Cisco 1200 Access Points as Bridges - Won't work

Similar Messages

• Cisco 1200 Access Points

  Hi,
  Is it possible to setup an Aironet 1200 in Root AP mode, where it does DHCP for the Wifi clients and NAT. Where the wired interface is equipped with a public IP?

  If your 1200 has two radios, yes.  Otherwise it's either a root or an AP but can't be both (per radio).

• Problem with Cisco 1240AG Access Points

  I have a Cisco 1240AG Access point (P/N ? AIR-LAP1242AG-A-K9).
  It has come in the lightweight mode.
  I just want to know whether I can put it to the autonomous mode.

  Hi Indika,
  Here is a conversion method (look most of the way down the attached doc);
  Reverting the Access Point Back to Autonomous Mode
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
  Using a TFTP Server to Return to a Previous Release
  Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
  Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
  Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
  Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
  Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
  Step 5 Disconnect power from the access point.
  Step 6 Press and hold MODE while you reconnect power to the access point.
  Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
  Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
  Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  Hope this helps!
  Rob

• Cisco 1230 access point a radio lightweight mode

  Will the cisco 1230 access point work in lighweight mode if it is using a radio?

  The 1230 can be upgraded to LWAPP with the A Radio model listed below;
  Solution Requirements
  Migration from autonomous access point mode to lightweight mode is possible on these Cisco Aironet access point platforms:
  All 1130AG access points
  All 1240 AG access points
  For all IOS-based 1200 series modular access point (1200/1220 Cisco IOS Software Upgrade, 1210 and **1230 AP**) platforms, it depends on the radio:
  if 802.11G, MP21G and MP31G are supported
  if 802.11A, RM21A and RM22A are supported
  The 1200 series access points can be upgraded with any combination of supported radios: G only, A only, or both G and A.
  All 1310 AG access points
  From this good doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html
  Hope this helps!
  Rob

• Extremes (Access Point Mode, Bridged) Constantly Going Offline

  I have multiple Extremes (all standalone access point mode, bridged with static IPs) randomly going offline. Each Extreme is connected directly to a main switch. Status lights always remain green however I cannot ping the devices, they do not show up in the Airport Utility and they cease to be accessible/visible via WIFI. Plus, when this happens, I often can STILL connect to devices (e.g. printers) that are plugged into the LAN ports of the "offline" Extremes.
  They appear to drop randomly, i.e. not under any particularly heavy load or anything. When I feel them physically, they don't feel unusually warm or anything.
  Thoughts? I have already done a hard reset and reconfig on one of the problem devices.

  Hello Julesomar,
  It sounds like your Airport Extreme is having intermitent connectivity issues. You have already done what I would have started with by resetting the device. I recommend next troubleshooting for sources of interference with the following article:
  Wi-Fi and Bluetooth: Potential sources of wireless interference
  http://support.apple.com/kb/ht1365
  Thank you for using Apple Support Communities.
  All the very best,
  Sterling

• Any new firmware for the Cisco AP541N access points.

  Do you know if Cisco has come out with any new firmware for the Cisco AP541N access points.

  Latest release is 1.8.0 from Jan 25, 2010:
  http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=1.8.0&mdfid=282790482&sftType=Small+Business+Pro+Wireless+Software&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+AP+541N+Wireless+Access+Point&treeMdfId=278875243&treeName=Wireless&modifmdfid=null&imname=&hybrid=null&imst=null&lr=Y

• Cisco 1310 Access Point Rommon Mode

  Hello,
  So I have a Cisco 1310 Access Point that is in Rommon mode. I have the image on the Access point but I did not use the archive download command to extract it. When I use the
  tar -xtract flash://c1310-k9w7-tar[1].124-25d.JA2.tar flash:
  command It gets close to the end but doesnt finish saying there isnt enough space. When I try to delete the file using delete flash://
  c1310-k9w7-tar[1].124-25d.JA2 it wont allow me saying I do not have permission. I tried the rmdir command as well but had no luck. It wont allow me to use the tags /f /r for forceful and recursive, it doesnt recognize them. Anyone know how to delete a directory in rommon mode on an the 1310 access point?
  Thanks

  The delete /recursive /force flash:/ is what I use.  You might try to delete these files also:
  ap:delete flash:private-configap:delete flash:private-multiple-fs
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• Newbie help with Aironet 1200 access point

  Hello everybody,
  We "inherited" an Aironet 1200 access point with antenna's throughout our building. This was installed by a company that thought they would make money selling Wi-Fi access but now they have gone bankrupt.
  We eliminated their router and installed one of our own, and we have it handing out IP addresses. When I plug it into the Aironet 1200 it works just fine. Users are able to connect wirelessly and access the internet.
  I would like to change the SSID however so that it no longer reflects the now defunct companies name.
  I cannot determine what IP address is assigned to the access point so I can't figure out how to access the management page.
  I tried connecting to the ethernet port via a DB9 to RJ45 cable and hyper terminal. After connecting the cable and powering up the access point I am still unable to connect.
  I realize once I get connected I will probably run into password issues, but I'd like to figure out how to get at least that far.
  Any ideas?

  since ur gonna change the ssid and there is a password...
  1. reset the ap. before plugging power to ap, press hold the mode button for 3 sec or until the led becomes orange or amber, then release.
  2. the ap is reset to default setting with ip address 10.0.0.1
  3. either console or gui the ap and change the bvi to ur preferred ip address.
  4. configure everything else as you want.

• Configuring N channel on cisco 1252 Access Point

  Hi,
  Can someone help me for configuring N-Series band on Cisco 1252 Access Point in IOS Mode.
  Thanks
  Tabrez

  Firstly you need to use WPA2/AES or OPEN authentication.
  Cisco 802.11n Design and Deployment Guidelines
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/white_paper_80211n_design_and_deployment_guidelines.html

• Cisco Wap300 access point

  I own a Cisco Wap300 access point . there are a pc, a netbook and a smartphone in my house. I want to connect to these devices my line of fiber internet with Cisco Wap300 access point. My modem brand and model is "ZTE - Zxhn H168N". This modem has 300 Mbps wireless connection speed. Which settings of access point should I use to work my all devices .
  I'am using Air 2310 wireless adaptor for Pc
  I have a netbook and HTC wildfire S smartphone

  Are you referring to this?:
  http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/300_series_wireless_access...
  or this?:
  http://support.linksys.com/en-apac/support/accesspoints/WAP300N
  It's good if we identify the device first before we get the ball rolling.

• CISCO Aironet access point - not able to connect by user.

  Hi,
  I have CISCO Aironet access point C1130 in my network , but not able to connect by users, I can see below logs from access point. please help on this.
  Jun 13 17:50:10.686: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:10.686: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:15.678: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:15.678: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:20.544: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:20.544: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:24.832: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:24.832: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:29.741: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:29.741: RADIUS: Fail-over denied to  (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:29.741: RADIUS: No response from (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:29.741: RADIUS/DECODE: No response from radius-server; parse response; FAIL         
  Jun 13 17:50:29.741: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL         
  Jun 13 17:50:29.741: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAILOVER_RETRY         
  Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response         
  Jun 13 17:50:29.742: Client 5864.6c67.3718 failed: EAP reason 0         
  Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: Failed client 5894.6b37.3518 with aaa_req_status_detail 0         
  Jun 13 17:50:29.742: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 5894.6b37.3518         
  Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 5894.6b37.3518         
  Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds         
  Jun 13 17:50:29.743: dot11_auth_dot1x_send_client_fail: Authentication failed for 5894.6b37.3518         
  Jun 13 17:50:29.743: %DOT11-7-AUTH_FAILED: Station 5894.6b37.3518 Authentication failed
  Regards,       

  Hi Niham,
  You can try few things to troubleshoot this -
  1. check the reachability of Radius server from your wlc (ping).
  2. verify the IP address of Raduis server configured on wlc.
  3. wlc in the Radius server ?
  4. Shared Secret must be same on wlc and in raduis server.
  Plz do not forget to rate useful post.
  Thanks

• Bootup order on Cisco Aironet Access Points

  Hello folks 
  Could you please help me in clarifying the bootup order on Cisco Aironet Access Points 
  Does the SNMP Agent on the device start before the Startup config is copied to Running Config ?
  Because everytime the Cisco Aironet Access Point restart , SNMP trap  is generated from Admin down WLAN interfaces (Dot11Radio1/Dot11Radio0) mentioning "Administratively down " . 
  So my best assumption is that 
  Access point Restarts - > SNMP Engine starts -> Startup Config is copied to Running config -> Interface is made admin down -> SNMP Trap is sent 
  Is that correct?
  Please help !
  Anup

  The Clean Access Manager (CAM) manages out-of-band Clean Access Servers (CASs) and switches through the admin network. The trusted interface of the CAS connects to the admin/management network, and the untrusted interface of the CAS connects to the managed client network.
  When a client connects to a managed port on a managed switch, the port is set to the authentication VLAN and the traffic to/from the client goes through the Clean Access Server. After the client is authenticated and certified through the Clean Access Server, the port connected to the client is changed to the access VLAN. Once on the access VLAN, traffic to and from certified clients bypasses the Clean Access Server.
  In most OOB deployments (except L2 OOB Virtual Gateway where the Default Access VLAN is the Access VLAN in the Port profile), the client needs to acquire a different IP address from the Access VLAN after posture assessment.
  For Real-IP/NAT-Gateway setup, the client port is bounced to prompt the client to acquire a new IP address from the admin/access VLAN.
  The below URL describe the configuration steps needed to set up your OOB deployment:
  •Configure Your Switches
  •Configure OOB Switch Management in the CAM
  •Configure Access to Authentication VLAN Change Detection
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/416/CAM/m_oob.html#wp1175744

• Cisco 2602 Access Point - Support

  Dear Team,
  Could you please advise, if Cisco 2602 Access Point supports IPS and CleanAir along with Access Point feature or does it need to work as standalone to have these functions enabled ?
  Regards,
  SID 

  Might as well add my 2¢
  In order to have CleanAir, you need a WLC.  In order to do IPS, wireless its called wIPS, you need an MSE and NCS or Prime Infrastructure.
  A standalone access point (autonomous) is just a dumb AP and can't perform any of those functions:)
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Silly doubt abt access-points and bridges

  hi all i have read cisco doc wherein clients connecting to access-points and also where the cisco access-point is working like a bridge and still clients can connect to it .
  then any specific reason why people generally connect clients to access-points.
  i mean is there any benefit of either method over the other.
  any help and guidance would be really helpful.
  regards
  sushil

  In short, it is preferred to have users connect to access points.... 99% of the time. You can use a wireless bridge (that is associated to an AP) that is connected to a switch/hub to supply network connectivity to wired users off the switch/hub. There are also access points that can be used as a bridge for building point to point connectivity.
  Look at the home users with wireless.... it allows then to move from place to place (as long as there is coverage) without having to be wired in.

• Cisco 1242AG Access Point proper configuration

  Hello everyone,
  Here is the situation:
  Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
  For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
  Next, I made the followings configurations in the autonomous AP through WEB Console:
  Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
  VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
  I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
  Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
  In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
  Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
  I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
  As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
  IPs:192.168.55.10 and 192.168.55.11
  SNET:255.255.255.0
  GWY:192.168.55.1
  Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
  The problem:
  Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP,  VLAN20 IP, neither each other.
  What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
  Thank you in advance for any help

  Hello Madhuri,
  below is the latest run config output from the access point
  Building configuration...
  Current configuration : 3743 bytes
  ! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
  ! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname RCT_THP_AP1
  enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
  aaa new-model
  aaa group server radius rad_eap
  server 192.20.10.35 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  server 192.20.10.35 auth-port 1645 acct-port 1646
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone +0200 2
  ip name-server 192.20.11.2
  dot11 ssid RCTHP
     vlan 20
     authentication open mac-address mac_methods eap eap_methods
     authentication key-management wpa
  power inline negotiation prestandard source
  username Cisco password 7 00271A150754
  username 00236867a192 password 7 101E594B56414A5D5B057B7276
  username 00236867a192 autocommand exit
  username 00236867a19b password 7 091C1E5B4A534F445C0D557329
  username 00236867a19b autocommand exit
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 20 mode ciphers aes-ccm
  ssid RCTHP
  channel 2462
  station-role root
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  bridge-group 20 subscriber-loop-control
  bridge-group 20 block-unknown-source
  no bridge-group 20 source-learning
  no bridge-group 20 unicast-flooding
  bridge-group 20 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  no dfs band block
  channel dfs
  station-role root
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface BVI1
  ip address 192.20.10.35 255.255.254.0
  no ip route-cache
  ip default-gateway 192.20.10.200
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  snmp-server view dot11view ieee802dot11 included
  snmp-server community public view dot11view RO
  snmp-server contact IS
  radius-server local
    no authentication eapfast
    nas 192.20.10.35 key 7 03130807055F2C1F
    user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
    user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  sntp server 192.20.10.2
  sntp broadcast client
  end
  Regards
  Vasilis