Cisco Aironet 1400 - security

Similar Messages

• Aironet 1400 Security

  I have users offsite connected to the main network via Aironet 1400s. In the past we have used port security statements on a 2950 to allow only specific Mac addresses on the link.
  I have had to setup a second vlan at this remote location and as a result I have trunked the port, which prevents me from using port security statements.
  I thought about using a RADIUS server, but after doing some reading it looks like it will only authenticate the non-root bridge, not the clients connected to it.
  I considered using access lists but I want to be able to log any denials/security violations, and this is not an option when using extended (700) access lists.
  Any suggestions would be appreciated.

  You can configure the AP to authenticate the users,
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_installation_and_configuration_guide_chapter09186a0080101c23.html

• Cisco Aironet 1400 Series EoL

  Hi all, what is the replacment model for the eol 1400 series Ap's that I need to purchase?
  Thanks
  Martyn

  Kindly review the below link:
  http://www.exaltcom.com/uploadedFiles/003_-_Products/005_-_Data_Sheets/DS-Cisco-ExtendAir-r5005-B-1010.pdf

• Question about aironet 1400 bridge

  We are currently trying to set up a link
  across the street using 2 bridges. My concern is more of a mounting one and what needs to be visible for the link to work
  We are 13 stories up ..and the building across the street is 11 stories up...
  We have purches the 9.5 dbi sector antenna. Can I keep the Bridge itself
  on the inside and just mounth the antenna
  on the outside? While reading the doc, it appeared that the Bridge itself had an antenna

  Hi Richard,
  The 1400 can be ordered in two models as shown below (with either one the Bridge itself will be mounted outdoors);
  Cisco Aironet 1400 Series Bridge with 22.5 dBi Antenna
  The Cisco Aironet 1400 Series Wireless Bridge features an 802.11a 5.8 GHz radio, which supports data rates up to 54 Mbps. With this option, a 22.5 dBi patch array antenna is integrated into the ruggedized enclosure
  Cisco Aironet 1400 Series Wireless Bridge with Captured Antenna
  Product Number
  AIR-BR1410A-A-K9
  Cisco Aironet 1400 Series Wireless Bridge with N-Type Connector
  A connectorized version provides professional installers with an N-Type connector that allows the deployment of the root nodes of point-to-multipoint networks with omni-directional or sector antennas, or of high-gain dish antennas for longer links (Table 2).
  Table 2 Cisco Aironet 1400 Series Wireless Bridge with N-Type Connector
  Product Number
  AIR-BR1410A-A-K9-N
  http://www.cisco.com/en/US/products/hw/wireless/ps5279/prod_technical_reference09186a0080184933.html
  Quick Start Guide Cisco Aironet 1400 Series Wireless Bridge
  http://www.cisco.com/en/US/docs/wireless/bridge/1400/quick/guide/br1410qs.html
  The 9.5 Sector Antenna is used for Point to Multi-Point Links;
  1400 With 9.5 Sector;
  http://www.cisco.com/en/US/docs/wireless/antenna/installation/guide/14sect.html
  Hope this helps!
  Rob

• Aironet 1400 Point to Multipoint Bridging

  Hello Everybody
  I`m already desinging a Wireless Point to Multipoint Bridging with Aironet 1400. I was Wondering if on the Central point the 1400 should has a external omnidireccional anntena to support all the others bridges... that is: this AP will be the multipoint bridge.
  Could I use all the 1400 AP with integrated anntenas and get that the Central AP work in a multipoint configuration?
  Thanks in advance.

  Hi,
  Cisco Aironet 1400 has a model with integrated 22.5 dBi patch array antenna, the AIR-BR1410A-A-K9.
  The integrated radio and high-gain integrated patch array antenna is used in point-to-point links and the non-root nodes of point-to-multipoint networks.
  You can (need to) use the external omnidirectional AIR-ANT58G9VOA-N antenna type for your N-type root bridge unit (AIR-BR1410A-A-K9-N).
  Basically, these models are ideal for each other in both point-to-point & point-to-multipoint connectivity scenarios.
  Cisco 1400 N-type is recommended to use the following external antenna type:
  * 9.0 dBi vertically polarized omni antenna --> you need this
  * 9.5 dBi sector antenna with support for vertical or horizontal linear polarization
  * 28.0 dBi dish antenna with support for vertical or horizontal linear polarization
  ref: http://www.cisco.com/en/US/partner/products/hw/wireless/ps5279/products_data_sheet09186a008018495c.html
  Aironet 1400 Bridge Ref:
  http://www.cisco.com/en/US/partner/products/hw/wireless/ps5279/prod_technical_reference09186a0080184933.html
  Rgds,
  AK

• Aironet 1400 Ethernet

  Hello all,
  Help please!
  The led "uplink activity" in the cisco aironet 1400 -power injector lr- is off. I have checked coaxial and connectors, they are ok. I can not access the bridge by ethernet or telnet. I have reseted the bridge also, but the signal keep off. Is it a software/hardware problem?
  Thanks

  If you trun the AP backwards, what lights do you see. There are three lights down at the bottom and there is a sequence in which they blink. Please keep an eye on the blinking LED's.
  http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15trb.html
  http://www.cisco.com/en/US/docs/wireless/bridge/1400/installation/guide/higch6.html
  I had the same problem and I upgraded the IOS on the bridges to the latest one and that did the trick. If it doesnot then its a hardware replacement.
  HTH,
  -as

• Cisco aironet 1232AG is not secure

  Hi,
  I just got a Cisco Aironet 1232AG access point. I only want use the MAC address authorization to allow some of PC to access this point. I did not use WEP. I added some MAC address in 1232AG. But I found some other wireless PC also can access the 1232AG point. It looks like use the MAC address is not secure at all.

  Hi Kevin,
  Check out these 2 links about MAC filters:
  MAC Address Authentication to the Network
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080184a87.html#1034875
  Assigning Authentication Types to an SSID
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080184a87.html#55579
  Hope this helps!
  Rob
  Please remember to rate helpful posts.......

• CISCO top 10 security events / logs for cisco aironet 3500? lan controller 5500

  As a sec analyst I'm tasked to monitor my Wireless enviroment which compromises of following components
  We are using cisco aironet 3500 series .
  Lan controller 5500
  MSE 3300 series
  WCS v 5.0
  Is there a top 10 sec events that i should be looking at? is there a thing like cisco top 10 sec events ? or do i have to follow external resource like SANS for this. I'm sure here are guys who have worked in this enviroment and probably can advise me the events I' should be concerned at?

  Reference:
  Cisco Wireless LAN Controller System Message Guide
  http://www.cisco.com/en/US/docs/wireless/controller/7.4/message/guide/sysmsg74.html
  http://www.cisco.com/en/US/docs/wireless/controller/message/guide/controller_smg.html

• How to change default admin password on Cisco Aironet 1040

  How do I change the default username and password on the Cisco Aironet 1040. There is a default set and I want to change that to secure the device. I've checked the manual and can't seem to find the directions. Any ideas?

  Hi Brian,
  If this AP is already registered with a WLC then you can change it via WLC.
  In WLC GUI, go to Wireless -> Select the AP -> Credential -> Override Global Credential-> Update username/pw/enable pw
  In WLC CLI, you can configure it like this. If it is for all APs, then select all, otherwise AP name.
  (WLC3) >config ap mgmtuser add username admin password Cisco123 secret Cisco123 ?
  all            Applies the configuration to every AP that does not have a specific user name.
       Enter the name of the Cisco AP.
  (WLC3) >config ap mgmtuser add username password secret
  (WLC3) >save config
  Are you sure you want to save? (y/n) y
  If it is Autonomous AP you can configure using the "username xxxx password xxx" IOS command
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Cisco Aironet 1300 QoS

  Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
  Using 1283 out of 32768 bytes
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname LHS-WeightRoom-WCV
  ip subnet-zero
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  dot11 ssid wcv
  authentication open
  guest-mode
  dot11 ssid wcvcisco
  authentication open
  infrastructure-ssid optional
  username root privilege 15 password 7 0247335A05320A2244
  username Cisco privilege 15 password 7 074E164D403D1C061F
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid wcv
  ssid wcvcisco
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
  54.0
  station-role root bridge
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  hold-queue 80 in
  interface BVI1
  ip address 10.141.8.6 255.255.254.0
  no ip route-cache
  ip default-gateway 10.141.8.5
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

  Here is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
  http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html

• Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP

  I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
  https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
  But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.

  I did configure the Server 2008 R2 RADIUS Server using this video below: 
  https://www.youtube.com/watch?v=g-0MM_tK-Tk
  I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
  I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this.

• Cisco Aironet 1131G cannot access BVI

  I have configure our Cisco Aironet 1131G with Multiple SSID with VLAN's
  The Guest VLAN is working well and no problem,
  The issue i have is that I cannot connect to the BVI on the Wireless AP, i have setup to VLAN's
  2 = LAN & NATIVE VLAN
  999 = GUEST VLAN
  this is my config
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname NAFTA_AP_003
  logging rate-limit console 9
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa group server radius rad_eap2
  server 10.1.122.50 auth-port 1645 acct-port 1646
  aaa authentication login default local
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authentication login eap_methods2 group rad_eap2
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 mbssid
  dot11 syslog
  dot11 vlan-name GUEST vlan 999
  dot11 vlan-name LAN vlan 2
  dot11 ssid Nufarm_EXT
     vlan GUEST
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 053B0918245E6308015546
  dot11 ssid Nufarm_INT
     vlan 2
     authentication open eap eap_methods2
     authentication network-eap eap_methods2 mac-address mac_methods
     authentication key-management wpa
  username nemesis privilege 15 secret 5 $1$SjHa$TGIGBh.IhLNgflxBreKYf.
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan GUEST mode ciphers aes-ccm tkip
  encryption vlan 2 mode ciphers tkip
  ssid Nufarm_EXT
  ssid Nufarm_INT
  channel 2422
  station-role root
  interface Dot11Radio0.2
  encapsulation dot1Q 2 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.999
  encapsulation dot1Q 999
  no ip unreachables
  no ip proxy-arp
  no ip route-cache
  no cdp enable
  bridge-group 255
  bridge-group 255 subscriber-loop-control
  bridge-group 255 block-unknown-source
  no bridge-group 255 source-learning
  no bridge-group 255 unicast-flooding
  bridge-group 255 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.2
  encapsulation dot1Q 2 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.999
  encapsulation dot1Q 999
  no ip unreachables
  no ip route-cache
  no cdp enable
  bridge-group 255
  no bridge-group 255 source-learning
  bridge-group 255 spanning-disabled
  interface BVI1
  ip address 10.1.2.242 255.255.255.0
  no ip route-cache
  ip default-gateway 10.1.2.254
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 10.1.122.50 auth-port 1645 acct-port 1646 key 7 03516213160B73435E0C2D16110504
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

  Ah, yeah that would do it, makes the swich want the VLAN to be tagged.  Nice catch on that!
  HTH,
  Steve
  Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

• Cisco Aironet 1130AG WPA2 Configuration

  Hi everyone,
  First of all, let me introduice myself. I just graduated as an IT-engineer and started working in a company who gives support to their users, but also does installations. One day a week I am permanent located with 1 customer. I give support to users, but also implement new systems. I really love networking, but it's really not my strongest point. Especcialy when it comes to CLI. So I was hoping you could help me.
  With this customer they have 4 floors with on each floor a Cisco Aironet 1130AG. At the moment they are using WEP as a protection with a really long key. The users find this annoying, but I am more concerned about the security perspective. So I want to implement WPA2 with a shorter key for the people to remember. On one floor, I also want to add a public network when other people want to connect and just need internet access.
  Is it possible you guys could help me change the current set-up and give advices regarding the security and implementation. For me I would be great if all of the Access Points could work togheter and just be 1 wireless network. I don't know if this is possible and how to do it? For the public network I know there also need to be some changes in VLAN's, so I would appreciate the help there for setting up trunks. The firewall is a cisco ASA5505.
  At the moment I am running this configuration:
  I tried setting up this with the GUI, but it doesn't look like the configuration at the moment is shown in the GUI or maybe I am just looking in the wrong places.
  Thanks again for helping me configure this!! Much appreciated!
  !version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO-AP-V0!enable secret 5 $1$vhoF$wv3N1r1sMiiuhGgQTpx5b0!no aaa new-model!!!dot11 ssid private-v0   authentication open    guest-mode!power inline negotiation prestandard source!!username Cisco password 7 14341B180F0B!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 FD0B4EB47C9301A55E6A685157C8 transmit-key encryption mode wep mandatory ! ssid private-v0 ! speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 packet retries 128 drop-packet station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption key 1 size 128bit 7 4A476E1E760D683C46307A755A29 transmit-key encryption mode wep mandatory ! ssid private-v0 ! no dfs band block speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.2.220 255.255.255.0 no ip route-cache!ip default-gateway 192.168.2.1ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagbridge 1 route ip!!!line con 0line vty 0 4 login local!end

  Look at those:
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008055c39a.shtml
  HTH
  Amjad

• Configuring wireless card Cisco Aironet 350 PCI

  I'm not a newbie in linux but now faced with a trouble. I could not manage to set up the card properly. I just installed Arch 0.8 and it's not quite clear to me how to do this with Arch. I've read all available Arch's docs on this topic.
  So my situation's the following:
  I have the wireless card Cisco Aironet 350 PCI and I've been using it with Slackware for a year. It works quite fine. But now, when I decided to move to Arch - I cannot set it up. My card's using `airo` module and it is loading well. All the present network devices are recognized. I can see this by ifconfig -a.
  I have 2 NICs in my system:
  1) simple Ethernet card - eth0. Is switched off in rc.conf
  2) wireless. There are 2 different devices for it in my system: eth1 and wifi0 (and it's correct). I don't know why is it so and how about this with other wireless cards.
  For example I placed here network configs from my Slackware which works well with them and expect your advice on how to do the same with Arch.
  /etc/rc.d/rc.inet1.conf:
  ##IPADDR[0]="" #wired NIC is off
  ##NETMASK[0]=""
  ##USE_DHCP[0]="yes"
  ##DHCP_HOSTNAME[0]=""
  # Config information for eth1:
  IPADDR[1]="xx.xx.225.8"
  NETMASK[1]="255.255.255.0"
  USE_DHCP[1]=""
  DHCP_HOSTNAME[1]=""
  # Default gateway IP address:
  GATEWAY="xx.xx.225.254"
  /etc/rc.d/rc.wireless.conf:
  # Cisco/Aironet 4800/3x0
  # Note : MPL driver only (airo/airo_cs), version 1.3 or later
  00:0F:F8:*)
  INFO="Cisco/Aironet"
  ESSID="MoyEssid"
  MODE="Managed"
  KEY="xxxx-xxxx-xx open"
  Here  is the ifconfig and iwconfig output in Slackware:
  ifconfig:
  eth1 Link encap:Ethernet HWaddr 00:0F:F8:4D:EF:2A
  inet addr:xx.xx.225.8 Bcast:xx.xx.225.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
  TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
  collisions:785 txqueuelen:1000
  RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
  Interrupt:10 Base address:0xb800
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  wifi0 Link encap:UNSPEC HWaddr 00-0F-F8-4D-EF-2A-00-00-00-00-00-00-00-00-00-00
  UP BROADCAST RUNNING MULTICAST MTU:2312 Metric:1
  RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
  TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
  collisions:785 txqueuelen:100
  RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
  Interrupt:10 Base address:0xb800
  iwconfig:
  eth1 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
  Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
  Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
  Retry limit:16 RTS thr:off Fragment thr:off
  Encryption key:****-****-** Security mode:open
  Power Management:off
  Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
  Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
  Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
  wifi0 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
  Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
  Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
  Retry limit:16 RTS thr:off Fragment thr:off
  Encryption key:****-****-** Security mode:open
  Power Management:off
  Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
  Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
  Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
  Who is aware - please describe or give me a link on this, how the two devises eth1 and wifi0 are connected to each other and how to set them up in Arch.
  Thnx.

  Excellent! It works! Thank U very much.
  My conclusion - /etc/network-profiles/ is much more suitable way/place to set your wireless network parameters even it's quite steady.
  And now I have a couple of extra questions:
  1) What should I do with actual network parameters in rc.conf? Currently they looks like:
  lo="lo 127.0.0.1"
  #eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
  INTERFACES=(lo !eth0)
  gateway="default gw 192.168.0.1"
  ROUTES=(!gateway)
  NET_PROFILES=(tier)
  and that looks and works OK. What about gateway? Should I comment it here or not?
  2)Though everything works fine now, I can see that wifi0 device is not listed by ifconfig now (only by iwconfig), but in my Slackware system it is. Don't have I to mention my wifi0 device in network profile's section:
  #WIFI_INTERFACE=wlan0   # use this if you have a special wireless interface
                          # that is linked to the real $INTERFACE
  Thnx!
  And sorry for ugly English

• Unstable Cisco Aironet 1231

  I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.
  I have one SSID and uses WPA-PSK (TKIP).
  The configuration seams wary straight forward, but something is wrong.
  The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?
  What could be the course of instability?
  The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:
  Best Regards
  Martin
  AP1#sh run
  Building configuration...
  Current configuration : 2227 bytes
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname AP1
  enable secret xxx
  clock timezone GMT 1
  ip subnet-zero
  ip domain name mydom.com
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 ssid myssid
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii xxx
  username Cisco password xxx
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid myssid
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  channel 2412
  station-role root
  no cdp enable
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no cdp enable
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface BVI1
  ip address 192.168.1.105 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  access-list 111 permit tcp any any neq telnet
  no cdp run
  radius-server local
  no authentication leap
  no authentication mac
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  access-class 111 in
  line vty 0 4
  access-class 111 in
  sntp server 212.242.xx.207
  sntp broadcast client
  end
  AP1#

  A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")
  The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.
  Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.
  "Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.
  If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.
  Good Luck
  Scott