Cisco 1242AG Access Point proper configuration

Hello everyone,
Here is the situation:
Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
Next, I made the followings configurations in the autonomous AP through WEB Console:
Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
IPs:192.168.55.10 and 192.168.55.11
SNET:255.255.255.0
GWY:192.168.55.1
Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
The problem:
Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP,  VLAN20 IP, neither each other.
What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
Thank you in advance for any help

Hello Madhuri,
below is the latest run config output from the access point
Building configuration...
Current configuration : 3743 bytes
! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname RCT_THP_AP1
enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
aaa new-model
aaa group server radius rad_eap
server 192.20.10.35 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
server 192.20.10.35 auth-port 1645 acct-port 1646
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone +0200 2
ip name-server 192.20.11.2
dot11 ssid RCTHP
   vlan 20
   authentication open mac-address mac_methods eap eap_methods
   authentication key-management wpa
power inline negotiation prestandard source
username Cisco password 7 00271A150754
username 00236867a192 password 7 101E594B56414A5D5B057B7276
username 00236867a192 autocommand exit
username 00236867a19b password 7 091C1E5B4A534F445C0D557329
username 00236867a19b autocommand exit
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 20 mode ciphers aes-ccm
ssid RCTHP
channel 2462
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
no dfs band block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface BVI1
ip address 192.20.10.35 255.255.254.0
no ip route-cache
ip default-gateway 192.20.10.200
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
snmp-server view dot11view ieee802dot11 included
snmp-server community public view dot11view RO
snmp-server contact IS
radius-server local
  no authentication eapfast
  nas 192.20.10.35 key 7 03130807055F2C1F
  user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
  user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
sntp server 192.20.10.2
sntp broadcast client
end
Regards
Vasilis

Similar Messages

  • Cisco 1242AG Access Point backup configuration

    Hi everyone,
    Is there any way to export the running or startup configuration of the Access Point but in a way that I'll be able to reload it in case something goes baddly wrong?
    Thx
    VP

    If you want to manually send a copy of your startup or running config to your TFTP server you can use the command (base on IOS version):
    sh start | redirect tftp:///filename.extension
    Note:  The first time you've downloaded the file to your TFTP server, do not use Notepad to open it (because Notepad can't understand UNIX carriage return).  Open the file using WordPad and save it.  The next time you can use Notepad.

  • Configuring N channel on cisco 1252 Access Point

    Hi,
    Can someone help me for configuring N-Series band on Cisco 1252 Access Point in IOS Mode.
    Thanks
    Tabrez

    Firstly you need to use WPA2/AES or OPEN authentication.
    Cisco 802.11n Design and Deployment Guidelines
    http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/white_paper_80211n_design_and_deployment_guidelines.html

  • CISCO Aironet access point - not able to connect by user.

    Hi,
    I have CISCO Aironet access point C1130 in my network , but not able to connect by users, I can see below logs from access point. please help on this.
    Jun 13 17:50:10.686: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:10.686: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:15.678: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:15.678: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:20.544: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:20.544: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:24.832: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:24.832: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:29.741: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:29.741: RADIUS: Fail-over denied to  (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:29.741: RADIUS: No response from (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:29.741: RADIUS/DECODE: No response from radius-server; parse response; FAIL         
    Jun 13 17:50:29.741: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL         
    Jun 13 17:50:29.741: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAILOVER_RETRY         
    Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response         
    Jun 13 17:50:29.742: Client 5864.6c67.3718 failed: EAP reason 0         
    Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: Failed client 5894.6b37.3518 with aaa_req_status_detail 0         
    Jun 13 17:50:29.742: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 5894.6b37.3518         
    Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 5894.6b37.3518         
    Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds         
    Jun 13 17:50:29.743: dot11_auth_dot1x_send_client_fail: Authentication failed for 5894.6b37.3518         
    Jun 13 17:50:29.743: %DOT11-7-AUTH_FAILED: Station 5894.6b37.3518 Authentication failed
    Regards,       

    Hi Niham,
    You can try few things to troubleshoot this -
    1. check the reachability of Radius server from your wlc (ping).
    2. verify the IP address of Raduis server configured on wlc.
    3. wlc in the Radius server ?
    4. Shared Secret must be same on wlc and in raduis server.
    Plz do not forget to rate useful post.
    Thanks

  • Bootup order on Cisco Aironet Access Points

    Hello folks 
    Could you please help me in clarifying the bootup order on Cisco Aironet Access Points 
    Does the SNMP Agent on the device start before the Startup config is copied to Running Config ?
    Because everytime the Cisco Aironet Access Point restart , SNMP trap  is generated from Admin down WLAN interfaces (Dot11Radio1/Dot11Radio0) mentioning "Administratively down " . 
    So my best assumption is that 
    Access point Restarts - > SNMP Engine starts -> Startup Config is copied to Running config -> Interface is made admin down -> SNMP Trap is sent 
    Is that correct?
    Please help !
    Anup

    The Clean Access Manager (CAM) manages out-of-band Clean Access Servers (CASs) and switches through the admin network. The trusted interface of the CAS connects to the admin/management network, and the untrusted interface of the CAS connects to the managed client network.
    When a client connects to a managed port on a managed switch, the port is set to the authentication VLAN and the traffic to/from the client goes through the Clean Access Server. After the client is authenticated and certified through the Clean Access Server, the port connected to the client is changed to the access VLAN. Once on the access VLAN, traffic to and from certified clients bypasses the Clean Access Server.
    In most OOB deployments (except L2 OOB Virtual Gateway where the Default Access VLAN is the Access VLAN in the Port profile), the client needs to acquire a different IP address from the Access VLAN after posture assessment.
    For Real-IP/NAT-Gateway setup, the client port is bounced to prompt the client to acquire a new IP address from the admin/access VLAN.
    The below URL describe the configuration steps needed to set up your OOB deployment:
    •Configure Your Switches
    •Configure OOB Switch Management in the CAM
    •Configure Access to Authentication VLAN Change Detection
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/416/CAM/m_oob.html#wp1175744

  • Problem with Cisco 1240AG Access Points

    I have a Cisco 1240AG Access point (P/N ? AIR-LAP1242AG-A-K9).
    It has come in the lightweight mode.
    I just want to know whether I can put it to the autonomous mode.

    Hi Indika,
    Here is a conversion method (look most of the way down the attached doc);
    Reverting the Access Point Back to Autonomous Mode
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
    You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
    Using a TFTP Server to Return to a Previous Release
    Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
    Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
    Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
    Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
    Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
    Step 5 Disconnect power from the access point.
    Step 6 Press and hold MODE while you reconnect power to the access point.
    Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
    Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
    Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
    From this doc;
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
    Hope this helps!
    Rob

  • Any new firmware for the Cisco AP541N access points.

    Do you know if Cisco has come out with any new firmware for the Cisco AP541N access points.

    Latest release is 1.8.0 from Jan 25, 2010:
    http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=1.8.0&mdfid=282790482&sftType=Small+Business+Pro+Wireless+Software&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+AP+541N+Wireless+Access+Point&treeMdfId=278875243&treeName=Wireless&modifmdfid=null&imname=&hybrid=null&imst=null&lr=Y

  • Cisco 1310 Access Point Rommon Mode

    Hello,
    So I have a Cisco 1310 Access Point that is in Rommon mode. I have the image on the Access point but I did not use the archive download command to extract it. When I use the
    tar -xtract flash://c1310-k9w7-tar[1].124-25d.JA2.tar flash:
    command It gets close to the end but doesnt finish saying there isnt enough space. When I try to delete the file using delete flash://
    c1310-k9w7-tar[1].124-25d.JA2 it wont allow me saying I do not have permission. I tried the rmdir command as well but had no luck. It wont allow me to use the tags /f /r for forceful and recursive, it doesnt recognize them. Anyone know how to delete a directory in rommon mode on an the 1310 access point?
    Thanks

    The delete /recursive /force flash:/ is what I use.  You might try to delete these files also:
    ap:delete flash:private-configap:delete flash:private-multiple-fs
    Thanks,
    Scott
    *****Help out other by using the rating system and marking answered questions as "Answered"*****

  • Cisco Wap300 access point

    I own a Cisco Wap300 access point . there are a pc, a netbook and a smartphone in my house. I want to connect to these devices my line of fiber internet with Cisco Wap300 access point. My modem brand and model is "ZTE - Zxhn H168N". This modem has 300 Mbps wireless connection speed. Which settings of access point should I use to work my all devices .
    I'am using Air 2310 wireless adaptor for Pc
    I have a netbook and HTC wildfire S smartphone

    Are you referring to this?:
    http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/300_series_wireless_access...
    or this?:
    http://support.linksys.com/en-apac/support/accesspoints/WAP300N
    It's good if we identify the device first before we get the ball rolling.

  • Cisco 1230 access point a radio lightweight mode

    Will the cisco 1230 access point work in lighweight mode if it is using a radio?

    The 1230 can be upgraded to LWAPP with the A Radio model listed below;
    Solution Requirements
    Migration from autonomous access point mode to lightweight mode is possible on these Cisco Aironet access point platforms:
    All 1130AG access points
    All 1240 AG access points
    For all IOS-based 1200 series modular access point (1200/1220 Cisco IOS Software Upgrade, 1210 and **1230 AP**) platforms, it depends on the radio:
    if 802.11G, MP21G and MP31G are supported
    if 802.11A, RM21A and RM22A are supported
    The 1200 series access points can be upgraded with any combination of supported radios: G only, A only, or both G and A.
    All 1310 AG access points
    From this good doc;
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html
    Hope this helps!
    Rob

  • Cisco 2602 Access Point - Support

    Dear Team,
    Could you please advise, if Cisco 2602 Access Point supports IPS and CleanAir along with Access Point feature or does it need to work as standalone to have these functions enabled ?
    Regards,
    SID 

    Might as well add my 2¢
    In order to have CleanAir, you need a WLC.  In order to do IPS, wireless its called wIPS, you need an MSE and NCS or Prime Infrastructure.
    A standalone access point (autonomous) is just a dumb AP and can't perform any of those functions:)
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Cisco wIPS access point query

    Dear All,
    I am planning to install Cisco wIPS in our network, kindly advise if I need to install access point with wireless security module to make my wIPS work or one normal cisco 3602 will be enough. I have gone through the below documents, but one says about wireless module where the other one not says about the module. Kindly suggest.
    http://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-ips-software/data_sheet_c78-501388.html - Says about module
    http://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-ips-software/qa_67-503875.html - Not says about module.
    Kindly advise that whether the security module is mandatory to go with Cisco wIPS.
    Regards,
    Jubair.S

    If you want to operate AP normally where client can connect & do wIPS then you require the module.
    Otherwise you can configure AP into monitor mode where it will not associate any clients, but do the wIPS function.
    If you require limited wIPS (Enhanced Local mode) then you can have same AP to do everything. 
    Below summarize the options available & read the given link for more details
    http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • CISCO WAP4410N Access Point disconnect after a short while

    Dear Sir,
    i bought one access point then we configured as Wireless Client/Repeater but wireless connection disconnecting and connecting  after a short while
    i tried 4 more different ADSL and different  IP range ADSL model showing same.
    so please advice on this matter ASAP.
    Thanks.
    Rahmath.CK

    My name Eric Moyers. I am an Engineer in the Small Business Support Center.
    I am sorry that no one has responded before now. What is the router that you are trying to repeat?
    What were the steps you went through to do this?
    According to the Admin Guide for the WAP4410N it will only repeat the WRVS4400N and another WAP4410N.
    Eric Moyers
    .:|:.:|:. CISCO | Cisco Presales Technical Support | Wireless Subject Matter Expert
    Please rate helpful Posts and Let others know when your Question has been answered.

  • Cisco 1250 Access Point

    My access point version is
    cisco AIR-AP1252G-E-K9
    and is 802.11 g/n
    i am sitting very close to the access point but then also i can reach upto 22 Mbps only. I check on my andriod phone the same result.
    is there any configuration i have missed??
    Thank You,
    Azeem

    Depends on the wireless clients, the radio used (802.11a or 802.11b), data rates, distance from the AP, interference. 
    Too many factors to mention.

  • Cisco 1142n Access Point

    Hi,
    I was planning on deploying a couple of 1131AG access points in a standard multiple SSID, multiple VLAN configuration, however, I'm now looking at deploying a single 1142n access point instead.
    In our environment we will have 11g, 11a/g and 11n clients. My questions is, in a mixed environmentlike this will the 11n clients be able to take full advantage of the speeds offered by 11n or will they be limited because the AP will have to run in mixed mode?
    Thanks
    Alyas

    Hi Alyas,
    What speed is your uplink?  10/100 or 1Gb?  The 1140 has one (1) 1Gb ethernet link.  To enable 802.11n, you need to configure WPA2/AES and channel bonding.
    Other things to look at are the following:
    1.  Client saturation per AP - How many clients are concurrently associated to ONE AP?  The higher the number the lower the wireless speed.  Cisco recommends no more than 25 clients per AP is ideal.
    2.  Client WLAN NIC and drivers - Are the drivers up-to-date?  Do they support 802.11n?
    3.  The distance of the client from the AP - The further the client(s) are from the AP the lower the speed.  The signal strength should be no more than -65 dBm (lower the better) and the signal-to-noise-ratio (SNR) should be 25 dBm (higher the better). 
    4.  What type of traffic?  Unicast, multicast or broadcast?
    5.  Obstacles between the AP(s) and clients - Are there any concrete/cinder block/brick walls?  Elevator shafts?  Fire escape?  Wooden or gyprocks are OK.
    6.  Radio interference - Other APs transmitting in the same channel as you.
    I'd recommend a wireles site survey but with one or two APs it's not worth it.
    Hope this helps.

Maybe you are looking for

  • Lion will not install on a January 2008 Mac Pro (3.1)

    I have a January 2008 Mac Pro (version 3.1) and I'm trying to install Lion on one of the hard drives in the main chassis. It has consistently failed. I have tried: Reseating memory Reseathing hard drives Zap PRAM Reset SMC Downloaded 4 fresh copies o

  • MacBook Pro crashes when closing lid while in windows 8.1

    I use a late-2011 MacBook Pro with Mavericks for work and run Windows 8.1 as my daily driver via Boot Camp. I've been running this setup for about a month without incident, but within the past week whenever I close the laptop it starts acting really

  • Is this practical?

    We want to create a java application that'll generate digital certificates for our clients. The Certificates will be signed by us, this way we could know we could trust ourselves rather than a third-party CA. The idea came to implement this when we r

  • Problem with location bar search

    Before upgrading to Firefox4, when I'd type something in the box, Firefox would try to direct me to the location I'd intended. But now with Firefox4, it doesn't happen anymore, and instead, it shows a search result by Babylon Search. what can I do to

  • Buttons grayed out in STS portal

    Hi, A STS hierarchy is set in BPS_TC, the users are assigned against the hierarchy nodes. But when the user check the STS report in portal, then they get buttons which are grayed out. This happens to the entire nodes Any particular reason why the but