Cisco Aironet AIR-SAP2602I-E-K9 - Setting QoS from CLI...

Similar Messages

• Cisco Aironet AIR-SAP2602I-E-K9 WAP -ERROR: VLAN 1000 doesn't exist on 'Radio1-802.11N 5GHZ' (see Services VLAN)

  Hey guys,
  I'm configuring my access points with two SSID's through the GUI. The first is a corporate SSID and the second a guest SSID. The corporate SSID needs to be attached to native VLAN 1000. The guest SSID needs to be attached to VLAN 1234. Both SSID's / VLAN's are to use WPAv2 AES CCMP with a PSK. Although I'm getting an error message indicating that my VLAN's don't exist on ‘Radio1-802.11N 5GHZ’ .  Here are steps I take from start to error...
  Create SSID’s with no security. CORP not to broadcast. Set CORP to use native VLAN 1000. Set guest to use VLAN1234.
  Within security encryption manager > Set encryption mode cipher to AES CCMP on both VLAN 1000 and VLAN1234.
  Within services > VLAN check that both VLAN’s have Radio0-802.11N 2.4GHZ and Radio1-802.11N 5GHZ selected. They do.
  Within Security > SSID Manager – set client authenticated key management to mandatory, enable WPA – WPAv2. Set pre-shared key. Hit apply > “ERROR: VLAN 1000 doesn’t exist on ‘Radio1-802.11N 5GHZ’ (see Services > VLAN).
  I get the same error for both SSID’s. Radio1-802.11N 5GHZ is "checked" against both VLAN's. Am I missing something? Both Radio0-802.11N 2.4GHZ and Radio1-802.11N 5GHZ are enable interfaces and are "up".
  I'm pretty customed to switch and router IOS although have absolutely no exposure to WAP CLI.
  Any assistance appreciated.

  I've resolved this myself. The GUI is basically terrible and very buggy. I used the CLI and was able to add WPA through the CLI.

• Configuring Cisco Aironet 1140 for Radius and setting up a Radius server

  guys i need some help setting up my Radius to work with cisco aironet 1140, i am new at this however i was tasked with setting up a Radius server and setting our AP with WPA2- enterprise so users can log into our AP using AD credentials.
  When i try to setup on the AP a new SSID i do not see the option for WPA2- enterprise?

  Here are other links with examples:
  https://supportforums.cisco.com/thread/331581
  http://targetcisco.blogspot.com/2011/03/cisco-autonomous-access-point.html
  http://downloads.avaya.com/css/P8/documents/100041614
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Cisco Aironet Air-Ap 1262n-E-K9 Mac different when Scanned Android WiGLE WiFi

  Hi All
  I developed an Android Application to scan for the RSSI signals using the mac address of the Access Point (AP). When I do a scan for my personal Vodafone router or my personal dLAN 500 WiFi, I can pick up the mac address and get the signal levels from that. 
  When I try do the same for the Cisco 802.11n Dual Band Access Point, Aironet Air-Ap 1262n-E-K9 the app will not pick up the routers mac that is on the label on the back. I downloaded the free WiGLE WiFi app and Scanned with it and it too doesn't give the mac I am looking for, what it does give me is six mac address 3 on channel 11 and 3 on 44 with the RSSI values. 
  My Question: Is the mac address on the Cisco AP label just for the LAN and the WiFi antennas have each got a separate mac 3 on the 2.4GHz and 3 on the 5GHz. 
  Can someone help me better understand this problem I am having, I hope I have explained it well enough for you to understand what I am trying to do.

  what it does give me is six mac address 3 on channel 11 and 3 on 44 with the RSSI values.
  Each SSID has it's own unique MAC address.  This is the original standard. 
  The MAC address printed at the back of an AP is the MAC address in Ethernet.

• How to set proxy from CLI

  I just finished my first Arch installation. I'm as green as they come, so your help and patience is appreciated!
  Situation: I want to connect using my workplace's ethernet to the internet, so I can download a GUI. I've figured out how to assign a static IP, now I just need to know how to conifgure the proxy settings. How can I do this from the command line?
  Thanks!

  Clicky

• X120e - Will a USB-connected Cardbus Cisco Aironet card go around whitelist restrictions?

  I have a x120e that I'm trying to get with Cisco LEAP security.  The Cisco Aironet  (AIR-CB21AG-A-K9) cardbuss card will connect to LEAP but I'm wondering if connecting this cardbus card to the x120e via a Cardbus to USB adapter will allow me to connect this WiFi card to the x120e.  I have run up against the whitelist restrictions when I tried to replace the half mini PCI card with an Intel WiFi card.  I haven't quite worked up the courage to flash the BIOS with a new adapter name.    DaveM

  Hello,
  I have not heard of anyone using that particular solution.  Perhaps you could test it and let us know the results.
  Have you looked for an external USB Wi-Fi adapter that supports Cisco LEAP protocol?  I would think that would be easier to use, though, not to mention more convient to carry around, especially with a USB extension cable or right-angle adapter.
  Regards,
  Aryeh Goretsky
  I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
  S230u (3347-4HU) • X220 (4286-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
    Deutsche Community   Comunidad en Español Русскоязычное Сообщество

• Cisco Aironet 1300 QoS

  Hello, I have 2 Cisco Aironet 1300 Bridges which provide data and voice communication between 2 buildings. Up until recently QoS has not been needed, but lately there appears to be congestion due to reports of poor voice quality. Building A houses a V3000 NBX Telephone system, Building B houses approximately 30 remote IP phones. Building A and Building B are approximately 100 yards apart. No VLAN's. Due to myself being an extreme noob to Cisco bridges, I was hoping some of you may have had experience in setting this up and hopefully provide some tips. I need to prioritize traffic on UDP ports 2093-2096 and TCP port 1040. Thank you in advance for any suggestions. My current running config is below:
  Using 1283 out of 32768 bytes
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname LHS-WeightRoom-WCV
  ip subnet-zero
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  dot11 ssid wcv
  authentication open
  guest-mode
  dot11 ssid wcvcisco
  authentication open
  infrastructure-ssid optional
  username root privilege 15 password 7 0247335A05320A2244
  username Cisco privilege 15 password 7 074E164D403D1C061F
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid wcv
  ssid wcvcisco
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
  54.0
  station-role root bridge
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  hold-queue 80 in
  interface BVI1
  ip address 10.141.8.6 255.255.254.0
  no ip route-cache
  ip default-gateway 10.141.8.5
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

  Here is the URL for the configuration of Cisco Aironet 1300 QoS. Follow the guide it may help you
  http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html

• Cisco AIR-SAP2602I

  I'm trying to deploy a WiFi solution for a client. It would consist of 2 SSIDs; one for internal users with internal network access and a guest with only internal access.
  I have a Sonicwall TZ215:
  External IP: x.x.x.x
  LAN IP: 192.168.1.1/24
  DHCP Server: 192.168.5-195/24
  +++++++++++++++++++++++
  Cisco SG500:
  v1.3.0.62 / R750_NIK_1_3_647_260
  CLI v1.0
  set system mode switch queues-mode 4
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  hostname xxx
  ip ssh server
  snmp-server location "xxx"
  snmp-server contact "John Doe"
  clock timezone CST 0 minutes 0
  clock dhcp timezone
  ip telnet server
  interface vlan 1
  ip address 192.168.1.2 255.255.255.0
  no ip address dhcp
  interface gigabitethernet1/1/1
  switchport mode access
  interface gigabitethernet1/1/2
  switchport mode access
  interface gigabitethernet1/1/3
  switchport mode access
  interface gigabitethernet1/1/4
  switchport mode access
  interface gigabitethernet1/1/5
  switchport mode access
  interface gigabitethernet1/1/6
  switchport mode access
  interface gigabitethernet1/1/7
  switchport mode access
  interface gigabitethernet1/1/8
  switchport mode access
  interface gigabitethernet1/1/9
  switchport mode access
  interface gigabitethernet1/1/10
  switchport mode access
  interface gigabitethernet1/1/11
  switchport mode access
  interface gigabitethernet1/1/12
  switchport mode access
  interface gigabitethernet1/1/13
  switchport mode access
  interface gigabitethernet1/1/14
  switchport mode access
  interface gigabitethernet1/1/15
  switchport mode access
  interface gigabitethernet1/1/16
  switchport mode access
  interface gigabitethernet1/1/17
  switchport mode access
  interface gigabitethernet1/1/18
  switchport mode access
  interface gigabitethernet1/1/19
  switchport mode access
  interface gigabitethernet1/1/20
  switchport mode access
  interface gigabitethernet1/1/21
  switchport mode access
  interface gigabitethernet1/1/22
  switchport mode access
  interface gigabitethernet1/1/23
  switchport mode access
  interface gigabitethernet1/1/24
  switchport mode access
  interface gigabitethernet1/1/25
  switchport mode access
  interface gigabitethernet1/1/26
  switchport mode access
  interface gigabitethernet1/1/27
  switchport mode access
  interface gigabitethernet1/1/28
  switchport mode access
  interface gigabitethernet1/1/29
  switchport mode access
  interface gigabitethernet1/1/30
  switchport mode access
  interface gigabitethernet1/1/31
  switchport mode access
  interface gigabitethernet1/1/32
  switchport mode access
  interface gigabitethernet1/1/33
  switchport mode access
  interface gigabitethernet1/1/34
  switchport mode access
  interface gigabitethernet1/1/35
  switchport mode access
  interface gigabitethernet1/1/36
  switchport mode access
  interface gigabitethernet1/1/37
  switchport mode access
  interface gigabitethernet1/1/38
  switchport mode access
  interface gigabitethernet1/1/39
  switchport mode access
  interface gigabitethernet1/1/40
  switchport mode access
  interface gigabitethernet1/1/41
  switchport mode access
  interface gigabitethernet1/1/42
  switchport mode access
  interface gigabitethernet1/1/43
  switchport mode access
  interface gigabitethernet1/1/44
  switchport mode access
  interface gigabitethernet1/1/45
  switchport mode access
  interface gigabitethernet1/1/46
  switchport mode access
  interface gigabitethernet1/1/47
  switchport mode access
  interface gigabitethernet1/1/48
  switchport mode access
  interface gigabitethernet1/1/51
  switchport mode access
  interface gigabitethernet1/1/52
  switchport mode access
  exit
  macro auto disabled
  ip default-gateway 192.168.1.1
  encrypted
  +++++++++++++++++++++++++++++++++++=
  Cisco AIR-SAP2602I
  ! Last configuration change at 00:11:27 UTC Mon Mar 1 1993 by administrator
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname XXX
  logging rate-limit console 9
  enable secret 5 $1$RVFD$DybWHlNypzf3XsnL6RGND/
  no aaa new-model
  no ip routing
  ip domain name XXX
  dot11 syslog
  dot11 vlan-name Guest_VLAN vlan 200
  dot11 vlan-name Internal_Users vlan 300
  dot11 vlan-name default vlan 1
  dot11 ssid Internal
     vlan 300
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 05180704241A18471802161B05
  dot11 ssid Guest
     vlan 200
     authentication open
     authentication key-management wpa
     guest-mode
     mbssid guest-mode
     infrastructure-ssid optional
     wpa-psk ascii 7 10652D4B5341151E09173E
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-2946962253
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2946962253
  revocation-check none
  rsakeypair TP-self-signed-2946962253
  crypto pki certificate chain TP-self-signed-2946962253
  certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32393436 39363232 3533301E 170D3933 30333031 30303431
    34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343639
    36323235 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    81009438 47D6CAB8 36B9260D D5FEFA7A DFA7E065 E47ECCA2 346674C6 54D9C004
    D6D62585 DE26A41E 447E8607 D0BD58C5 92899510 4EEBF95C 9352D082 1BB71EBF
    72D56DDC 87D55A85 4A242578 6BBD31AD E48C8354 1C7331BD 5ED9F29D 5F8B868E
    14DB0C08 3930D2D4 3266ED2D 9902DAA4 A348B722 82FCC132 6FC4BF22 DC7B9DBC
    2F010203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 149FB8D9 F772C9DE 4BC86DD9 451902F3 4994F7D8 E0301D06
    03551D0E 04160414 9FB8D9F7 72C9DE4B C86DD945 1902F349 94F7D8E0 300D0609
    2A864886 F70D0101 05050003 81810054 FBCE018A CC09679F 8CB2D20A C773DE00
    51AFA13A AB5105D5 BAAB6F2F B7CAF46A 2BFDCDDC F156593F 16C509EF 8C5215C1
    7631DEFA 9E16633C 1E89CE65 C56591B2 5BE90BD0 1941F0EA 5478924C 4C0E229D
    013743C3 2D4993E0 C44F9143 89A7A5D6 870E3A6C A772B8BB D032956F 1A5B894A
    40EC55B9 8C5E3876 7E4B45FE 3DD00B
              quit
  ip ssh version 1
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm
  encryption vlan 100 mode ciphers aes-ccm
  encryption vlan 200 mode ciphers aes-ccm
  encryption vlan 300 mode ciphers aes-ccm
  broadcast-key vlan 1 change 10000
  broadcast-key vlan 100 change 10000
  ssid Internal
  ssid Guest
  antenna gain 0
  stbc
  mbssid
  station-role root
  interface Dot11Radio0.200
  encapsulation dot1Q 200 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio0.300
  encapsulation dot1Q 300
  no ip route-cache
  bridge-group 255
  bridge-group 255 subscriber-loop-control
  bridge-group 255 spanning-disabled
  bridge-group 255 block-unknown-source
  no bridge-group 255 source-learning
  no bridge-group 255 unicast-flooding
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm
  encryption vlan 300 mode ciphers aes-ccm
  encryption vlan 200 mode ciphers aes-ccm
  broadcast-key vlan 1 change 10000
  antenna gain 0
  dfs band 3 block
  channel dfs
  station-role root
  interface Dot11Radio1.1
  encapsulation dot1Q 1
  no ip route-cache
  interface Dot11Radio1.200
  encapsulation dot1Q 200 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio1.300
  encapsulation dot1Q 300
  no ip route-cache
  bridge-group 255
  bridge-group 255 subscriber-loop-control
  bridge-group 255 spanning-disabled
  bridge-group 255 block-unknown-source
  no bridge-group 255 source-learning
  no bridge-group 255 unicast-flooding
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  hold-queue 160 in
  interface GigabitEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  interface GigabitEthernet0.200
  encapsulation dot1Q 200 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  no bridge-group 1 source-learning
  interface GigabitEthernet0.300
  encapsulation dot1Q 300
  no ip route-cache
  bridge-group 255
  bridge-group 255 spanning-disabled
  no bridge-group 255 source-learning
  interface BVI1
  ip address 192.168.1.10 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.1.1
  no ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  transport input all
  end
  +++++++++++++++++++++++++++++++++++++++++
  I was able to get dhcp from the Sonicwall with 192.168.1.0/24, but not from the SG500. I created a scope(192.168.2.0/24 for guest; 192.168.3.0/24 for internal users) I even created DHCP scope on the AP, but cannot get an IP from that either. I creatd an ACL to allow the 192.168.3.0/24 access elewhere, and denied 192.168.2.0 access to other but internet.
  If I disabled all scopes on the Sonicwall, I get an APIPA from both AP/SG500. Any thoughts?

  What is your default VLAN?
  On the AP, you configured VLAN 200 to be the native. is that the same with your othe devices?
  "encapsulation dot1Q 200 native"
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Setting up Cisco Aironet 1250 for home use

  Hey everyone,
  I'm rather new to the whole Enterprise Router lines. I've set up countless networks with Linksys routers in the past. However, this Aironet is giving me more trouble than I'd want it to. I was wondering if anyone could help. I've assigned it an IP Address and accessed that In-Browser interface and set up an SSID and activated the two extensions. I've been able to connect to the router with my computer and access the internet without restriction. However, when I attempt to connect a second PC or Laptop to the network, it won't allow network access to the second device. I've been stuck there forever. Is there any specific setup method I need to use to make sure more than one workstation/device? I want to use this router for home use, I often use laptops and move around the house a lot, so the advantage of better connection signal and speed is well worth it. Any help is highly apprieciated. If you need more information, don't hesitate to contact me.

  Sorry for my late reply. Here is the config:
  It wasn't connected to anything. This was a raw pull from a fresh cold boot.
  IOS Bootloader - Starting system.
  Xmodem file system is available.
  flashfs[0]: 150 files, 7 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 31868928
  flashfs[0]: Bytes used: 6406144
  flashfs[0]: Bytes available: 25462784
  flashfs[0]: flashfs fsck took 16 seconds.
  Reading cookie from flash parameter block...done.
  Base Ethernet MAC address: 54:75:d0:dd:b5:12
  Loading "flash:/c1250-k9w7-mx.124-10b.JDA3/c1250-k9w7-mx.124-10b.JDA3"...##################################################################################################################################################################################################################
  File "flash:/c1250-k9w7-mx.124-10b.JDA3/c1250-k9w7-mx.124-10b.JDA3" uncompressed and installed, entry point: 0x3000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Sun 07-Jun-09 03:50 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x01000000
  Initializing flashfs...
  flashfs[1]: 150 files, 7 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 31868928
  flashfs[1]: Bytes used: 6406144
  flashfs[1]: Bytes available: 25462784
  flashfs[1]: flashfs fsck took 4 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  Warning:  the compile-time code checksum does not appear to be present.
  Radio 1 A600 8000 0 0 A8030000 30
  Radio 1 A600 8000 0 0 B8030000 13
  tx_paks 1293
  tx_paks 646
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
  [email protected]. AIR-AP1252AG-A-K9    (PowerPC 8349) processor (revision C0) with 49142K/16384K bytes of memory.
  Processor board ID FTX1423902R
  PowerPC 8349 CPU at 533Mhz, revision number 0x0031
  Last reset from power-on
  1 Gigabit Ethernet interface
  2 802.11 Radio(s)
  If
  cisco
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 54:75:D0:DD:B5:12
  Part Number                          : 73-10425-06
  PCA Assembly Number                  : 800-27630-06
  PCA Revision Number                  : B0
  PCB Serial Number                    : FOC142025F4
  Top Assembly Part Number             : 800-29039-03
  Top Assembly Serial Number           : FTX1423902R
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-AP1252AG-A-K9
  Press RETURN to get started!
  *Mar  1 00:00:06.211: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
  *Mar  1 00:00:07.039: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
  *Mar  1 00:00:07.543: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
  *Mar  1 00:00:09.587: %SYS-5-CONFIG_I: Configured from memory by console
  *Mar  1 00:00:09.591: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Sun 07-Jun-09 03:50 by prod_rel_team
  *Mar  1 00:00:09.591: %SNMP-5-COLDSTART: SNMP agent on host Cisco1250 is undergoing a cold start
  *Mar  1 01:37:52.027: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
  *Mar  1 01:37:52.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 01:37:52.707: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 01:37:53.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 01:37:53.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
  *Mar  1 01:37:53.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 01:37:54.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 01:37:54.695: %CDP_PD-4-POWER_OK: Full power - INJECTOR_DETECTED inline power source
  *Mar  1 01:37:54.703: %DOT11-4-NO_HT: Interface Dot11Radio1, Mcs rates disabled on vlan 0 due to not using AES encryption or
  *Mar  1 01:37:58.303: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5180 selected
  *Mar  1 01:37:58.307: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 01:37:58.307: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 0 due to not using AES encryption or
  *Mar  1 01:37:58.311: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 13 seconds
  *Mar  1 01:37:59.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Mar  1 01:38:00.307: %LINK-3-UPDOWN: Interface BVI1, changed state to down
  *Mar  1 01:38:02.931: %LINK-3-UPDOWN: Interface BVI1, changed state to up
  *Mar  1 01:38:11.919: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2462 selected
  *Mar  1 01:38:11.923: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 01:38:12.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  Cisco1250>enable
  Password:
  Cisco1250#show running-config
  Building configuration...
  Current configuration : 1717 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Cisco1250
  enable secret 5 $1$jDeQ$cFdx0aHAd8wj8tk6CCmXq/
  no aaa new-model
  dot11 ssid Home Network
     authentication open
     guest-mode
  power inline negotiation prestandard source
  username Cisco password 7 05280F1C2243
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption key 1 size 128bit 7 23D0220D02AE7FA723492AA01E34 transmit-key
  encryption mode wep mandatory
  ssid Home Network
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption key 1 size 128bit 7 0B4935657C801B3620154AB56630 transmit-key
  encryption mode wep mandatory
  ssid Home Network
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.0.1 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  snmp-server community Community RW
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  end
  They way I connect it in the network is as follows:
  BrightHouse Networks ISP Modem --> Cisco Aironet 1252 --> Incoming connections from computers and laptops.
  Any ideas?

• Cisco 7600 MPLS and set Qos group

  Hi, i'm am trying to use to following class-maps and policy maps on a Cisco 7600. The same maps have been used on both 3700 series and 7200 series. However when i try to apply IP_TO_MPLS_OUT and MPLS_TO_IP_IN on the 7600 (with SUP32 and 48 port gigabit blade) i get a message on the console
  "set qos group" not supported.
  I used the QoS group to carry the MPLS EXP value (as label would is popped) and this works well.
  How can i get the QoS group to work on the 7600, if not is there a valid workaround?
  Many thanks for your help.
  policy-map IP_TO_MPLS_OUT
  class qosgrp5
  set mpls experimental topmost 5
  priority percent 10
  class qosgrp4
  bandwidth remaining percent 50
  set mpls experimental topmost 4
  class qosgrp2
  bandwidth remaining percent 20
  set mpls experimental topmost 2
  class class-default
  bandwidth remaining percent 30
  random-detect
  set mpls experimental topmost 1
  policy-map CE_OUT
  class qosgrp5
  set ip precedence 5
  class qosgrp4
  set ip precedence 4
  class qosgrp2
  set ip precedence 2
  policy-map MPLS_TO_IP_IN
  class MPLS_EXP5
  set qos-group 5
  class MPLS_EXP4
  set qos-group 4
  class MPLS_EXP2
  set qos-group 2

  Hi,
  I'm not aware that you can use qos groups on c7600 (LAN ports ?).
  For the MPLS_TO_IP direction you can use 'mpls propagate-cos' on the egress interface as workaround. This rewrites the egress IP ToS with the internal DSCP (which is inferred from the topmost MPLS label).
  For the IP_TO_MPLS direction you could just match on the original DSCP ?
  cheers,
  Stefan

• Cisco AIR-SAP2602I-N-K9 vs AIR-CAP2602I-E-K9

  What's the difference between "AIR-SAP2602I-N-K9" and " AIR-CAP2602I-E-K9 "?

  Hi there, the difference between the two is the  regulatory domain they work on. The 802.11 specification as regulatory domains defines the different parameters for antenna gain, transmit power, channel selection, and so on. A (A regulatory domain - FCC):North America, South America, Central America, Australia, New Zealand, various parts of Asia E (E regulatory domain - ETSI):Europe, Middle East, Africa, various parts of Asia As you see on this site for example European shops sell the Cisco air-cap2602i-e-k9: http://hardware.nl/cisco/air-cap2602i-e-k9.html N (N regulatory domain - Non FCC):Mexico, Australia Find all regions divided by Cisco here: http://www.cisco.com/c/en/us/products/collateral/wireless/access-points/product_data_sheet0900aecd80537b6a.html

• Cisco Air-SAP2602E-E with PoE Plus?

  Hi to all,
  Could be any situation in which the Access point AIR-SAP2602E-E-K9 would need PoE Plus (all four antennas transmiting maximum power, some radio speeds, etc)?
  Thanks in advance.

  Nope.
  Only the end-of-sale 1252 and 3602 (when add-on modules are installed) require PoE plus.  Every other models are PoE only.

• Download and upload speed per ssid in air-sap2602.

  Dear team,
  How to limit the download and upload speed per ssid in air-sap2602 ?
  SSID =5MB download + 1upload
  SSID= 30MB download + 5upload
  Regards

  If you need help with traffic shaping, you should post your question on the rLAN, Switching and Routing forum:
  https://supportforums.cisco.com/community/netpro/network-infrastructure/switching
  You can also look for examples by searching Configure 1941 traffic shaping:
  http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfgts.html
  http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfcbshp.html
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Cisco Aironet 1250 - How to bridge two AP's and get Non-root to talk to Root AP

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:Arial;
  mso-bidi-theme-font:minor-bidi;}
        I have two buidlings acroos the street from each other.  I have two Cisco Aironet 1250 wireless AP's with the first one going in the main building with network backbone.  The Second AP goes across the street with the other wired network segment.  Both AP's have long range antenas 2.4 GHZ on top of each building.  I have configured the 1st one as the Root Bridge.  The one across the street is configured as non-root bridge.  I have both AP's configured with the same WEP key and also with the same SSID name with both set to broadcast it.   I am still unsure and confused as to how I get the non-root bridge to talk to and use the root bridge to get on the main network.
          1- It’s main to use the Root parent Mac address.
          2-  Is there another config that I am missing to get the signal? 
  Note: I still not getting any signal from the root although distance between root and non-root is 330m
  My root antenna is AIR-ANT24120 and non-root antenna is AIR-ANT1949 and attached files is my configuration files
  Thank you.

  1.  How are the AIR-ANT24120 and the AIR-ANT1949 installed?
  the AIR-ANT24120 is connected virtically on tower far 11m from the earth and AIR-ANT1949 is connected horizontally on tower far 10m from the earth
  2.  What is the distance between both APs?
  350 m
  3.  Do you have clear line-of-sight between the two?
  there is one tanker in the middle between them but it's far 7m from the earth
  4.  Is the two APs properly aligned?
  i think yes and changed the aligned many times without any news (I don't have any tools for alignment)
  5.  Which point are the antennas connected to?  Primary, Secondary or middle?
  I tried in the primary and secondary but never tried the middle antenna
  Thanks

• Cisco Aironet 1200 wireless network very slow

  I have a simple wireless network set up, 2 - Cisco Aironet 1200 AIR-AP1220B-A-K9 wireless access points with 2 dBi Diversity Omni directional Ceiling Mount Antennas. They are the only devices connected to a Multitech Routfinder router, the WAN side the router is connected to a dedicated DSL connection. They are powered by AIR-PWRINJ3 power injectors. The WAP get the IP address from the DHCP in the router.
  When connecting to the wireless network it runs very very slow, the signal strength is excellent and the connection speed is 54 mbps. But when opening a web browser it takes for ever to load a simple page like msn.com. If I connect the notebook directly to the router it runs very fast. We have tested with several notebooks and have the same problem. When I view the available wireless networks in range the only two that show up are the two Cisco 1200 WAP.
  I have done the following with no improvement:
  Change the channels from auto to 6 on one and 11 on the other.
  Reset to factory defaults.
  Update the firmware to c1200-k9w7-tar.123-7.JA2.tar
  Replace the 802.11b radios with 802.11g radios AIR-MP21G-A-K9.
  Disable the Aironet extensions.
  Following is the configuration from one of the access points (before the firmware update):
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname MMA1
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa authorization ipmobile default group rad_pmip
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  username xxxx privilege 15 password xxxx
  username xxx privilege 15 password xxxx
  ip subnet-zero
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid MMA1
  authentication open
  guest-mode
  speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
  rts threshold 2312
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.10.100 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.10.1
  ip http server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
  ip http authentication aaa
  bridge 1 route ip
  line con 0
  line vty 5 15
  End
  Any suggestions would be greatly appreciated.
  Best regards,
  Randy

  Thanks for the info.
  The documentation say not to switch from auto to full duplex or half duplex when using inline power, well I think it says the AP may reboot. I may have tried half duplex before I upgraded the firmware.
  While upgrading I disconnected the AP, used a patch cord to connect it to the router and pluged the power directly into it to make sure the wiring to the AP was not the problem and it did the same thing.
  However, when trying to upgrade the firmware it took ~ 45 minuets to upload the image and filed a couple of times retrying. I connected the AP to the notebook directly with a crossover cable and it uploaded in about 45 seconds.
  That got me to thinking that there may be a problem with the router so I have replaced it with a Linksys.
  In the mean time the DSL went down yesterday so I have not been able to test the new setup.
  The cables are T568B
  W/O
  O/W
  W/G
  B/W
  W/B
  G/W
  W/B
  B/W
  Best regards,
  Randy