Cisco 1142 - DotRadio0 resets
I have a Cisco Aironet 1142 that keeps having issues with DotRadio0 going to a reset state. If I reload it seems to function for awhile and then it happens again shortly there after.
Apr 17 18:08:24.619: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
Apr 17 18:08:25.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
ap# show int desc
Interface Status Protocol Description
BV1 up up
Do0 reset down
Do0.651 reset down
Do0.653 reset down
Do1 up up
Do1.651 up up
Do1.653 up up
Gi0 up up
Gi0.604 up up
Gi0.651 up up
Gi0.653 up up
ap# show version
Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(21a)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 16-Sep-09 18:09 by prod_rel_team
ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
ap uptime is 18 minutes
System returned to ROM by reload
System restarted at 14:15:15 -0400 Wed Apr 17 2013
System image file is "flash:/c1140-k9w7-mx.124-21a.JA1/c1140-k9w7-mx.124-21a.JA1"
I believe the RF is good we have 8 access points through out the building and normally dont have any issues with connectivity. We have not done a site survey yet so that is probaby something we should look into next. Below is the current configuration. To reinterate the AP functions good for awhile and then resets. Upon a reload it works again fine for awhile and resets. I have 4 AP's that are doing the same thing and are placed in various points around the building.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname xxxxxxxx
aaa new-model
aaa group server radius rad_eap
server 10.38.10.33 auth-port 1645 acct-port 1646
server 10.38.10.34 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
server 10.38.10.33 auth-port 1645 acct-port 1646
server 10.38.10.34 auth-port 1645 acct-port 1646
aaa group server radius rad_acct
server 10.38.10.33 auth-port 1645 acct-port 1646
server 10.38.10.34 auth-port 1645 acct-port 1646
aaa group server radius rad_admin
server 10.38.10.33 auth-port 1645 acct-port 1646
server 10.38.10.34 auth-port 1645 acct-port 1646
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
ip domain name panther.com
ip name-server 10.38.10.33
ip name-server 10.38.10.34
dot11 syslog
dot11 vlan-name VLAN604 vlan 604
dot11 vlan-name VLAN651 vlan 651
dot11 vlan-name VLAN653 vlan 653
dot11 ssid PanGuest
vlan 653
authentication open
mbssid guest-mode
dot11 ssid PanWifi
vlan 651
authentication open eap eap_methods
authentication key-management wpa version 2
accounting acct_methods
mbssid guest-mode
username xxxxxxx privilege 15 password 7 xxxxxxxxxxxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 651 mode ciphers aes-ccm
encryption vlan 653 key 1 size 40bit 7 xxxxxxxxxxx transmit-key
encryption vlan 653 mode ciphers wep40
ssid PanGuest
ssid PanWifi
antenna gain 0
mbssid
channel width 40-above
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.651
encapsulation dot1Q 651
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
interface Dot11Radio0.653
encapsulation dot1Q 653
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 651 mode ciphers aes-ccm
encryption vlan 653 key 1 size 40bit 7 xxxxxxxxxxx transmit-key
encryption vlan 653 mode ciphers wep40
ssid PanGuest
ssid PanWifi
antenna gain 0
no dfs band block
mbssid
channel width 40-above
channel dfs
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.651
encapsulation dot1Q 651
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
interface Dot11Radio1.653
encapsulation dot1Q 653
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.604
encapsulation dot1Q 604 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.651
encapsulation dot1Q 651
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
interface GigabitEthernet0.653
encapsulation dot1Q 653
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface BVI1
ip address 10.38.4.18 255.255.255.0
no ip route-cache
ip default-gateway 10.38.4.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.38.10.33 auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
radius-server host 10.38.10.34 auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
radius-server deadtime 60
radius-server vsa send accounting
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
transport input ssh
sntp server 10.38.4.1
sntp broadcast client
end
Similar Messages
-
Cisco 1142 WAP Connection Help
We have a Cisco 1142 WAP connected to a Cisco Wireless Controller in a remote office area. For meetings we wanted to have more hard wired connections in addition to Wifi access for attendee's / presentors etc..My question is if we purchased a Cisco 8 port POE mini switch and put that in the middle between the WAP and Controller would that work? Or is there another business grade solution for a mix of Ethernet ports and Wifi?
Yes, sir. This will work. The only "problem" I see is your 8 port PoE switch. Let me explain:
The good part about Cisco's 8-port PoE switches, the WS-C3560-8PC, is that it is FANLESS. So even if you stick the switch right inside this conference or meeting room, no one will notice it's there (unless of course, one steps on the hot surface or gives the appliance a good kick).
This model has a 1Gig SFP or RJ45 port uplink.
Now the downside is not really that significant, unless you want to be pedantic about it. The access ports are all 10/100BaseTX only.
By the way, I have no way of testing the "compact" series of the 2960C and the 3560C. The Data Sheet itself is a bit "grey" so I won't make a comment about these two models. -
Cisco 1142 Wireless access point intermittently will not authenticate
Hi all,
We have a Cisco 1142 standalone access point, and from time to time I will come into the office and it will not authenticate any users to either our guest or corporate networks. I then have to go in and reboot the access point. After that, it begins to work. Any advice? Here's my configuration below:
Current configuration : 6450 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname cisco-chiap01
logging monitor errors
enable secret 5 $1$fsD8$CU42/3/Up5AAlL4hQWvvg0
aaa new-model
aaa group server radius rad_eap
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_eap2
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
login on-failure log
login on-success log
dot11 syslog
dot11 vlan-name Admin vlan 100
dot11 vlan-name DevNetwork vlan 20
dot11 vlan-name Guest vlan 150
dot11 vlan-name Network vlan 16
dot11 ssid DevNetwork
vlan 20
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
dot11 ssid Guest
vlan 150
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 7 142407060101380B013A3A2670435642
information-element ssidl advertisement
dot11 ssid Network
vlan 16
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
username monkeyman privilege 15 secret 5 $1$ZZ7C$rqimu2FNONdfeacMNGAD/.
bridge irb
interface Dot11Radio0
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
parent timeout 120
speed 5.5 11.0 basic-6.0 9.0 12.0 36.0 48.0 54.0
packet retries 128 drop-packet
channel 2462
station-role root
rts threshold 512
rts retries 128
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface Dot11Radio1
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
traffic-metrics aggregate-report
dfs band 3 block
mbssid
parent timeout 120
speed 6.0 12.0 basic-24.0 36.0 48.0 54.0
channel width 40-above
channel dfs
station-role root access-point
interface Dot11Radio1.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio1.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.11
encapsulation dot1Q 11
no ip route-cache
interface GigabitEthernet0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface GigabitEthernet0.100
encapsulation dot1Q 100
ip address 192.168.100.3 255.255.255.0
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
interface GigabitEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
no bridge-group 150 source-learning
bridge-group 150 spanning-disabled
interface BVI1
ip address 172.17.16.251 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface GigabitEthernet0
access-list 1 permit 172.17.16.1
access-list 1 remark Admin network access
access-list 1 permit 192.168.100.0 0.0.0.255
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.17.21.10 auth-port 1812 acct-port 1813 key 7 047958071C3561410D4A44
radius-server host 172.17.16.12 auth-port 1645 acct-port 1646 key 7 08045E471A48574446
radius-server host 172.17.21.10 auth-port 1645 acct-port 1646 key 7 1320051B185D56797F
radius-server timeout 15
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
access-class 1 in
endWhen the issue occurs does that affect both 2.4GHz & 5GHz devices ? I would see which band operating devices affected.
I noticed you have set CH11 under Radio 0 statically. I would prefer to configure it as below so AP can change the channel depend on the environment.
int d0
channel least-congested
HTH
Rasika
**** Pls rate all useful responses **** -
Cisco ASA 5505 Reset-I Problem with TCP State Bypass
Hello,
I have a Cisco ASA 5505 that functions as my primary firewall and a Mitel 5000 controller behind it. I have two external phone users that have been connecting through the firewall with no issues for six months until about two weeks ago. I am now seeing the following log entry on the phone trying to connect to the Mitel Controller.
6
May 16 2014
14:52:52
302014
72.135.115.37
6915
192.168.20.2
6801
Teardown TCP connection 1203584 for outside:72.135.115.37/6915 to inside:192.168.20.2/6801 duration 0:00:00 bytes 0 TCP Reset-I
My phones are designed to work with the Mitel 5000 and Mitel 3300 phone controllers. The 5000 will only use port 6800 for call control, while the 3300 will use 6801 (Secured Minet), 6802 (Minet SSH), and if those fail, port 6800 (Minet Unsecured). When the phones initiate a connection, they try 6801 first. If 6801 is unavailable, the phone controller adds the RST flag to the ACK packet. When the phone sees the RST flag, it is supposed to reset and use the next port (6802). The same process happens again for port 6802, then the phone knows to try 6800. The problem is that the ASA sees the RST flag now and terminates the connection at the firewall. Therefore, the phones never see the RST flag, and continue to try the connection with port 6801.
I have tried to use the TCP State Bypass feature to correct the situation, but the log shows that the connection is still being terminated immediately by the firewall. I am a novice when it comes to configuring the ASA. Any help would be greatly appreciated, as the company that I bought the phone system from is out of troubleshooting options. I do not think that I have made any changes to the firewall around this time. I have packet captures and logs from my ASA and I have wireshark data on the inside of my network. I need to figure out how to configure the ASA so that it ignores the RST flag and sends the packet back to the source.
Any help would be greatly appreciated!Thanks Rizwan,
Still no luck. I can't even ping the otherside (office).. I am not sure if i'm running the debug rightway. Here are my results...
homeasa(config)# ping inside 10.10.5.254............. (Office CIsco ASA5505 IP on local side. I also tried pinging the server on other side (office) whic is @10.10.5.10 and got the same result)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.5.254, timeout is 2 seconds:
Success rate is 0
homeasa(config)# debug crypto isakmp 7
homeasa(config)# debug crypto ipsec 7
homeasa(config)# sho crypto isakmp 7
^
ERROR: % Invalid input detected at '^' marker.
homeasa(config)# sho crypto isakmp
There are no isakmp sas
Global IKE Statistics
Active Tunnels: 0
Previous Tunnels: 0
In Octets: 0
In Packets: 0
In Drop Packets: 0
In Notifys: 0
In P2 Exchanges: 0
In P2 Exchange Invalids: 0
In P2 Exchange Rejects: 0
In P2 Sa Delete Requests: 0
Out Octets: 0
Out Packets: 0
Out Drop Packets: 0
Out Notifys: 0
Out P2 Exchanges: 0
Out P2 Exchange Invalids: 0
Out P2 Exchange Rejects: 0
Out P2 Sa Delete Requests: 0
Initiator Tunnels: 0
Initiator Fails: 0
Responder Fails: 0
System Capacity Fails: 0
Auth Fails: 0
Decrypt Fails: 0
Hash Valid Fails: 0
No Sa Fails: 0
Global IPSec over TCP Statistics
Embryonic connections: 0
Active connections: 0
Previous connections: 0
Inbound packets: 0
Inbound dropped packets: 0
Outbound packets: 0
Outbound dropped packets: 0
RST packets: 0
Recevied ACK heart-beat packets: 0
Bad headers: 0
Bad trailers: 0
Timer failures: 0
Checksum errors: 0
Internal errors: 0
hjnavasa(config)# sh crypto ipsec sa peer 96.xxx.xxx.118
There are no ipsec sas
homeasa(config)# -
Cisco 1142 WGB in a controller based network
Hi,
I have trouble with Cisco AP1142 which is configured in WGB mode. I'm trying to get it work in a controller based network, where LAPs are configured in H-REAP. SSID where WGB should be associated drops it traffic to VLAN60. Security type is WPA2-PSK.
I've configured the WGB and it associates and gets IP from the correct network....but the problem is that laptop connected to WGB won't work. It gets no IP address and won't work with static IP.
At the moment I have no VLANs configured on the WGB - should I have?
AP IOS version is 12.4(25d)JA and WLC version is 7.0.98.0.
Please find config file attached and also a topology image. Hope these help.
Br,
PetriHi Petri,
WGB mode with HREAP is not supported:
http://tools.cisco.com/squish/dcAfC
http://tools.cisco.com/squish/CcFE6
You may want to test this with uWGB mode and static IP config.However, there is a new bug filed for uWGB mode as well:
CSCtl21683 uWGB needs official testing and support with h-reap
HTH,
Alex -
Hi,
I am a bit confused with the GUI configuration of an AP and repeater my concerns are:
I have 3 AP 1142 series i want two APs to be connected to the main AP(ethernet) while the others act as repeaters.
How do i go about creating an AP as a repeater to assoicate with the AP connected to a switch
ThanksHello Samson,
As per your query i can suggest you the following solution-
Configuring a Repeater Using the CLI
If you want to configure your AP as a repeater and use the command-line interface, the following is an example configuration setting. This example configures the AP with two parents:
ap1130# configure terminal
ap1130(config)# interface dot11radio 0
ap1130(config-if)# ssid qbranch
ap1130(config-ssid)# infrastructure-ssid
ap1130(config-ssid)# exit
ap1130(config-if)# station-role repeater
ap1130(config-if)# dot11 extensions aironet
ap1130(config-if)# parent 1 0012.7fc2.1bdc 1000
ap1130(config-if)# parent 2 0012.44b4.b250 1000
ap1130(config-if)# end
ao1130# copy running-config startup-config
Hope this will help you. -
CISCO WAP200 after reset will not accept default id/pswd
I had to reset the WAP200 wireless device expecting that it would then allow access using the default id/pswd of admin. Unfortunately, I am not able to gain access to the setup GUI as it does not recognize the default id of admin and pswd of admin. I reset the device twice with the same result. The device warranty ran out in 2012 as it was purchased back in 2009.
Any pearls of wisdom so I can gain access?
Best RegardsKevin,
Is the AP plugged into your network or do you just have a PC plugged directly into it with a static IP? I would give the PC a static 192.168.1.200/24, no gateway. Reset as Tom suggested and then log in using admin/admin.
- Marty -
Require help to configure Cisco 1142 AP
Hi Team,
I'm new to Wireless. Recently I've configured a Wireless AP (Model:AIR-AP1142N-A-K9) with the help of a Youtube Video.
Please find the Below configuration details:
AP Configuration:
<REMOVED>#show run
Building configuration...
Current configuration : 4955 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname <REMOVED>
enable secret 5 $1$nyT5$7naR21WqmWcPukAhSssAo/
no aaa new-model
ip domain name <REMOVED>
dot11 syslog
dot11 vlan-name MGMT_VLAN vlan 20
dot11 vlan-name WIRELESS_LAN vlan 30
dot11 ssid <REMOVED>
vlan 30
authentication open
guest-mode
crypto pki trustpoint TP-self-signed-<removed>
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-<removed>
revocation-check none
rsakeypair TP-self-signed-<removed>
crypto pki certificate chain TP-self-signed-<removed>
certificate self-signed 01
<removed>
quit
username <REMOVED> privilege 15 password 7 01100F175804
username <REMOVED> Privilege 15 secret 5 $1$Jeq0$SxvYfrDZkWNx5N3XITAab0
username <REMOVED> privilege 15 secret 5 $1$e9Mc$JwGalVaHjrFf4Gn4kj/VY1
username <REMOVED> privilege 0 secret 5 $1$0eRJ$OzYn1oU.1W8aDOVi27Fbt0
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 30 key 1 size 40bit 7 <REMOVED> transmit-key
encryption vlan 30 mode wep mandatory
ssid <REMOVED>
antenna gain 0
channel 2412
station-role root
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.30
encapsulation dot1Q 30
ip helper-address 192.168.30.1
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
interface BVI1
description <<< LAN INTERFACE >>>
ip address 192.168.20.202 255.255.255.0
no ip route-cache
ip default-gateway 192.168.20.2
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 115 remark <<< ACL-FOR-SSH-ACCESS >>>
access-list 115 permit tcp host 192.168.20.190 any eq 22
access-list 115 permit tcp host 192.168.20.191 any eq 22
access-list 115 permit tcp host 192.168.20.192 any eq 22
access-list 115 permit tcp host 192.168.20.193 any eq 22
access-list 115 permit tcp host 192.168.20.194 any eq 22
access-list 115 permit tcp host 192.168.20.195 any eq 22
access-list 115 deny tcp any any
bridge 1 route ip
line con 0
login local
stopbits 1
line vty 0 4
access-class 115 in
exec-timeout 5 0
login local
transport input ssh
transport output none
line vty 5 15
access-class 115 in
login local
transport input ssh
transport output none
end
Access Switch Configuration :
<REMOVED>#show run int gig 1/0/1
Building configuration...
Current configuration : 129 bytes
interface GigabitEthernet1/0/1
description ** Trunk to GF-AP1 **
switchport trunk native vlan 20
switchport mode trunk
end
Core Switch side Configuration:
ip dhcp excluded-address 192.168.30.1 192.168.30.10
ip dhcp pool WIRELESS_SCOPE
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 192.168.20.66
With the above configuration the AP is working fine and it's getting DHCP ip address from the Core switch and the users are also able to access all the internal network resources and Internet too according to customer requirement.
But recently customer raised few concerns:
1. Customer is unable to login into AP by using WEBBROWSER
(error: The Server 192.168.20.202:443 requires a username and password. The server says: Lever_15_access.)
SSH to the AP is working fine.
2. Customer is asking to create 2 SSIDs in every access point.
a.) COMPANY SSID (Which should have full access to the local network as well as Internet too.)
b.) GUEST SSID (Which should only access internet but not internal network.)
3. Only few users should be able to access GUI of AP as I've done for SSH using ACL's
Kindly help with the above concerns as I've to answer the customer tomorrow.
Regards,
Vamsi Harish.T.
[email protected]Hi,
Same local credentials that you use for SSH can be used for http/https.
Make sure you provide correct credentials. If still not working provide a screenshot of the error and try to enable http server for testing purposes only and try if it works with http.
For multiple SSIDs with multiple VLANs try this config example:
https://supportforums.cisco.com/docs/DOC-14496
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
Cisco PIX-515e reset to factory defaults
Hi,
I have a cisco PIX-515e which i have connected to a emulator through the console port, and im having trouble erasing data from it.
I can get into 'pixfirewall' mode and 'monitor' mode but thats as far as i get. i have tried 'write erase' and 'configure factory-default' in both modes to no success.
Any help would be much appreciated.
thanks,this is a little late over a year, you probably alreay figured it out. in monitor mode.
set your interface
monitor> int 0 (this doesnt matter much as long as the interface is valid)
next set the ip address of our pix
monitor> add 192.168.1.50 (this just sets the pix int 0 to this ip address)
now set the tftp server
monitor> server 192.168.1.79 (this is the ip address of my pc with a tftp server)
set the gateway
monitor> gateway 0.0.0.0 (i had much trouble with this but until i set the gateway to this it didnt work)
now back to your pc assuming you have a tftp server installed.
download the necessary recover tool at (subject to change probably) make sure you put it in your default directory of your tftp server.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml
this is key probably
if you have the wrong tool the image will download successfully to your pix but it will not do anything just stop
after the file has been received.
so if your unsure try all the images.
now back to the pix
to initiate a file download you have to declare it so
monitor> file np62.bin
and then to start the download
monitor> tftp
see below.... (entire session via console cable)
monitor> int 0
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 0: i82557 @ PCI(bus:0 dev:14 irq:10), MAC:
monitor> add 192.168.1.50
address 192.168.1.50
monitor> server 192.168.1.79
server 192.168.1.79
monitor> gateway 0.0.0.0
gateway 0.0.0.0
monitor> file np62.bin
file np62.bin
monitor> tftp
tftp [email protected].....................................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Wed Mar 27 11:02:16 PST 2002
System Flash=E28F128J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
Do you wish to erase the passwords? [yn]
if that doesnt work im not sure just try the other images. -
Cisco PIX-515e reset to factory defaults *Expert Advice Only Please*
Hi,
I have a cisco PIX-515e which i have connected to a emulator through the console port, and im having trouble erasing data from it.
I can get into 'pixfirewall' mode and 'monitor' mode but thats as far as i get. i have tried 'write erase' and 'configure factory-default' in both modes to no success.
When i last posted this i had alot of replies mentioning ROMMON mode but i want to stress the PIX 515e does not have ROMMON mode it has MONITOR mode however the commands are not the same as ROMMON commands.
Any help would be much appreciated.
thanks,8 MB RAM
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
00 11 00 14E4 5823 Co-Processor 11
00 13 00 8086 B154 PCI-to-PCI Bridge
01 04 00 8086 1229 Ethernet 11
01 05 00 8086 1229 Ethernet 10
01 06 00 8086 1229 Ethernet 9
01 07 00 8086 1229 Ethernet 5
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-515E
System Flash=E28F128J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 123392 bytes of image from flash.
PIX Flash Load Helper
Initializing flashfs...
flashfs[0]: 8 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 16128000
flashfs[0]: Bytes used: 13963264
flashfs[0]: Bytes available: 2164736
flashfs[0]: Initialization complete.
Booting first image in flash
Launching image flash:/pix722.bin
128MB RAM
Total NICs found: 6
mcwa i82559 Ethernet at irq 10 MAC: 0016.9da2.5907
mcwa i82559 Ethernet at irq 11 MAC: 0016.9da2.5908
mcwa i82559 Ethernet at irq 11 MAC: 000d.8810.d91c
mcwa i82559 Ethernet at irq 10 MAC: 000d.8810.d91d
mcwa i82559 Ethernet at irq 9 MAC: 000d.8810.d91e
BIOS Flash=am29f400b @ 0xd8000 MAC: 000d.8810.d91f
Initializing flashfs...
flashfs[7]: 8 files, 3 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 16128000
flashfs[7]: Bytes used: 13963264
flashfs[7]: Bytes available: 2164736
flashfs[7]: flashfs fsck took 15 seconds.
flashfs[7]: Initialization complete.
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
| |
||| |||
.|| ||. .|| ||.
.:||| | |||:..:||| | |||:.
C i s c o S y s t e m s
Cisco PIX Security Appliance Software Version 7.2(2)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to [email protected].
******************************* Warning *******************************
Copyright (c) 1996-2006 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cryptochecksum (unchanged): 43dccc97 2fb4bfec 15a33bef dad78b7e
Type help or '?' for a list of available commands.
pixfirewall>
I am unable to get onto enable mode because i do not no the password? any idea of a way round, i need to get into that enable mode. -
WCS v7.0.164.0 + Cisco 1142 LWAP AP's
I have deployed a number of AIR-LAP1142N-E-K9 access points at a site, but I have an issue where all access point have defaulted to Channel 1. I have set the perameters on the Lightweight AP Template correctly to allow dinamic power and channel selection. The positioning of the AP's are as per the WCS planning tool. Any help would be welcome.....
It's also possible DCA is disabled on the WLC, check it under:
802.11a > RRM > Dynamic Channel Assignment (DCA)
Also check your power:
802.11a > RRM > Tx Power Control(TPC)
Nabil -
Cisco 1142AP Autonomous - Radio interface constantly reset and provides crash file
Hello All,
We have 10 Cisco 1142 Access Points currently configured as Autonomous and I'm experiecing very unusual behavior with the 2.4GHz radio interfaces on each of them. The IOS firmware is 15.2.2JB and they're connected to Cisco 2960 PoE switches. I'm not sure what could be causing this problem however it is service impacting and looks bad on me since I don't have a solution for it. One potential fix could be to upgrade the firmware to 15.2.4 but I'm sure if it is a firmware problem. Any advice would help. Here's an excerpt from the AP log:
Aug 18 14:40:16: Writing driver stats to flash:/ap_log_r0_0.log..
Aug 18 14:40:21:
Aug 18 14:40:21: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
Aug 18 14:40:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
Aug 18 14:40:23: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
Aug 18 14:40:23: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
Thanks,
Ali IbrahimYou should be able to go in and view teh R0_0.log file.
there might be something in there that you can do a bug search for.
HTH,
Steve -
We have remote users which connect through vpn . Their Cisco 7942 Phones reset themselfs atleat twice in a day. I am attaching some phones logs it showing me tcp timeout. It only happens to vpn user everything works fine on Lan.
Ok, I have an answer for my own question. Since it is only happening to vpn clients which do not have any Qos plus cloud where other traffic is taking over. Our phones are time sensitive device loosing connectivity from CM.
-
Cisco 2504 Domain Authentication for WIFI Clients
I got a question.
I have a 2504 controller, and a bunch of 3600 APs. (which now works, thanks to Scott Fella)
I want the WIFI users to be able to connect to the WIFI, If their computer is part of the domain. Otherwise, they connect to the guest WIFI.
How can I go about doing that? I tried searching the forums, but perhaps Im not searching for the right keywords.
I thought it was LDAP, but I could not find much info on it.
Thanks....I wouldn't look at LDAP. I would use a radius server and machine authentication. If your a Microsoft shop, then bring up IAS for 2003 or NPS for 2008. These can work as your radius server. To figure out how to configure machine auth, just search Google for NPS wireless machine authentication.
Here is one link
http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/
Sent from Cisco Technical Support iPhone App -
E1550 - Error code 82BD0119, Cisco Connect gives connection timeout error during setup
During setup, after 90% completion I get "adapter connection timeout period expired". I'm unable to configure my router.
I downloaded the lates Cisco Connect software and tried that as well but I get the same problem.
Operating System : Windows Vista Home Premium SP1 (32 bit).
Any help will be apreciated. Thanks.I believe you have a static IP address assigned in the computer. Here are the steps to check for the wireless:
~~ Go to Wireless network connection properties.
~~ Click On Internet protocol TCP/IP and go to properties.
~~ Select 'Obtain IP address automatically' and 'Obtain DNS server automatically'.
~~ Click OK and then close.
Check for the Local Area Connection as well in the same procedure.
Then uninstall the existing Cisco connect software, reset the router.
Steps to reset the router:
Push the reset button on router for 30 seconds, turn off the router wait for 30 seconds and then power it on. After this process reconfigure the router. Power light should blink when you perform the reset process.
After performing the following steps install the Cisco connect again and check the status.
Maybe you are looking for
-
Satellite U400-15B screen isn't bright as it used to be
Good morning everyone I have had my U400-15B nearly a year now and I've noticed the screen isn't as bright as it used to be. The brightness level is on maximum but it just seem a little dull. Has anyone else noticed this or is it just the LCD panel n
-
Is there any possible way to get iMessage or access iMessage online on Snow Leopard OS X?
My iPhone 5 battery went for some reason today, and I really need to access my texts.
-
Pages are not displaying properly
Hi I am using EP 7.0 SP 7.0. Some of the pages (like new ivew creartion page, Identity management page under User Administration etc.) are not displaying properly. The background is showing totally white and only the buttons and text are visible. Tho
-
I've been building up a database of my photos using photoshop elements and originally album) over the past few years - currently I'm using PS elements v4. I've got PS installed on my main PC with all the photos/catalogs stored on a NAS drive. I'm now
-
I can't get my pc to open the icloud control panel?
I can't get my pc to open the icloud control panel? I have it all set up on my iphone and I've followed the instructions to install icloud on my PC, but when I go to control panel, icloud and click to get the control panel, nothing happens?