Client association between RAPs & MAPs (Cisco Aironet 1510)

How do you fix the association bugs that the 1510s have?
My problem is when a client (like a laptop) associates to the MAP (Mesh Access Point) or RAP (Rooftop Access Point), the client doesn't hand off it's wireless connection to the access point with the better signal strength. Is there a setting or configuration on the Wireless LAN Controller that would help this problem?

There are no issues roaming between RAP. Try upgrading the code of WLC to 4.0.179.8 and also try upgrading the client software since it is the client which should to access point with better signal.

Similar Messages

  • Cisco Aironet 1510

    On the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point spec sheet from the Cisco.com website, it states that the input power for the DC inline POE is 28.5 W at 48 VDC, nominal. What is the maximum power at 48 VDC? On AC, the nominal power is 57.8W at 120 VAC. What is the maximum power at 120 VAC?
    Also, I see that the Cisco 1510 only uses AC as a source. Does Cisco have a device for the Cisco Aironet 1510 that uses DC as a source? For example, instead of using the POE Injector that Cisco has, which uses an input of 120VAC (1.5A) and outputs 48VDC (1.2A), does Cisco have a POE Injector that uses an input of 12VDC and outputs 48VDC (1.2A).

    I think the maximum draw (with both radios and heater on) is 57.8 Watts, but with the heater not active it's much lower around 36.84 Watts.

  • Sub-option code for a Cisco Aironet 1510 AP

    What is the sub-option code that has to be delivered as part of a DHCP Option 43 response for a Cisco Aironet 1510 AP?
    Thanks,
    Adrian

    i think you're looking for the following:
    option 43 ascii
    ie:
    option 43 ascii "10.10.10.2, 10.10.11.2"
    please see this link for more info:
    http://www.cisco.com/en/US/products/ps6548/products_quick_start09186a00806b5d00.html#wp45319

  • Cisco aironet 1510 AG

    Hi everybody.
    I was reading about cisco aironet 1510 AG and found it has two N series connector for antenna.
    Cisco Aironet 1510AG
    Expansion / Connectivity
    Interfaces
    1 x network / power - Ethernet 10Base-T/100Base-TX ¦ 2 x antenna - N-Series connector
    1)  we have two N series connector for antenna  why do we need two antenna?
    thanks and have a great weekend.

    Hi,
    Two Antennas are used for diversity. Because there are too many factors that may affect the RF signal (Refraction, reflection, etc), the signal will follow different pathes to reach the destination (called multipath). Having two antennas to send/receive will make the receiver hear two signals (or more). If one of the signals is malformed then error correction will be better this way. This will make it faster than requesting the re-transmit again from the sources.
    802.11n access poins usually have 3 Antennas for each radios because they use MIMO.
    Also, this link will give you better information about Diversity and Multipath distortion:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646.shtm
    HTH
    Amjad

  • Cisco aironet 1200 Series access point dropping clients

    We are having an issue where our Cisco Aironet 1220 Series AP is constantly dropping clients. We have 3 APs mounted on a single tower, all out of each others range and freq. There are approximatly 30 clients on each AP. We are noticing an increase in dropped customers (up to 20 at a time). ANy suggestions? This only became an issue in the last few weeks, and nothing major has changed.

    Hi
    Even I was facing almost the same kind of problem. But in my case it was wired clients to the workgroup bridge 350.
    I had done lot of testings and reading at that time to resolve this problem.
    However in your case I feel your problem can be resolved by keeping the option "Reliable multicast for Workgroup bridges" disabled in the APs under dot11radio interface settings. This is possibly because the radios cannot associate to more than 20 clients at a time if the option is in the enable mode.
    You need to keep this option enabled in a root bridge when you have problems of dropping the wired clients to the workgroup bridge.
    By keeping this option enabled, you are actually asking the Root bridges to consider the Workgroup bridges as Infrastructure devices and not as clients thereby making the roots to send all the multicasts to the WGBs. However in that case it losses the efficiency of associating more than 20 clients.
    Let me know if this resolves your problem.
    Regards

  • Cisco Aironet 1140 Association

    All,
         Quick question about the association web interface tab on a 1140.  I have noticed that the Device Type shows as "unknown" and the Name shows as "NONE."  Anyone have a clue as to why?  Thanks for any help!
         Dave

    Any resolution on this?
    We have about 20 Cisco Aironet APs and they all show the same, Device type unknown, Name NONE

  • Dot11 associations table, client associated with 0.0.0.0

    I'm having an issue where wireless client association seam to fail to get IP address, but acctually don't...
    MAC Address    IP address      Device        Name            Parent         State    
    0016.eaae.c896 0.0.0.0         unknown       -               self           EAP-Assoc
    001f.e178.c6d8 192.168.27.192  unknown       -               self           EAP-Assoc
    This happens only "sometimes", especially when the clients (laptops) wake up from sleep mode.
    Although the association shows IP 0.0.0.0, the state is "EAP-Assoc" and I can confirm that the client passed RADIUS authentication, received IP from DHCP and can ping the gateway.
    The wireless network is made up by autonomous/standalone access-points (Cisco aironet 1100, 1130, 1200, 1040).
    Network access is PEAP, WPA/AES, dot1x, multiple Vlans...
    All access-points have an access-list at the radio IN that is dropping all IP broadcasts.
    When I remove the ACL, everything appear to be fine (at least all the times that I checked), but when the ACL is active the issue doesn't always come up.
    I must understand what is going on because this ACL (although it's not very common) has proven it's value by saving 30-40% CPU usage on access-points...
    Does anyone know how the "dot11 associations" table is built??
    Maybe some tips on how to troubleshoot the issue.
    thanks in advance

    As an answer to your early quetsions (that I don't know why we did not answer it yet):
    Assoc table is mainly built from information in association frames.
    Assoc frames have no idea about IP addresses so how the APs know the IP? Not from assoc frames of course.
    Each vendor may have different way to know the IP (they can look into the header of the IP traffic of that special client or they an look into dhcp communication).
    summarizing the issue so far:
    - The issue happens ONLY with the ACL in place.
    - It does not happen with all clients.
    - It happens ONLY when the clients in power save mode.
    - It happens with same clients if they use static ip address even if they are not in power save mode (please confirm or amend this sentence to be more accurate).
    Why power save mode do not show the IP? - > answering this quetion almost solves the problem.
    what is common among the problematic clients? - > need to know this in order to isolate further.
    Is it AP hardware/software related? -> helps to isolate further.
    I said that it could possibly be related to information elements but not necessarily.
    There are information element that transfer Power Save capability between clietns and the AP. I have no idea though how those can be related.
    More information about information elements can be found in the IEEE standard downloadable from here:
    http://standards.ieee.org/getieee802/download/802.11-2007.pdf
    go to section :
    7.3.2 Information elements
    in page 99.
    I tried to read about power save and tried to link that with our issue with no hope.
    It could possibly a bug or so that when PS is used the AP behaves differently.
    HTH
    Amjad

  • %ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510

    Hi Friends,
    I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
    Error in CISCO VPN Client Software:
    Secure VPN Connection Terminated locally by the client.
    Reason : 414 : Failed to establish a TCP connection.
    Error in CISCO ASA 5510
    %ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
    ASA Configuration:
    XYZ# sh run
    : Saved
    ASA Version 8.4(4)
    hostname XYZ
    domain-name XYZ
    enable password 3uLkVc9JwRA1/OXb level 3 encrypted
    enable password R/x90UjisGVJVlh2 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    nameif outside_rim
    security-level 0
    ip address 1.1.1.1 255.255.255.252
    interface Ethernet0/1
    duplex full
    nameif XYZ_DMZ
    security-level 50
    ip address 172.1.1.1 255.255.255.248
    interface Ethernet0/2
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address 2.2.2.2 255.255.255.252
    interface Ethernet0/3
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address 3.3.3.3 255.255.255.224
    interface Management0/0
    shutdown
    no nameif
    no security-level
    no ip address
    boot system disk0:/asa844-k8.bin
    ftp mode passive
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    domain-name XYZ
    object network obj-172.17.10.3
    host 172.17.10.3
    object network obj-10.1.134.0
    subnet 10.1.134.0 255.255.255.0
    object network obj-208.75.237.0
    subnet 208.75.237.0 255.255.255.0
    object network obj-10.7.0.0
    subnet 10.7.0.0 255.255.0.0
    object network obj-172.17.2.0
    subnet 172.17.2.0 255.255.255.0
    object network obj-172.17.3.0
    subnet 172.17.3.0 255.255.255.0
    object network obj-172.19.2.0
    subnet 172.19.2.0 255.255.255.0
    object network obj-172.19.3.0
    subnet 172.19.3.0 255.255.255.0
    object network obj-172.19.7.0
    subnet 172.19.7.0 255.255.255.0
    object network obj-10.1.0.0
    subnet 10.1.0.0 255.255.0.0
    object network obj-10.2.0.0
    subnet 10.2.0.0 255.255.0.0
    object network obj-10.3.0.0
    subnet 10.3.0.0 255.255.0.0
    object network obj-10.4.0.0
    subnet 10.4.0.0 255.255.0.0
    object network obj-10.6.0.0
    subnet 10.6.0.0 255.255.0.0
    object network obj-10.9.0.0
    subnet 10.9.0.0 255.255.0.0
    object network obj-10.11.0.0
    subnet 10.11.0.0 255.255.0.0
    object network obj-10.12.0.0
    subnet 10.12.0.0 255.255.0.0
    object network obj-172.19.1.0
    subnet 172.19.1.0 255.255.255.0
    object network obj-172.21.2.0
    subnet 172.21.2.0 255.255.255.0
    object network obj-172.16.2.0
    subnet 172.16.2.0 255.255.255.0
    object network obj-10.19.130.201
    host 10.19.130.201
    object network obj-172.30.2.0
    subnet 172.30.2.0 255.255.255.0
    object network obj-172.30.3.0
    subnet 172.30.3.0 255.255.255.0
    object network obj-172.30.7.0
    subnet 172.30.7.0 255.255.255.0
    object network obj-10.10.1.0
    subnet 10.10.1.0 255.255.255.0
    object network obj-10.19.130.0
    subnet 10.19.130.0 255.255.255.0
    object network obj-XXXXXXXX
    host XXXXXXXX
    object network obj-145.248.194.0
    subnet 145.248.194.0 255.255.255.0
    object network obj-10.1.134.100
    host 10.1.134.100
    object network obj-10.9.124.100
    host 10.9.124.100
    object network obj-10.1.134.101
    host 10.1.134.101
    object network obj-10.9.124.101
    host 10.9.124.101
    object network obj-10.1.134.102
    host 10.1.134.102
    object network obj-10.9.124.102
    host 10.9.124.102
    object network obj-115.111.99.133
    host 115.111.99.133
    object network obj-10.8.108.0
    subnet 10.8.108.0 255.255.255.0
    object network obj-115.111.99.129
    host 115.111.99.129
    object network obj-195.254.159.133
    host 195.254.159.133
    object network obj-195.254.158.136
    host 195.254.158.136
    object network obj-209.164.192.0
    subnet 209.164.192.0 255.255.224.0
    object network obj-209.164.208.19
    host 209.164.208.19
    object network obj-209.164.192.126
    host 209.164.192.126
    object network obj-10.8.100.128
    subnet 10.8.100.128 255.255.255.128
    object network obj-115.111.99.130
    host 115.111.99.130
    object network obj-10.10.0.0
    subnet 10.10.0.0 255.255.0.0
    object network obj-115.111.99.132
    host 115.111.99.132
    object network obj-10.10.1.45
    host 10.10.1.45
    object network obj-10.99.132.0
    subnet 10.99.132.0 255.255.255.0
    object-group network Serversubnet
    network-object 10.10.1.0 255.255.255.0
    network-object 10.10.5.0 255.255.255.192
    object-group network XYZ_destinations
    network-object 10.1.0.0 255.255.0.0
    network-object 10.2.0.0 255.255.0.0
    network-object 10.3.0.0 255.255.0.0
    network-object 10.4.0.0 255.255.0.0
    network-object 10.6.0.0 255.255.0.0
    network-object 10.7.0.0 255.255.0.0
    network-object 10.11.0.0 255.255.0.0
    network-object 10.12.0.0 255.255.0.0
    network-object 172.19.1.0 255.255.255.0
    network-object 172.19.2.0 255.255.255.0
    network-object 172.19.3.0 255.255.255.0
    network-object 172.19.7.0 255.255.255.0
    network-object 172.17.2.0 255.255.255.0
    network-object 172.17.3.0 255.255.255.0
    network-object 172.16.2.0 255.255.255.0
    network-object 172.16.3.0 255.255.255.0
    network-object host 10.50.2.206
    object-group network XYZ_us_admin
    network-object 10.3.1.245 255.255.255.255
    network-object 10.5.33.7 255.255.255.255
    network-object 10.211.5.7 255.255.255.255
    network-object 10.3.33.7 255.255.255.255
    network-object 10.211.3.7 255.255.255.255
    object-group network XYZ_blr_networkdevices
    network-object 10.200.10.0 255.255.255.0
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
    access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
    access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
    access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
    access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
    access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
    access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
    access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
    access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
    access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
    access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
    access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
    access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
    access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
    access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
    access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
    access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
    access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
    access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
    access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
    access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
    access-list acl-outside extended permit ip any host 172.17.10.3
    access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
    access-list acl-outside extended permit tcp any any eq 10000
    access-list acl-outside extended deny ip any any log
    pager lines 10
    logging enable
    logging buffered debugging
    mtu outside_rim 1500
    mtu XYZ_DMZ 1500
    mtu outside 1500
    mtu inside 1500
    ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
    nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
    nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
    nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
    nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
    nat (inside,outside) source dynamic obj-10.8.108.0 interface
    nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
    nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
    nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
    nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
    nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
    object network obj-172.17.10.3
    nat (XYZ_DMZ,outside) static 115.111.99.134
    access-group acl-outside in interface outside
    route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
    route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
    route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
    route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
    route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
    route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
    route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
    route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
    route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
    route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
    route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
    route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication telnet console LOCAL
    aaa authorization command LOCAL
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 86400
    crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
    crypto dynamic-map dyn1 1 set reverse-route
    crypto map vpn 1 match address XYZ
    crypto map vpn 1 set peer XYZ Peer IP
    crypto map vpn 1 set ikev1 transform-set vpn1
    crypto map vpn 1 set security-association lifetime seconds 3600
    crypto map vpn 1 set security-association lifetime kilobytes 4608000
    crypto map vpn 2 match address NE
    crypto map vpn 2 set peer NE_Peer IP
    crypto map vpn 2 set ikev1 transform-set vpn2
    crypto map vpn 2 set security-association lifetime seconds 3600
    crypto map vpn 2 set security-association lifetime kilobytes 4608000
    crypto map vpn 4 match address ML_VPN
    crypto map vpn 4 set pfs
    crypto map vpn 4 set peer ML_Peer IP
    crypto map vpn 4 set ikev1 transform-set vpn4
    crypto map vpn 4 set security-association lifetime seconds 3600
    crypto map vpn 4 set security-association lifetime kilobytes 4608000
    crypto map vpn 5 match address XYZ_global
    crypto map vpn 5 set peer XYZ_globa_Peer IP
    crypto map vpn 5 set ikev1 transform-set vpn5
    crypto map vpn 5 set security-association lifetime seconds 3600
    crypto map vpn 5 set security-association lifetime kilobytes 4608000
    crypto map vpn 6 match address Da_VPN
    crypto map vpn 6 set peer Da_VPN_Peer IP
    crypto map vpn 6 set ikev1 transform-set vpn6
    crypto map vpn 6 set security-association lifetime seconds 3600
    crypto map vpn 6 set security-association lifetime kilobytes 4608000
    crypto map vpn 7 match address Da_Pd_VPN
    crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
    crypto map vpn 7 set ikev1 transform-set vpn6
    crypto map vpn 7 set security-association lifetime seconds 3600
    crypto map vpn 7 set security-association lifetime kilobytes 4608000
    crypto map vpn interface outside
    crypto map vpn_reliance 1 match address XYZ_rim
    crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
    crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
    crypto map vpn_reliance 1 set security-association lifetime seconds 3600
    crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
    crypto map vpn_reliance interface outside_rim
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    crypto isakmp identity address
    no crypto isakmp nat-traversal
    crypto ikev1 enable outside_rim
    crypto ikev1 enable outside
    crypto ikev1 policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28800
    crypto ikev1 policy 2
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 86400
    crypto ikev1 policy 4
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28000
    crypto ikev1 policy 5
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
    crypto ikev1 policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 10.8.100.0 255.255.255.224 inside
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    no threat-detection basic-threat
    no threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    group-policy XYZ_c2s_vpn internal
    username testadmin password oFJjANE3QKoA206w encrypted
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXXtype ipsec-l2l
    tunnel-group XXXXXXXXipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XYZ_c2s_vpn type remote-access
    tunnel-group XYZ_c2s_vpn general-attributes
    address-pool XYZ_c2s_vpn_pool
    tunnel-group XYZ_c2s_vpn ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
      inspect icmp
      inspect ip-options
    service-policy global_policy global
    privilege show level 3 mode exec command running-config
    privilege show level 3 mode exec command logging
    privilege show level 3 mode exec command crypto
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
    : end
    XYZ#

    Thanks Javier.
    But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
    access-list ACL-RA-SPLIT standard permit host 10.10.1.3
    access-list ACL-RA-SPLIT standard permit host 10.10.1.13
    access-list ACL-RA-SPLIT standard permit host 10.91.130.201
    access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
    access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
    access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
    ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
    group-policy CO-C2S internal
    group-policy CO-C2S attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list vlauel ACL-RA-SPLIT
    dns-server value 10.10.1.3
    tunnel-group TUN-RA-SPLIT type remote-access
    tunnel-group TUN-RA-SPLIT general-attributes
    default-group-policy CO-C2S
    address-pool CO-C2S-VPOOL
    tunnel-group TUN-RA-SPLIT ipsec-attributes
    pre-shared-key sekretk3y
    username ra-user1 password passw0rd1 priv 1
    group-policy CO-C2S internal
    group-policy CO-C2S attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list vlauel ACL-RA-SPLIT
    dns-server value 10.10.1.3
    tunnel-group TUN-RA-SPLIT type remote-access
    tunnel-group TUN-RA-SPLIT general-attributes
    default-group-policy CO-C2S
    address-pool CO-C2S-VPOOL
    tunnel-group TUN-RA-SPLIT ipsec-attributes
    pre-shared-key *********
    username ******* password ******** priv 1
    crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set transform-set 3DES
    crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
    crypto isakmp identify address
    crypto isakmp enable outside
    crypto isakmp policy 100
    authentication pre-share
    encr 3des
    hash sha
    crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set transform-set 3DES
    crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
    crypto map vpn interface outside
    crypto isakmp identify address
    crypto isakmp enable outside
    crypto isakmp policy 100
    authentication pre-share
    encr 3des
    hash sha
    group 1
    lifetime 3600

  • Cisco Aironet 1200

    Cisco Aironet 1200
    Firmware 12.3(8)JEB
    Hello,
    I want to control client associations when AP load is high.
    Is there an MIB object that enables/disables client associations?
    I have searched the supported MIBS, but i could not find anything.

    An improper combination of power level and antenna gain can result in equivalent isotropic radiated power (EIRP) above the amount allowed per regulatory domain. Here is the URL which indicate indicates the maximum power levels allowed with the Cisco integrated antenna for each regulatory domain and also contain configuration setting.
    http://www.cisco.com/en/US/docs/wireless/access_point/1200/vxworks/installation/guide/higaxd_2.html

  • Cisco aironet 1300 Iphone 3G

    Bonjour
    apres avoir configurer mon routeur cisco aironet 1300 et que la connexion passe tres bien.
    Mais mon probléme en est que je n'arrive a me connecté sur à internet sur mon iphone. la connectivité  entre le routeur et l'iphone pass tres bien.
    et sur d'autres routeurs wifi je peux me connecter avec mon iphone sur internet et tel n'est pas le cas avec mon routeur aironet 1300

    Hi,
    Vous  pouvez essayer de désactiver l'extension Aironet que la désactivation  des extensions Aironet améliore la capacité des machines clientes  non-Cisco de s'associer au dispositif sans fil.
    int dot11 0 or 1
    no dot11 extension aironet
    Link : http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/configuration/guide/s38rf.html#wp1135928
    Regards,
    Madhuri

  • Clients timeout on DHCP lease with Aironet 1141

    Hello
    I have an interesting problem that I can't find a solution for.
    Backround info:
    I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan.
    The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server.
    After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure.
    Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
    Configuration is attached below.
    Does anyone have any ideas?

    Sure, possibly relevant parts:
    errdisable recovery cause udld
    errdisable recovery cause bpduguard
    errdisable recovery cause security-violation
    errdisable recovery cause channel-misconfig (STP)
    errdisable recovery cause pagp-flap
    errdisable recovery cause dtp-flap
    errdisable recovery cause link-flap
    errdisable recovery cause gbic-invalid
    errdisable recovery cause l2ptguard
    errdisable recovery cause psecure-violation
    errdisable recovery cause dhcp-rate-limit
    errdisable recovery cause vmps
    errdisable recovery cause storm-control
    errdisable recovery cause arp-inspection
    spanning-tree mode rapid-pvst
    spanning-tree loopguard default
    spanning-tree portfast bpduguard default
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    ip ssh time-out 60
    ip ssh authentication-retries 5
    ip ssh logging events
    ip ssh version 2
    interface GigabitEthernet1/0/1
    description Gi1/0/1 to CAT-CORE
    switchport trunk encapsulation dot1q
    switchport mode trunk
    interface GigabitEthernet1/0/4
    description Gi1/0/4 to RADIUS_serv
    switchport access vlan 240
    switchport mode access
    spanning-tree portfast
    spanning-tree bpdufilter enable
    spanning-tree bpduguard enable
    interface GigabitEthernet1/0/8
    description Gi1/0/8 to DHCP_serv
    switchport access vlan 240
    switchport mode access
    spanning-tree portfast
    spanning-tree bpdufilter enable
    spanning-tree bpduguard enable
    interface GigabitEthernet1/0/11
    description Aironet 1141 AIRONET-MO-1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 240
    switchport trunk allowed vlan 240-246,248,249
    switchport mode trunk
    interface Vlan240
    description Admin_Vlan
    ip address 192.168.240.244 255.255.255.0
    ip default-gateway 192.168.240.1
    ip classless
    no ip http server
    ip http secure-server

  • Cisco Aironet 1200 LAP Issues - LAP to Autonomous Mode

    Greetings! After purchasing 4 of the Cisco Aironet 1200 G Series WAPs, I'm now running into a slight issue with them.
    I received these last week with the understanding that if I didn't have the Cisco controller device, I could convert them from being the Lightweight Access Point, back to Autonomous mode with an IOS.
    With this, I checked the documentation that came with the device and found the "Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode" or http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&needs_authentication=yes&CommCmd=MB%3Fcmd%3Dadd_discussion%26mode%3Dshow%26needs_authentication%3Dyes%26location%3D.ee7c7c3.
    From there, I followed the instructions listed under Converting a Lightweight Access Point Back to Autonomous Mode. Before the rename of the file, I checked the device and found AIR-LAP1242G-A-K9 for the Model No.
    One of the Cisco Certified admins here was able to obtain the latest build for the IOS for the device or c1240-k9w7-tar.123-8.JEB1.tar. Per the instructions, I renamed the file to coincide with the model of the device.
    I followed the instructions from there, and it looked as if everything was going well. However, after the upgrade, I'm running into an issue with the following:
    File "flash:/c1200-k9w7-mx.123-8.JEB1/c1200-k9w7-mx.123-8.JEB1" uncompressed and installed, entry point: 0x3000
    executing...
    At this point, the device just locks up. All lights are lit green on the device. According do the documentation, it should reboot and from there, I should be able to access the web interface by IP.
    I've tried to perform the upgrade again using the same IOS build, but the same thing happens with the lock up.
    At this point, I'm assuming the issue is with the build of the IOS that I have and I may have to look at getting an older build. However, before doing so, I thought I would post something here to see if anyone had an idea.
    I may have needed to refine my searching of the forums, but wasn't able to find anything in relation to my issue. If there is something out there, I do apologize for the post and will happily refer to any current information.
    If you need any further information in relation to this, please let me know. Any assistance is greatly appreciated. Thank you!

    Hi Jeffrey,
    Reverting the Access Point Back to Autonomous Mode
    Have a look at Step 3
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
    You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
    Using a TFTP Server to Return to a Previous Release
    Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
    Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
    Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
    Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
    Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
    Step 5 Disconnect power from the access point.
    Step 6 Press and hold MODE while you reconnect power to the access point.
    Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
    Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
    Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
    From this doc;
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
    Hope this helps!
    Rob

  • Cisco Aironet ap1141n-e-k9 help configuration

    Hi all,
    i have just got a brand new aironet access point belonging to 1140 series (1141n-e-k9), it has been a while since i worked last time with cisco devices and i really need few help to configure this AP. (also useful link is appreciated)
    I've an existing (wired) network with a dhcp server that provides IPs for the following class: 192.168.1.0/24 (default gw 192.168.1.254)
    I would like to configure this new AP with ip 192.168.1.253 on gigabit ethernet while radio interface would have ip 192.168.2.1 and act as a dhcp server for following class: 192.168.2.0/24
    Maybe it could be configured in another way but it's important for me to have client connected to ap in a subnet (i.e. 192.168.2.0/24) different from existing one (192.168.1.0/24), is it possible?
    I read the manual with the title: "Cisco IOS Software Configuration Guide for Cisco Aironet Access Points" but i really can't figure out how to accomplish this simple(i guess) task.
    Any help (links,tips or tricks) would be really appreciated (since my brain is about to blow up )
    TIA,
    Antonio

    Hi Scott,
    thanks for your answer and for links you provided , however i have a problem with that.
    is it possible to find a solution for this problem internally to the AP? (sorry if my question would sound stupid)
    atm i can't "put my hands" on the device the ap is connected to (it's a customer's requirement, unfortunately) and i don't know either if the switch would be a cisco device, is there a solution (maybe without vlan) to solve my problem?
    since ap has an gigabitethernet interface and a radio one, couldn't i setup an ip belonging to class 192.168.1.0 to ethernet and an ip belonging to class 192.168.2.0 to radio dot11 and setup a bridge between this two interfaces?
    thanks for your answer and your time,
    Antonio

  • Wireless site survey doubts with cisco aironet site survey utility tool

    Hi,
    I have 1131 autonomous AP and we have project where we need to implement WLC 5500 with 1140 LAP.
    Before that , we need to do site survey . we are going to use cisco aironet adapter and with the help of site survey utility tool we are planning to do site survey .
    I have below doubt before starting the site survey :
    1) do we need to configure the AP 1131 with existing LAN set-up of client to get connected ?
    If yes , how can i shift this 1131 ap always from one location to another location and connect to respective vlan in switch ?  It would be tedious job ....
    because , We need to connect ( get associated ) our laptop always to 1131 ap and then roam around to get the RSSI , signal strength , SNR and throughput ....  ...
    to configure the AP to existing lan set-up of client , it would not be flexible to do site survey ?
    without that , how can I just plug-in power to 1131 AP with standalone configuration .... and without connecting to switch ( any lan-port ) , do the site survey ?
    Please suggest me .............
    In short , without connecting to LAN set-up of client , how can i do the site survey ?
    2) will it be worth to do site survey with cisco aironet card ( site survey utility ) ? or we should i have different site survey software for the same ?
    Please share the knowledge .... 

    Site Surveys are important and should be done by a professional. A poor site survey can lead to a lot of problems. It would be hard to put all aspects of conducting a proper site survey in a single post. Lets cover a few of the basics.
    1) If you plan to deploy 1140 model access points. Then you should use that AP in autonomous mode so you dont have to be plugged into your network
    2) The AP gets powered by an exteral power source like this battery for exmaple:
    http://www.tessco.com/products/displayProductInfo.do?sku=345625&WT.mc_id=google_base&sp=true
    3) As far as moving the AP around you can purchase a site survey pole like this:
    http://www.tessco.com/products/displayProductInfo.do?sku=392506&eventPage=1
    4) As for software, I like AirMagnet Surveyor
    http://www.airmagnet.com/products/survey/
    But again. There is a lot to know about doing surveys...

  • IPSEC between Fortinet and Cisco SA540

    Hi,
    We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised. Can you help me out to resolve the issue.
    Regards,
    Satish.

      Hello Venkatasatish,
    I gonna send you an example of VPN between Cisco ASA 8.2 version and Fortigate mr4.
    In my example i gonna use the following environments:
    Cisco ASA "Zones"
    Inside: 192.168.1.0/24     "Asa inside interface Ip address 192.168.1.1"
    Outside: 200.200.200.0/29  "Asa outside interface Ip address 200.200.200.1"
    Fortigate "Zones"
    inside: 172.16.1.0/24     "Asa inside interface Ip address 172.16.1.1"
    outside: 201.201.201.0/29  "Asa outside interface Ip address 201.201.201.1"
    =================================> VPN Script of ASA <=================================
    access-list inside_access_in remark Firewall rule from ASA to Fortigate
    access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0 log notifications
    access-group inside_access_in in interface inside
    access-list VPN_NONAT remark Nonat to VPN traffic over VPN
    access-list VPN_NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    access-list CryptoMap_ASA_to_Fortigate remark VPN Site-to-Site to Fortigate Site
    access-list CryptoMap_ASA_to_Fortigate extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    nat (inside) 0 access-list VPN_NONAT
    crypto isakmp enable outside
    crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto map OUTSIDE_map 1 match address CryptoMap_ASA_to_Fortigate
    crypto map OUTSIDE_map 1 set peer 201.201.201.1
    crypto map OUTSIDE_map 1 set transform-set ESP-3DES-SHA
    crypto map OUTSIDE_map 1 set security-association lifetime seconds 3600
    crypto map OUTSIDE_map interface outside
    group-policy GP_TO_FORTIGATE internal
    group-policy GP_TO_FORTIGATE attributes
    vpn-idle-timeout none
    vpn-tunnel-protocol IPSec
    tunnel-group 201.201.201.1 type ipsec-l2l
    tunnel-group 201.201.201.1 general-attributes
    default-group-policy GP_TO_FORTIGATE
    tunnel-group 201.201.201.1 ipsec-attributes
    pre-shared-key cisco123
    =================================> VPN Script for Fortigate ==============================
    Phase 1:
    FORTIGATE# config vpn ipsec phase1-interface  "enter"
    FORTIGATE (phase1-interface) # edit 200.200.200.1 "enter"
            set interface "outside"
            set keylife 86400
            set mode main
            set dhgrp 2
            set proposal 3des-sha1
            set remote-gw 200.200.200.1
            set psksecret ENC cisco123
            next "to apply the configuration"
    Phase 2
    FORTIGATE# config vpn ipsec phase2-interface
        edit 200.200.200.1
            set keepalive enable
            set pfs disable
            set phase1name "200.200.200.1"
            set proposal 3des-sha1
            set dst-subnet 192.168.1.0 255.255.255.0
            set keylifeseconds 3600
            set src-subnet 172.16.1.0 255.255.255.0
            next "to apply the configuration"
    Config route to VPN: I am using 100 entry, you need to take a look at your firewall.
    FORTIGATE# config router static "enter"
    FORTIGATE (static) # edit 100 "enter"
    FORTIGATE (100) #  set device "200.200.200.1"
                       set distance 1
                       set dst 192.168.1.0 255.255.255.0
    Create a Rule: in my example I´m using any to any over VPN, but you can to filter based on network environments.
    FORTIGATE # config firewall policy "enter"
    FORTIGATE (policy) # edit 100 "enter"
    config firewall policy
        edit 100
            set srcintf "200.200.200.1"
            set dstintf "inside"
                set srcaddr "all"            
                set dstaddr "all"            
            set action accept
            set schedule "always"
                set service "ANY"            
            set logtraffic enable
            set comments "Access from VPN ASA site"
    FORTIGATE (policy) # edit 101 "enter"
    config firewall policy
        edit 101
            set srcintf "inside"
            set dstintf "200.200.200.1"
                set srcaddr "all"            
                set dstaddr "all"            
            set action accept
            set schedule "always"
                set service "ANY"            
            set logtraffic enable
            set comments "Access to VPN ASA Site"
    After that, please start a traffic between private network, 192.168.1.0 and 172.16.1.0/24.
    Please let me know about it!
    Good luck.
    Fabio Jorge Amorim

Maybe you are looking for

  • Having Thread trouble

    I am writing a servlet that searches a Directory and gets all of the volume objects it has. I want to take the volume objects and get all of the information about them. I have been able to do this but I want the servlet to be multi-threaded because I

  • TS3772 Just because I live in Thailand it doesn't mean I want all the pop-up boxes to be Thai! Why is there no box to switch languages?

    Why is there no box to switch languages?  Just because I live in Thailand doesn't mean that I read and write in Thai.  Please include a language box to switch languages at the front end of download pages and other places as needed.

  • ISO:  person or forum for data modeling guidance

    hello - Is there anyone here who is willing/able to advise me on the data model that my husband and I have been working on? Alternatively, can anyone suggest an alternative forum, or where I need to go to have this done professionally? Our background

  • Logging a custom StepType Property

    I followed the "Logging a New Step Property to a Database in TestStand" description but I get this answer back: An exception occurred calling 'LogResults' in 'ITSDBLog' of 'DBLog 1.0 Type Library' An error occurred while setting a column value. Schem

  • Need Advice! MySQL Field Type and data display

    DW8/PHP/MySQL This is a two part question. First off I am builing a database (mySQL) driven review site with PHP. I am working on creating my database, however I would like some input/advice from others. Below are some example fields that will be in