Cisco aironet 1232AG is not secure

Similar Messages

• CISCO Aironet access point - not able to connect by user.

  Hi,
  I have CISCO Aironet access point C1130 in my network , but not able to connect by users, I can see below logs from access point. please help on this.
  Jun 13 17:50:10.686: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:10.686: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:15.678: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:15.678: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:20.544: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:20.544: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:24.832: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:24.832: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:29.741: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
  Jun 13 17:50:29.741: RADIUS: Fail-over denied to  (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:29.741: RADIUS: No response from (20.33.100.11:1645,1646) for id 1645/247         
  Jun 13 17:50:29.741: RADIUS/DECODE: No response from radius-server; parse response; FAIL         
  Jun 13 17:50:29.741: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL         
  Jun 13 17:50:29.741: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAILOVER_RETRY         
  Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response         
  Jun 13 17:50:29.742: Client 5864.6c67.3718 failed: EAP reason 0         
  Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: Failed client 5894.6b37.3518 with aaa_req_status_detail 0         
  Jun 13 17:50:29.742: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 5894.6b37.3518         
  Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 5894.6b37.3518         
  Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds         
  Jun 13 17:50:29.743: dot11_auth_dot1x_send_client_fail: Authentication failed for 5894.6b37.3518         
  Jun 13 17:50:29.743: %DOT11-7-AUTH_FAILED: Station 5894.6b37.3518 Authentication failed
  Regards,       

  Hi Niham,
  You can try few things to troubleshoot this -
  1. check the reachability of Radius server from your wlc (ping).
  2. verify the IP address of Raduis server configured on wlc.
  3. wlc in the Radius server ?
  4. Shared Secret must be same on wlc and in raduis server.
  Plz do not forget to rate useful post.
  Thanks

• Configuring wireless card Cisco Aironet 350 PCI

  I'm not a newbie in linux but now faced with a trouble. I could not manage to set up the card properly. I just installed Arch 0.8 and it's not quite clear to me how to do this with Arch. I've read all available Arch's docs on this topic.
  So my situation's the following:
  I have the wireless card Cisco Aironet 350 PCI and I've been using it with Slackware for a year. It works quite fine. But now, when I decided to move to Arch - I cannot set it up. My card's using `airo` module and it is loading well. All the present network devices are recognized. I can see this by ifconfig -a.
  I have 2 NICs in my system:
  1) simple Ethernet card - eth0. Is switched off in rc.conf
  2) wireless. There are 2 different devices for it in my system: eth1 and wifi0 (and it's correct). I don't know why is it so and how about this with other wireless cards.
  For example I placed here network configs from my Slackware which works well with them and expect your advice on how to do the same with Arch.
  /etc/rc.d/rc.inet1.conf:
  ##IPADDR[0]="" #wired NIC is off
  ##NETMASK[0]=""
  ##USE_DHCP[0]="yes"
  ##DHCP_HOSTNAME[0]=""
  # Config information for eth1:
  IPADDR[1]="xx.xx.225.8"
  NETMASK[1]="255.255.255.0"
  USE_DHCP[1]=""
  DHCP_HOSTNAME[1]=""
  # Default gateway IP address:
  GATEWAY="xx.xx.225.254"
  /etc/rc.d/rc.wireless.conf:
  # Cisco/Aironet 4800/3x0
  # Note : MPL driver only (airo/airo_cs), version 1.3 or later
  00:0F:F8:*)
  INFO="Cisco/Aironet"
  ESSID="MoyEssid"
  MODE="Managed"
  KEY="xxxx-xxxx-xx open"
  Here  is the ifconfig and iwconfig output in Slackware:
  ifconfig:
  eth1 Link encap:Ethernet HWaddr 00:0F:F8:4D:EF:2A
  inet addr:xx.xx.225.8 Bcast:xx.xx.225.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
  TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
  collisions:785 txqueuelen:1000
  RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
  Interrupt:10 Base address:0xb800
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  wifi0 Link encap:UNSPEC HWaddr 00-0F-F8-4D-EF-2A-00-00-00-00-00-00-00-00-00-00
  UP BROADCAST RUNNING MULTICAST MTU:2312 Metric:1
  RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
  TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
  collisions:785 txqueuelen:100
  RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
  Interrupt:10 Base address:0xb800
  iwconfig:
  eth1 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
  Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
  Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
  Retry limit:16 RTS thr:off Fragment thr:off
  Encryption key:****-****-** Security mode:open
  Power Management:off
  Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
  Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
  Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
  wifi0 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
  Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
  Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
  Retry limit:16 RTS thr:off Fragment thr:off
  Encryption key:****-****-** Security mode:open
  Power Management:off
  Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
  Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
  Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
  Who is aware - please describe or give me a link on this, how the two devises eth1 and wifi0 are connected to each other and how to set them up in Arch.
  Thnx.

  Excellent! It works! Thank U very much.
  My conclusion - /etc/network-profiles/ is much more suitable way/place to set your wireless network parameters even it's quite steady.
  And now I have a couple of extra questions:
  1) What should I do with actual network parameters in rc.conf? Currently they looks like:
  lo="lo 127.0.0.1"
  #eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
  INTERFACES=(lo !eth0)
  gateway="default gw 192.168.0.1"
  ROUTES=(!gateway)
  NET_PROFILES=(tier)
  and that looks and works OK. What about gateway? Should I comment it here or not?
  2)Though everything works fine now, I can see that wifi0 device is not listed by ifconfig now (only by iwconfig), but in my Slackware system it is. Don't have I to mention my wifi0 device in network profile's section:
  #WIFI_INTERFACE=wlan0   # use this if you have a special wireless interface
                          # that is linked to the real $INTERFACE
  Thnx!
  And sorry for ugly English

• Cisco Aironet and Apple Airport - Pb with roaming

  Hello,
  I'm having a problem with roaming between one Cisco Aironet 1232AG AP and one Airport Extreme basestation. Both AP are on the same subnet, hidden network and WEP 40bits.
  0->Cisco->Apple->Cisco->....... works fine
  0->Apple->Cisco doesn't works
  0-> means Pwk restarted
  Any clues?
  Thanks

  No. I tried with both AP on the same channel or on a different channel same issue. Also, same problem with WEP 128bits. However the issue disappears with WPA personal (TKIP or AES-CCMP)

• Cisco Aironet FW 15.2 Does not work with Non-Cisco Media Bridges

  I have a Cisco Aironet 1142i that was just updated from 12.4(23c)JY to 15.2(4)JA1 (don’t think model matters as the issue seem to be the firmware) and now I cannot get my media bridges (3 different ones) to either connect to the 1142 AP or obtain and pass the DHCP addresses to other device connected to the built in switch. If I reload the 1142 AP firmware to 12.4, than this works fine. I have not seen anything in the release notes that changed how this works or if there is I could not find it.
  Does anyone know why this changed and if there is any settings that I need to enabled / disable?
  Any help on this would be greatly appreciated

  More info to add to this.
  AIR-AP1142N-A-K9 Hardware Version of v06 works with firmware 15.2.
  AIR-AP1142N-A-K9 Hardware Version v05 does not work with firmware 15.2, but will when downgraded to firmware 12.4.
  I'm also having this issue with Cisco Aironet 3602 Fw 15.2(2)JB and 3502 Fw 15.2(2)JB$ that's on a Cisco 2500 WLAN Controller Sw Ver. 7.4.100.0.
  Any help on this would be greatly appreciated

• CISCO top 10 security events / logs for cisco aironet 3500? lan controller 5500

  As a sec analyst I'm tasked to monitor my Wireless enviroment which compromises of following components
  We are using cisco aironet 3500 series .
  Lan controller 5500
  MSE 3300 series
  WCS v 5.0
  Is there a top 10 sec events that i should be looking at? is there a thing like cisco top 10 sec events ? or do i have to follow external resource like SANS for this. I'm sure here are guys who have worked in this enviroment and probably can advise me the events I' should be concerned at?

  Reference:
  Cisco Wireless LAN Controller System Message Guide
  http://www.cisco.com/en/US/docs/wireless/controller/7.4/message/guide/sysmsg74.html
  http://www.cisco.com/en/US/docs/wireless/controller/message/guide/controller_smg.html

• How to change default admin password on Cisco Aironet 1040

  How do I change the default username and password on the Cisco Aironet 1040. There is a default set and I want to change that to secure the device. I've checked the manual and can't seem to find the directions. Any ideas?

  Hi Brian,
  If this AP is already registered with a WLC then you can change it via WLC.
  In WLC GUI, go to Wireless -> Select the AP -> Credential -> Override Global Credential-> Update username/pw/enable pw
  In WLC CLI, you can configure it like this. If it is for all APs, then select all, otherwise AP name.
  (WLC3) >config ap mgmtuser add username admin password Cisco123 secret Cisco123 ?
  all            Applies the configuration to every AP that does not have a specific user name.
       Enter the name of the Cisco AP.
  (WLC3) >config ap mgmtuser add username password secret
  (WLC3) >save config
  Are you sure you want to save? (y/n) y
  If it is Autonomous AP you can configure using the "username xxxx password xxx" IOS command
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Cisco Aironet 1300 QoS

  Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
  Using 1283 out of 32768 bytes
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname LHS-WeightRoom-WCV
  ip subnet-zero
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  dot11 ssid wcv
  authentication open
  guest-mode
  dot11 ssid wcvcisco
  authentication open
  infrastructure-ssid optional
  username root privilege 15 password 7 0247335A05320A2244
  username Cisco privilege 15 password 7 074E164D403D1C061F
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid wcv
  ssid wcvcisco
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
  54.0
  station-role root bridge
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  hold-queue 80 in
  interface BVI1
  ip address 10.141.8.6 255.255.254.0
  no ip route-cache
  ip default-gateway 10.141.8.5
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

  Here is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
  http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html

• Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP

  I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
  https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
  But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.

  I did configure the Server 2008 R2 RADIUS Server using this video below: 
  https://www.youtube.com/watch?v=g-0MM_tK-Tk
  I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
  I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this.

• Cisco Aironet 1130AG WPA2 Configuration

  Hi everyone,
  First of all, let me introduice myself. I just graduated as an IT-engineer and started working in a company who gives support to their users, but also does installations. One day a week I am permanent located with 1 customer. I give support to users, but also implement new systems. I really love networking, but it's really not my strongest point. Especcialy when it comes to CLI. So I was hoping you could help me.
  With this customer they have 4 floors with on each floor a Cisco Aironet 1130AG. At the moment they are using WEP as a protection with a really long key. The users find this annoying, but I am more concerned about the security perspective. So I want to implement WPA2 with a shorter key for the people to remember. On one floor, I also want to add a public network when other people want to connect and just need internet access.
  Is it possible you guys could help me change the current set-up and give advices regarding the security and implementation. For me I would be great if all of the Access Points could work togheter and just be 1 wireless network. I don't know if this is possible and how to do it? For the public network I know there also need to be some changes in VLAN's, so I would appreciate the help there for setting up trunks. The firewall is a cisco ASA5505.
  At the moment I am running this configuration:
  I tried setting up this with the GUI, but it doesn't look like the configuration at the moment is shown in the GUI or maybe I am just looking in the wrong places.
  Thanks again for helping me configure this!! Much appreciated!
  !version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO-AP-V0!enable secret 5 $1$vhoF$wv3N1r1sMiiuhGgQTpx5b0!no aaa new-model!!!dot11 ssid private-v0   authentication open    guest-mode!power inline negotiation prestandard source!!username Cisco password 7 14341B180F0B!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 FD0B4EB47C9301A55E6A685157C8 transmit-key encryption mode wep mandatory ! ssid private-v0 ! speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 packet retries 128 drop-packet station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption key 1 size 128bit 7 4A476E1E760D683C46307A755A29 transmit-key encryption mode wep mandatory ! ssid private-v0 ! no dfs band block speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.2.220 255.255.255.0 no ip route-cache!ip default-gateway 192.168.2.1ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagbridge 1 route ip!!!line con 0line vty 0 4 login local!end

  Look at those:
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008055c39a.shtml
  HTH
  Amjad

• Unstable Cisco Aironet 1231

  I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
  I have one SSID and uses WPA-PSK (TKIP).
  The configuration seams wary straight forward, but something is wrong.
  The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
  What could be the course of instability?
  The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
  Best Regards
  Martin
  AP1#sh run
  Building configuration...
  Current configuration : 2227 bytes
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname AP1
  enable secret xxx
  clock timezone GMT 1
  ip subnet-zero
  ip domain name mydom.com
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 ssid myssid
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii xxx
  username Cisco password xxx
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid myssid
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  channel 2412
  station-role root
  no cdp enable
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no cdp enable
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface BVI1
  ip address 192.168.1.105 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  access-list 111 permit tcp any any neq telnet
  no cdp run
  radius-server local
  no authentication leap
  no authentication mac
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  access-class 111 in
  line vty 0 4
  access-class 111 in
  sntp server 212.242.xx.207
  sntp broadcast client
  end
  AP1#

  A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
  The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
  Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
  "Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
  If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
  Good Luck
  Scott

• X120e - Will a USB-connected Cardbus Cisco Aironet card go around whitelist restrictions?

  I have a x120e that I'm trying to get with Cisco LEAP security.  The Cisco Aironet  (AIR-CB21AG-A-K9) cardbuss card will connect to LEAP but I'm wondering if connecting this cardbus card to the x120e via a Cardbus to USB adapter will allow me to connect this WiFi card to the x120e.  I have run up against the whitelist restrictions when I tried to replace the half mini PCI card with an Intel WiFi card.  I haven't quite worked up the courage to flash the BIOS with a new adapter name.    DaveM

  Hello,
  I have not heard of anyone using that particular solution.  Perhaps you could test it and let us know the results.
  Have you looked for an external USB Wi-Fi adapter that supports Cisco LEAP protocol?  I would think that would be easier to use, though, not to mention more convient to carry around, especially with a USB extension cable or right-angle adapter.
  Regards,
  Aryeh Goretsky
  I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
  S230u (3347-4HU) • X220 (4286-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
    Deutsche Community   Comunidad en Español Русскоязычное Сообщество

• Cisco aironet 1130 and Intermec CV30

  Hi to all,
  I've a little problem with three Cisco 1130 AP. Anticipately i tell you that i'm not a guru of cisco wireless, but my implementation is very simple. I need a roaming for the 3 AP. I only have Ap, so i configure one as Master Ap and the others like repeater with cisco aironet extension configured. All 3 on the same channel and only the Master one broadcast SSID. Wep security implemented. My Cv30 terminals randomly loose the signal also if they're near an AP. They use windows mobile but i think is only a wrong config problem. I need help. Thank you very much.
  Alex

  The device is using the LWAPP image.. please upgade the same to autonomous image and convert the same..
  Please use the below doc that i hv written and this will helpu!!
  https://supportforums.cisco.com/docs/DOC-14960
  Please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Cisco Aironet 1140: 3 of our 4 are always hanging

  Our office has 4 Cisco Aironet 1140 access points mounted on the ceiling. They are all powered via PoE. Every few days 3 of the 4 access points hang and have to be rebooted. When they hang I am not able to connect to their web interface to check the logs. The fourth, for some reason, always seems to stay alive.
  I checked the configuration for all AP's and "Hot Standby" is disabled
  They are all using static IP addresses. I've tried 2 different banks of static IP addresses and 3 of 4 still hange so I don't think this is an IP conflict
  I have saved the configurations and compared them and they are all identical, where possible.
  They all have software version: 12.4(21a)JA1
  They all have bootloader version: 12.4(23c)JA1
  I have tried to download the latest software/firmware, but unfortunately I do not have a valid service contract in place with Cisco and therefore can't download the latest version. All of our CISCO hardware was purchased from Amazon resellers and they can't seem to help me with this. I have also tried to contact Cisco and they can't seem to help either. If anyone has a suggestion on how I can get a valid service contract that information would also be very helpful!!!
  Does anyone have any ideas why 3 of our 4 access points would hang? When they hang, I can't login to the web interface and the logs seem to reset when I reset each access point. I have also set up an rsyslog server and I don't see a log entry that would indicate a problem.
  Any ideas?
  Thank you

  Here is the config for one of the AP's that keeps hanging:
  ! Last configuration change at 09:18:05 -1000 Mon Jan 30 2012 by admin
  ! NVRAM config last updated at 09:18:05 -1000 Mon Jan 30 2012 by admin
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname XXX2
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  clock timezone -1000 -10
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  dot11 syslog
  dot11 ssid XXX2
     authentication open
     authentication key-management wpa version 2
     guest-mode
     wpa-psk ascii 7 01234567890123456789012
  username admin privilege 15 password 7 01234567890123456789012
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid XXX2
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.100.252 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.100.1
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  snmp-server community MyCommunity RO
  bridge 1 route ip
  line con 0
  line vty 0 4
  sntp server 192.43.244.18
  sntp broadcast client
  end

• Setting up Cisco Aironet 1250 for home use

  Hey everyone,
  I'm rather new to the whole Enterprise Router lines. I've set up countless networks with Linksys routers in the past. However, this Aironet is giving me more trouble than I'd want it to. I was wondering if anyone could help. I've assigned it an IP Address and accessed that In-Browser interface and set up an SSID and activated the two extensions. I've been able to connect to the router with my computer and access the internet without restriction. However, when I attempt to connect a second PC or Laptop to the network, it won't allow network access to the second device. I've been stuck there forever. Is there any specific setup method I need to use to make sure more than one workstation/device? I want to use this router for home use, I often use laptops and move around the house a lot, so the advantage of better connection signal and speed is well worth it. Any help is highly apprieciated. If you need more information, don't hesitate to contact me.

  Sorry for my late reply. Here is the config:
  It wasn't connected to anything. This was a raw pull from a fresh cold boot.
  IOS Bootloader - Starting system.
  Xmodem file system is available.
  flashfs[0]: 150 files, 7 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 31868928
  flashfs[0]: Bytes used: 6406144
  flashfs[0]: Bytes available: 25462784
  flashfs[0]: flashfs fsck took 16 seconds.
  Reading cookie from flash parameter block...done.
  Base Ethernet MAC address: 54:75:d0:dd:b5:12
  Loading "flash:/c1250-k9w7-mx.124-10b.JDA3/c1250-k9w7-mx.124-10b.JDA3"...##################################################################################################################################################################################################################
  File "flash:/c1250-k9w7-mx.124-10b.JDA3/c1250-k9w7-mx.124-10b.JDA3" uncompressed and installed, entry point: 0x3000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Sun 07-Jun-09 03:50 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x01000000
  Initializing flashfs...
  flashfs[1]: 150 files, 7 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 31868928
  flashfs[1]: Bytes used: 6406144
  flashfs[1]: Bytes available: 25462784
  flashfs[1]: flashfs fsck took 4 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  Warning:  the compile-time code checksum does not appear to be present.
  Radio 1 A600 8000 0 0 A8030000 30
  Radio 1 A600 8000 0 0 B8030000 13
  tx_paks 1293
  tx_paks 646
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
  [email protected]. AIR-AP1252AG-A-K9    (PowerPC 8349) processor (revision C0) with 49142K/16384K bytes of memory.
  Processor board ID FTX1423902R
  PowerPC 8349 CPU at 533Mhz, revision number 0x0031
  Last reset from power-on
  1 Gigabit Ethernet interface
  2 802.11 Radio(s)
  If
  cisco
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 54:75:D0:DD:B5:12
  Part Number                          : 73-10425-06
  PCA Assembly Number                  : 800-27630-06
  PCA Revision Number                  : B0
  PCB Serial Number                    : FOC142025F4
  Top Assembly Part Number             : 800-29039-03
  Top Assembly Serial Number           : FTX1423902R
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-AP1252AG-A-K9
  Press RETURN to get started!
  *Mar  1 00:00:06.211: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
  *Mar  1 00:00:07.039: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
  *Mar  1 00:00:07.543: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
  *Mar  1 00:00:09.587: %SYS-5-CONFIG_I: Configured from memory by console
  *Mar  1 00:00:09.591: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Sun 07-Jun-09 03:50 by prod_rel_team
  *Mar  1 00:00:09.591: %SNMP-5-COLDSTART: SNMP agent on host Cisco1250 is undergoing a cold start
  *Mar  1 01:37:52.027: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
  *Mar  1 01:37:52.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 01:37:52.707: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 01:37:53.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 01:37:53.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
  *Mar  1 01:37:53.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 01:37:54.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 01:37:54.695: %CDP_PD-4-POWER_OK: Full power - INJECTOR_DETECTED inline power source
  *Mar  1 01:37:54.703: %DOT11-4-NO_HT: Interface Dot11Radio1, Mcs rates disabled on vlan 0 due to not using AES encryption or
  *Mar  1 01:37:58.303: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5180 selected
  *Mar  1 01:37:58.307: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 01:37:58.307: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 0 due to not using AES encryption or
  *Mar  1 01:37:58.311: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 13 seconds
  *Mar  1 01:37:59.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Mar  1 01:38:00.307: %LINK-3-UPDOWN: Interface BVI1, changed state to down
  *Mar  1 01:38:02.931: %LINK-3-UPDOWN: Interface BVI1, changed state to up
  *Mar  1 01:38:11.919: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2462 selected
  *Mar  1 01:38:11.923: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 01:38:12.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  Cisco1250>enable
  Password:
  Cisco1250#show running-config
  Building configuration...
  Current configuration : 1717 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Cisco1250
  enable secret 5 $1$jDeQ$cFdx0aHAd8wj8tk6CCmXq/
  no aaa new-model
  dot11 ssid Home Network
     authentication open
     guest-mode
  power inline negotiation prestandard source
  username Cisco password 7 05280F1C2243
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption key 1 size 128bit 7 23D0220D02AE7FA723492AA01E34 transmit-key
  encryption mode wep mandatory
  ssid Home Network
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption key 1 size 128bit 7 0B4935657C801B3620154AB56630 transmit-key
  encryption mode wep mandatory
  ssid Home Network
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.0.1 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  snmp-server community Community RW
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  end
  They way I connect it in the network is as follows:
  BrightHouse Networks ISP Modem --> Cisco Aironet 1252 --> Incoming connections from computers and laptops.
  Any ideas?