Cisco Aironet 1400 - security
Dear all,
I'm currently configuring 2 Cisco 1400 Bridges. One is the root bridge the other the non-root bridge (ok logic :-) ).
I wanted to know what is possible for using certificates for the non-root bridge or to use the local radius on the root bridge to increase the security level of the wlan network.
I tried to reach the local radius on the root bridge, but I'm always getting a 404 error. After reading some Cisco docs, it said that we need to use AAA new model from the CLI, I did it without success.
What would you recommend to ensure a good security level for the wireless link?
I'm open to use certificates or a Radius (local or IAS) or any suggestions you may have.
Any help or or suggestions are very welcomed...
Thanks per advance,
Regards
The only EAP types supported by BR1410 is LEAP. You should able to configure LEAP client on the non-root bridge:
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_15_JA/configuration/guide/s15rep.html#wp1036921
The above URL is for repeater; however, it is the same for non-root bridge.
You may already know. If you want to set up local radius server, the following URL should be useful:
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_15_JA/configuration/guide/s15local.html
Similar Messages
-
I have users offsite connected to the main network via Aironet 1400s. In the past we have used port security statements on a 2950 to allow only specific Mac addresses on the link.
I have had to setup a second vlan at this remote location and as a result I have trunked the port, which prevents me from using port security statements.
I thought about using a RADIUS server, but after doing some reading it looks like it will only authenticate the non-root bridge, not the clients connected to it.
I considered using access lists but I want to be able to log any denials/security violations, and this is not an option when using extended (700) access lists.
Any suggestions would be appreciated.You can configure the AP to authenticate the users,
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_installation_and_configuration_guide_chapter09186a0080101c23.html -
Hi all, what is the replacment model for the eol 1400 series Ap's that I need to purchase?
Thanks
MartynKindly review the below link:
http://www.exaltcom.com/uploadedFiles/003_-_Products/005_-_Data_Sheets/DS-Cisco-ExtendAir-r5005-B-1010.pdf -
Question about aironet 1400 bridge
We are currently trying to set up a link
across the street using 2 bridges. My concern is more of a mounting one and what needs to be visible for the link to work
We are 13 stories up ..and the building across the street is 11 stories up...
We have purches the 9.5 dbi sector antenna. Can I keep the Bridge itself
on the inside and just mounth the antenna
on the outside? While reading the doc, it appeared that the Bridge itself had an antennaHi Richard,
The 1400 can be ordered in two models as shown below (with either one the Bridge itself will be mounted outdoors);
Cisco Aironet 1400 Series Bridge with 22.5 dBi Antenna
The Cisco Aironet 1400 Series Wireless Bridge features an 802.11a 5.8 GHz radio, which supports data rates up to 54 Mbps. With this option, a 22.5 dBi patch array antenna is integrated into the ruggedized enclosure
Cisco Aironet 1400 Series Wireless Bridge with Captured Antenna
Product Number
AIR-BR1410A-A-K9
Cisco Aironet 1400 Series Wireless Bridge with N-Type Connector
A connectorized version provides professional installers with an N-Type connector that allows the deployment of the root nodes of point-to-multipoint networks with omni-directional or sector antennas, or of high-gain dish antennas for longer links (Table 2).
Table 2 Cisco Aironet 1400 Series Wireless Bridge with N-Type Connector
Product Number
AIR-BR1410A-A-K9-N
http://www.cisco.com/en/US/products/hw/wireless/ps5279/prod_technical_reference09186a0080184933.html
Quick Start Guide Cisco Aironet 1400 Series Wireless Bridge
http://www.cisco.com/en/US/docs/wireless/bridge/1400/quick/guide/br1410qs.html
The 9.5 Sector Antenna is used for Point to Multi-Point Links;
1400 With 9.5 Sector;
http://www.cisco.com/en/US/docs/wireless/antenna/installation/guide/14sect.html
Hope this helps!
Rob -
Aironet 1400 Point to Multipoint Bridging
Hello Everybody
I`m already desinging a Wireless Point to Multipoint Bridging with Aironet 1400. I was Wondering if on the Central point the 1400 should has a external omnidireccional anntena to support all the others bridges... that is: this AP will be the multipoint bridge.
Could I use all the 1400 AP with integrated anntenas and get that the Central AP work in a multipoint configuration?
Thanks in advance.Hi,
Cisco Aironet 1400 has a model with integrated 22.5 dBi patch array antenna, the AIR-BR1410A-A-K9.
The integrated radio and high-gain integrated patch array antenna is used in point-to-point links and the non-root nodes of point-to-multipoint networks.
You can (need to) use the external omnidirectional AIR-ANT58G9VOA-N antenna type for your N-type root bridge unit (AIR-BR1410A-A-K9-N).
Basically, these models are ideal for each other in both point-to-point & point-to-multipoint connectivity scenarios.
Cisco 1400 N-type is recommended to use the following external antenna type:
* 9.0 dBi vertically polarized omni antenna --> you need this
* 9.5 dBi sector antenna with support for vertical or horizontal linear polarization
* 28.0 dBi dish antenna with support for vertical or horizontal linear polarization
ref: http://www.cisco.com/en/US/partner/products/hw/wireless/ps5279/products_data_sheet09186a008018495c.html
Aironet 1400 Bridge Ref:
http://www.cisco.com/en/US/partner/products/hw/wireless/ps5279/prod_technical_reference09186a0080184933.html
Rgds,
AK -
Hello all,
Help please!
The led "uplink activity" in the cisco aironet 1400 -power injector lr- is off. I have checked coaxial and connectors, they are ok. I can not access the bridge by ethernet or telnet. I have reseted the bridge also, but the signal keep off. Is it a software/hardware problem?
ThanksIf you trun the AP backwards, what lights do you see. There are three lights down at the bottom and there is a sequence in which they blink. Please keep an eye on the blinking LED's.
http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15trb.html
http://www.cisco.com/en/US/docs/wireless/bridge/1400/installation/guide/higch6.html
I had the same problem and I upgraded the IOS on the bridges to the latest one and that did the trick. If it doesnot then its a hardware replacement.
HTH,
-as -
Cisco aironet 1232AG is not secure
Hi,
I just got a Cisco Aironet 1232AG access point. I only want use the MAC address authorization to allow some of PC to access this point. I did not use WEP. I added some MAC address in 1232AG. But I found some other wireless PC also can access the 1232AG point. It looks like use the MAC address is not secure at all.Hi Kevin,
Check out these 2 links about MAC filters:
MAC Address Authentication to the Network
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080184a87.html#1034875
Assigning Authentication Types to an SSID
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080184a87.html#55579
Hope this helps!
Rob
Please remember to rate helpful posts....... -
CISCO top 10 security events / logs for cisco aironet 3500? lan controller 5500
As a sec analyst I'm tasked to monitor my Wireless enviroment which compromises of following components
We are using cisco aironet 3500 series .
Lan controller 5500
MSE 3300 series
WCS v 5.0
Is there a top 10 sec events that i should be looking at? is there a thing like cisco top 10 sec events ? or do i have to follow external resource like SANS for this. I'm sure here are guys who have worked in this enviroment and probably can advise me the events I' should be concerned at?Reference:
Cisco Wireless LAN Controller System Message Guide
http://www.cisco.com/en/US/docs/wireless/controller/7.4/message/guide/sysmsg74.html
http://www.cisco.com/en/US/docs/wireless/controller/message/guide/controller_smg.html -
How to change default admin password on Cisco Aironet 1040
How do I change the default username and password on the Cisco Aironet 1040. There is a default set and I want to change that to secure the device. I've checked the manual and can't seem to find the directions. Any ideas?
Hi Brian,
If this AP is already registered with a WLC then you can change it via WLC.
In WLC GUI, go to Wireless -> Select the AP -> Credential -> Override Global Credential-> Update username/pw/enable pw
In WLC CLI, you can configure it like this. If it is for all APs, then select all, otherwise AP name.
(WLC3) >config ap mgmtuser add username admin password Cisco123 secret Cisco123 ?
all Applies the configuration to every AP that does not have a specific user name.
Enter the name of the Cisco AP.
(WLC3) >config ap mgmtuser add username password secret
(WLC3) >save config
Are you sure you want to save? (y/n) y
If it is Autonomous AP you can configure using the "username xxxx password xxx" IOS command
HTH
Rasika
*** Pls rate all useful responses **** -
Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
Using 1283 out of 32768 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LHS-WeightRoom-WCV
ip subnet-zero
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 ssid wcv
authentication open
guest-mode
dot11 ssid wcvcisco
authentication open
infrastructure-ssid optional
username root privilege 15 password 7 0247335A05320A2244
username Cisco privilege 15 password 7 074E164D403D1C061F
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid wcv
ssid wcvcisco
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
interface BVI1
ip address 10.141.8.6 255.255.254.0
no ip route-cache
ip default-gateway 10.141.8.5
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
line vty 0 4
endHere is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html -
Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP
I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.I did configure the Server 2008 R2 RADIUS Server using this video below:
https://www.youtube.com/watch?v=g-0MM_tK-Tk
I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this. -
Cisco Aironet 1131G cannot access BVI
I have configure our Cisco Aironet 1131G with Multiple SSID with VLAN's
The Guest VLAN is working well and no problem,
The issue i have is that I cannot connect to the BVI on the Wireless AP, i have setup to VLAN's
2 = LAN & NATIVE VLAN
999 = GUEST VLAN
this is my config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname NAFTA_AP_003
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap2
server 10.1.122.50 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 syslog
dot11 vlan-name GUEST vlan 999
dot11 vlan-name LAN vlan 2
dot11 ssid Nufarm_EXT
vlan GUEST
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 053B0918245E6308015546
dot11 ssid Nufarm_INT
vlan 2
authentication open eap eap_methods2
authentication network-eap eap_methods2 mac-address mac_methods
authentication key-management wpa
username nemesis privilege 15 secret 5 $1$SjHa$TGIGBh.IhLNgflxBreKYf.
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan GUEST mode ciphers aes-ccm tkip
encryption vlan 2 mode ciphers tkip
ssid Nufarm_EXT
ssid Nufarm_INT
channel 2422
station-role root
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.999
encapsulation dot1Q 999
no ip unreachables
no ip proxy-arp
no ip route-cache
no cdp enable
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.999
encapsulation dot1Q 999
no ip unreachables
no ip route-cache
no cdp enable
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
interface BVI1
ip address 10.1.2.242 255.255.255.0
no ip route-cache
ip default-gateway 10.1.2.254
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.1.122.50 auth-port 1645 acct-port 1646 key 7 03516213160B73435E0C2D16110504
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
endAh, yeah that would do it, makes the swich want the VLAN to be tagged. Nice catch on that!
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later. -
Cisco Aironet 1130AG WPA2 Configuration
Hi everyone,
First of all, let me introduice myself. I just graduated as an IT-engineer and started working in a company who gives support to their users, but also does installations. One day a week I am permanent located with 1 customer. I give support to users, but also implement new systems. I really love networking, but it's really not my strongest point. Especcialy when it comes to CLI. So I was hoping you could help me.
With this customer they have 4 floors with on each floor a Cisco Aironet 1130AG. At the moment they are using WEP as a protection with a really long key. The users find this annoying, but I am more concerned about the security perspective. So I want to implement WPA2 with a shorter key for the people to remember. On one floor, I also want to add a public network when other people want to connect and just need internet access.
Is it possible you guys could help me change the current set-up and give advices regarding the security and implementation. For me I would be great if all of the Access Points could work togheter and just be 1 wireless network. I don't know if this is possible and how to do it? For the public network I know there also need to be some changes in VLAN's, so I would appreciate the help there for setting up trunks. The firewall is a cisco ASA5505.
At the moment I am running this configuration:
I tried setting up this with the GUI, but it doesn't look like the configuration at the moment is shown in the GUI or maybe I am just looking in the wrong places.
Thanks again for helping me configure this!! Much appreciated!
!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO-AP-V0!enable secret 5 $1$vhoF$wv3N1r1sMiiuhGgQTpx5b0!no aaa new-model!!!dot11 ssid private-v0 authentication open guest-mode!power inline negotiation prestandard source!!username Cisco password 7 14341B180F0B!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 FD0B4EB47C9301A55E6A685157C8 transmit-key encryption mode wep mandatory ! ssid private-v0 ! speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 packet retries 128 drop-packet station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption key 1 size 128bit 7 4A476E1E760D683C46307A755A29 transmit-key encryption mode wep mandatory ! ssid private-v0 ! no dfs band block speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.2.220 255.255.255.0 no ip route-cache!ip default-gateway 192.168.2.1ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagbridge 1 route ip!!!line con 0line vty 0 4 login local!endLook at those:
www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008055c39a.shtml
HTH
Amjad -
Configuring wireless card Cisco Aironet 350 PCI
I'm not a newbie in linux but now faced with a trouble. I could not manage to set up the card properly. I just installed Arch 0.8 and it's not quite clear to me how to do this with Arch. I've read all available Arch's docs on this topic.
So my situation's the following:
I have the wireless card Cisco Aironet 350 PCI and I've been using it with Slackware for a year. It works quite fine. But now, when I decided to move to Arch - I cannot set it up. My card's using `airo` module and it is loading well. All the present network devices are recognized. I can see this by ifconfig -a.
I have 2 NICs in my system:
1) simple Ethernet card - eth0. Is switched off in rc.conf
2) wireless. There are 2 different devices for it in my system: eth1 and wifi0 (and it's correct). I don't know why is it so and how about this with other wireless cards.
For example I placed here network configs from my Slackware which works well with them and expect your advice on how to do the same with Arch.
/etc/rc.d/rc.inet1.conf:
##IPADDR[0]="" #wired NIC is off
##NETMASK[0]=""
##USE_DHCP[0]="yes"
##DHCP_HOSTNAME[0]=""
# Config information for eth1:
IPADDR[1]="xx.xx.225.8"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
# Default gateway IP address:
GATEWAY="xx.xx.225.254"
/etc/rc.d/rc.wireless.conf:
# Cisco/Aironet 4800/3x0
# Note : MPL driver only (airo/airo_cs), version 1.3 or later
00:0F:F8:*)
INFO="Cisco/Aironet"
ESSID="MoyEssid"
MODE="Managed"
KEY="xxxx-xxxx-xx open"
Here is the ifconfig and iwconfig output in Slackware:
ifconfig:
eth1 Link encap:Ethernet HWaddr 00:0F:F8:4D:EF:2A
inet addr:xx.xx.225.8 Bcast:xx.xx.225.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
collisions:785 txqueuelen:1000
RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
Interrupt:10 Base address:0xb800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
wifi0 Link encap:UNSPEC HWaddr 00-0F-F8-4D-EF-2A-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:2312 Metric:1
RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
collisions:785 txqueuelen:100
RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
Interrupt:10 Base address:0xb800
iwconfig:
eth1 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thr:off Fragment thr:off
Encryption key:****-****-** Security mode:open
Power Management:off
Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
wifi0 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thr:off Fragment thr:off
Encryption key:****-****-** Security mode:open
Power Management:off
Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
Who is aware - please describe or give me a link on this, how the two devises eth1 and wifi0 are connected to each other and how to set them up in Arch.
Thnx.Excellent! It works! Thank U very much.
My conclusion - /etc/network-profiles/ is much more suitable way/place to set your wireless network parameters even it's quite steady.
And now I have a couple of extra questions:
1) What should I do with actual network parameters in rc.conf? Currently they looks like:
lo="lo 127.0.0.1"
#eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(lo !eth0)
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
NET_PROFILES=(tier)
and that looks and works OK. What about gateway? Should I comment it here or not?
2)Though everything works fine now, I can see that wifi0 device is not listed by ifconfig now (only by iwconfig), but in my Slackware system it is. Don't have I to mention my wifi0 device in network profile's section:
#WIFI_INTERFACE=wlan0 # use this if you have a special wireless interface
# that is linked to the real $INTERFACE
Thnx!
And sorry for ugly English -
I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
I have one SSID and uses WPA-PSK (TKIP).
The configuration seams wary straight forward, but something is wrong.
The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
What could be the course of instability?
The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
Best Regards
Martin
AP1#sh run
Building configuration...
Current configuration : 2227 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP1
enable secret xxx
clock timezone GMT 1
ip subnet-zero
ip domain name mydom.com
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid myssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxx
username Cisco password xxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid myssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.1.105 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
no cdp run
radius-server local
no authentication leap
no authentication mac
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
sntp server 212.242.xx.207
sntp broadcast client
end
AP1#A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
"Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
Good Luck
Scott
Maybe you are looking for
-
DNS Host(A) records disappear after a while
Hi all, a few weeks ago we started to change the TCP/IP configuration of our printers from "static" to DHCP with reservations. The DHCP server is configured to register forward Host(A) and reverse PTR record on DNS on behalf of (all) clients, both ar
-
Hi Sir/Ma'am, How to make the medium in PO a Print Output as a default? Is it possible? or a user wants External Send as a default. Please help! Thanks in Advance!
-
Please explain the exact difference
package pkg; public class Kit{ public String glueIt(String a, String b){ return a+b} import pkg.*; class UseKit{ public static void main(String[] args){ String s=new Kit.glueIt(args[1],args[2]); System.out.println(s); }And the following s
-
Problem with Ultrabeat Muti channel (URGENT)
Hi all I am about to start a recording session and disaster has struck! I am trying to creat a mutichannel ultrabeat - I have an instance of SDtylus RMX working nicely on multi channel no probs. I have now created a multi channel instance of ultrabea
-
Lost my apps and music on upgrade
Just upgraded my iphone 4 whilst connected to itunes and it has lost all my apps and music!!!! im fuming!