    Not sure about finding the Manufacture date (maybe you are trying to find out about the presence of a MIC certificate) but we did go through this coversion from Autonomous to Lightweight on our infrastructure last summer.In this process we did convert about 70 1121's and 1231's to LWAPP and it worked very well. Here are some relevant docs;
    Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
    From this excellent doc;
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html
    The following Cisco Aironet access points have the ability to operate as autonomous access points or lightweight access points:
    Cisco Aironet 1240 AG Series Access Points
    Cisco Aironet 1230 AG Series Access Points
    Cisco Aironet 1200 Series Access Points that contain 802.11g (AIR-MP21G-x-K9) and/or second-generation 802.11a radios (AIR-RM21A-x-K9 or AIR-RM22A-x-K9)
    Cisco Aironet 1130 AG Series Access Points
    Cisco Aironet 1100 Series Access Points that contain 802.11g radios (AIR-AP1121G-x-K9)
    Cisco Aironet 1300 Series Access Points/Bridges (AIR-BR1310G-x-K9 or AIR-BR1310G-x-K9-R).
    From this doc;
    http://www.cisco.com/en/US/products/ps6521/prod_bulletin0900aecd80321a2c.html
    Guidelines and Tools for Migrating to the Cisco Unified Wireless Network
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd804f1a23.shtml
    Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs
    LWAPP secures the control communication between the AP and the WLC by means of a secure key distribution. The secure key distribution requires already provisioned X.509 digital certificates on both the LAP and the WLC. Factory-installed certificates are referenced with the term "MIC", which is an acronym for Manufacturing Installed Certificate. Aironet APs that shipped before July 18, 2005, do not have MICs. So these APs create an SSC when they are converted to operate in lightweight mode. Controllers are programmed to accept SSCs for the authentication of specific APs.
    http://www.cisco.com/en/US/products/ps6521/products_configuration_example09186a00806a426c.shtml
    LWAPP Upgrade Tool Troubleshoot Tips
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml
    Also, 5 points for Eric! For all your great work here lately.
    Hope this helps!
    Rob

Maybe you are looking for