Client association between RAPs & MAPs (Cisco Aironet 1510)
How do you fix the association bugs that the 1510s have?
My problem is when a client (like a laptop) associates to the MAP (Mesh Access Point) or RAP (Rooftop Access Point), the client doesn't hand off it's wireless connection to the access point with the better signal strength. Is there a setting or configuration on the Wireless LAN Controller that would help this problem?
There are no issues roaming between RAP. Try upgrading the code of WLC to 4.0.179.8 and also try upgrading the client software since it is the client which should to access point with better signal.
Similar Messages
-
On the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point spec sheet from the Cisco.com website, it states that the input power for the DC inline POE is 28.5 W at 48 VDC, nominal. What is the maximum power at 48 VDC? On AC, the nominal power is 57.8W at 120 VAC. What is the maximum power at 120 VAC?
Also, I see that the Cisco 1510 only uses AC as a source. Does Cisco have a device for the Cisco Aironet 1510 that uses DC as a source? For example, instead of using the POE Injector that Cisco has, which uses an input of 120VAC (1.5A) and outputs 48VDC (1.2A), does Cisco have a POE Injector that uses an input of 12VDC and outputs 48VDC (1.2A).I think the maximum draw (with both radios and heater on) is 57.8 Watts, but with the heater not active it's much lower around 36.84 Watts.
-
Sub-option code for a Cisco Aironet 1510 AP
What is the sub-option code that has to be delivered as part of a DHCP Option 43 response for a Cisco Aironet 1510 AP?
Thanks,
Adriani think you're looking for the following:
option 43 ascii
ie:
option 43 ascii "10.10.10.2, 10.10.11.2"
please see this link for more info:
http://www.cisco.com/en/US/products/ps6548/products_quick_start09186a00806b5d00.html#wp45319 -
Hi everybody.
I was reading about cisco aironet 1510 AG and found it has two N series connector for antenna.
Cisco Aironet 1510AG
Expansion / Connectivity
Interfaces
1 x network / power - Ethernet 10Base-T/100Base-TX ¦ 2 x antenna - N-Series connector
1) we have two N series connector for antenna why do we need two antenna?
thanks and have a great weekend.Hi,
Two Antennas are used for diversity. Because there are too many factors that may affect the RF signal (Refraction, reflection, etc), the signal will follow different pathes to reach the destination (called multipath). Having two antennas to send/receive will make the receiver hear two signals (or more). If one of the signals is malformed then error correction will be better this way. This will make it faster than requesting the re-transmit again from the sources.
802.11n access poins usually have 3 Antennas for each radios because they use MIMO.
Also, this link will give you better information about Diversity and Multipath distortion:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646.shtm
HTH
Amjad -
Cisco aironet 1200 Series access point dropping clients
We are having an issue where our Cisco Aironet 1220 Series AP is constantly dropping clients. We have 3 APs mounted on a single tower, all out of each others range and freq. There are approximatly 30 clients on each AP. We are noticing an increase in dropped customers (up to 20 at a time). ANy suggestions? This only became an issue in the last few weeks, and nothing major has changed.
Hi
Even I was facing almost the same kind of problem. But in my case it was wired clients to the workgroup bridge 350.
I had done lot of testings and reading at that time to resolve this problem.
However in your case I feel your problem can be resolved by keeping the option "Reliable multicast for Workgroup bridges" disabled in the APs under dot11radio interface settings. This is possibly because the radios cannot associate to more than 20 clients at a time if the option is in the enable mode.
You need to keep this option enabled in a root bridge when you have problems of dropping the wired clients to the workgroup bridge.
By keeping this option enabled, you are actually asking the Root bridges to consider the Workgroup bridges as Infrastructure devices and not as clients thereby making the roots to send all the multicasts to the WGBs. However in that case it losses the efficiency of associating more than 20 clients.
Let me know if this resolves your problem.
Regards -
Cisco Aironet 1140 Association
All,
Quick question about the association web interface tab on a 1140. I have noticed that the Device Type shows as "unknown" and the Name shows as "NONE." Anyone have a clue as to why? Thanks for any help!
DaveAny resolution on this?
We have about 20 Cisco Aironet APs and they all show the same, Device type unknown, Name NONE -
Dot11 associations table, client associated with 0.0.0.0
I'm having an issue where wireless client association seam to fail to get IP address, but acctually don't...
MAC Address IP address Device Name Parent State
0016.eaae.c896 0.0.0.0 unknown - self EAP-Assoc
001f.e178.c6d8 192.168.27.192 unknown - self EAP-Assoc
This happens only "sometimes", especially when the clients (laptops) wake up from sleep mode.
Although the association shows IP 0.0.0.0, the state is "EAP-Assoc" and I can confirm that the client passed RADIUS authentication, received IP from DHCP and can ping the gateway.
The wireless network is made up by autonomous/standalone access-points (Cisco aironet 1100, 1130, 1200, 1040).
Network access is PEAP, WPA/AES, dot1x, multiple Vlans...
All access-points have an access-list at the radio IN that is dropping all IP broadcasts.
When I remove the ACL, everything appear to be fine (at least all the times that I checked), but when the ACL is active the issue doesn't always come up.
I must understand what is going on because this ACL (although it's not very common) has proven it's value by saving 30-40% CPU usage on access-points...
Does anyone know how the "dot11 associations" table is built??
Maybe some tips on how to troubleshoot the issue.
thanks in advanceAs an answer to your early quetsions (that I don't know why we did not answer it yet):
Assoc table is mainly built from information in association frames.
Assoc frames have no idea about IP addresses so how the APs know the IP? Not from assoc frames of course.
Each vendor may have different way to know the IP (they can look into the header of the IP traffic of that special client or they an look into dhcp communication).
summarizing the issue so far:
- The issue happens ONLY with the ACL in place.
- It does not happen with all clients.
- It happens ONLY when the clients in power save mode.
- It happens with same clients if they use static ip address even if they are not in power save mode (please confirm or amend this sentence to be more accurate).
Why power save mode do not show the IP? - > answering this quetion almost solves the problem.
what is common among the problematic clients? - > need to know this in order to isolate further.
Is it AP hardware/software related? -> helps to isolate further.
I said that it could possibly be related to information elements but not necessarily.
There are information element that transfer Power Save capability between clietns and the AP. I have no idea though how those can be related.
More information about information elements can be found in the IEEE standard downloadable from here:
http://standards.ieee.org/getieee802/download/802.11-2007.pdf
go to section :
7.3.2 Information elements
in page 99.
I tried to read about power save and tried to link that with our issue with no hope.
It could possibly a bug or so that when PS is used the AP behaves differently.
HTH
Amjad -
%ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510
Hi Friends,
I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
Error in CISCO VPN Client Software:
Secure VPN Connection Terminated locally by the client.
Reason : 414 : Failed to establish a TCP connection.
Error in CISCO ASA 5510
%ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
ASA Configuration:
XYZ# sh run
: Saved
ASA Version 8.4(4)
hostname XYZ
domain-name XYZ
enable password 3uLkVc9JwRA1/OXb level 3 encrypted
enable password R/x90UjisGVJVlh2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif outside_rim
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet0/1
duplex full
nameif XYZ_DMZ
security-level 50
ip address 172.1.1.1 255.255.255.248
interface Ethernet0/2
speed 100
duplex full
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.252
interface Ethernet0/3
speed 100
duplex full
nameif inside
security-level 100
ip address 3.3.3.3 255.255.255.224
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa844-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
domain-name XYZ
object network obj-172.17.10.3
host 172.17.10.3
object network obj-10.1.134.0
subnet 10.1.134.0 255.255.255.0
object network obj-208.75.237.0
subnet 208.75.237.0 255.255.255.0
object network obj-10.7.0.0
subnet 10.7.0.0 255.255.0.0
object network obj-172.17.2.0
subnet 172.17.2.0 255.255.255.0
object network obj-172.17.3.0
subnet 172.17.3.0 255.255.255.0
object network obj-172.19.2.0
subnet 172.19.2.0 255.255.255.0
object network obj-172.19.3.0
subnet 172.19.3.0 255.255.255.0
object network obj-172.19.7.0
subnet 172.19.7.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.0.0
object network obj-10.2.0.0
subnet 10.2.0.0 255.255.0.0
object network obj-10.3.0.0
subnet 10.3.0.0 255.255.0.0
object network obj-10.4.0.0
subnet 10.4.0.0 255.255.0.0
object network obj-10.6.0.0
subnet 10.6.0.0 255.255.0.0
object network obj-10.9.0.0
subnet 10.9.0.0 255.255.0.0
object network obj-10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network obj-10.12.0.0
subnet 10.12.0.0 255.255.0.0
object network obj-172.19.1.0
subnet 172.19.1.0 255.255.255.0
object network obj-172.21.2.0
subnet 172.21.2.0 255.255.255.0
object network obj-172.16.2.0
subnet 172.16.2.0 255.255.255.0
object network obj-10.19.130.201
host 10.19.130.201
object network obj-172.30.2.0
subnet 172.30.2.0 255.255.255.0
object network obj-172.30.3.0
subnet 172.30.3.0 255.255.255.0
object network obj-172.30.7.0
subnet 172.30.7.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-10.19.130.0
subnet 10.19.130.0 255.255.255.0
object network obj-XXXXXXXX
host XXXXXXXX
object network obj-145.248.194.0
subnet 145.248.194.0 255.255.255.0
object network obj-10.1.134.100
host 10.1.134.100
object network obj-10.9.124.100
host 10.9.124.100
object network obj-10.1.134.101
host 10.1.134.101
object network obj-10.9.124.101
host 10.9.124.101
object network obj-10.1.134.102
host 10.1.134.102
object network obj-10.9.124.102
host 10.9.124.102
object network obj-115.111.99.133
host 115.111.99.133
object network obj-10.8.108.0
subnet 10.8.108.0 255.255.255.0
object network obj-115.111.99.129
host 115.111.99.129
object network obj-195.254.159.133
host 195.254.159.133
object network obj-195.254.158.136
host 195.254.158.136
object network obj-209.164.192.0
subnet 209.164.192.0 255.255.224.0
object network obj-209.164.208.19
host 209.164.208.19
object network obj-209.164.192.126
host 209.164.192.126
object network obj-10.8.100.128
subnet 10.8.100.128 255.255.255.128
object network obj-115.111.99.130
host 115.111.99.130
object network obj-10.10.0.0
subnet 10.10.0.0 255.255.0.0
object network obj-115.111.99.132
host 115.111.99.132
object network obj-10.10.1.45
host 10.10.1.45
object network obj-10.99.132.0
subnet 10.99.132.0 255.255.255.0
object-group network Serversubnet
network-object 10.10.1.0 255.255.255.0
network-object 10.10.5.0 255.255.255.192
object-group network XYZ_destinations
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 10.11.0.0 255.255.0.0
network-object 10.12.0.0 255.255.0.0
network-object 172.19.1.0 255.255.255.0
network-object 172.19.2.0 255.255.255.0
network-object 172.19.3.0 255.255.255.0
network-object 172.19.7.0 255.255.255.0
network-object 172.17.2.0 255.255.255.0
network-object 172.17.3.0 255.255.255.0
network-object 172.16.2.0 255.255.255.0
network-object 172.16.3.0 255.255.255.0
network-object host 10.50.2.206
object-group network XYZ_us_admin
network-object 10.3.1.245 255.255.255.255
network-object 10.5.33.7 255.255.255.255
network-object 10.211.5.7 255.255.255.255
network-object 10.3.33.7 255.255.255.255
network-object 10.211.3.7 255.255.255.255
object-group network XYZ_blr_networkdevices
network-object 10.200.10.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
access-list acl-outside extended permit ip any host 172.17.10.3
access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
access-list acl-outside extended permit tcp any any eq 10000
access-list acl-outside extended deny ip any any log
pager lines 10
logging enable
logging buffered debugging
mtu outside_rim 1500
mtu XYZ_DMZ 1500
mtu outside 1500
mtu inside 1500
ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
nat (inside,outside) source dynamic obj-10.8.108.0 interface
nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
object network obj-172.17.10.3
nat (XYZ_DMZ,outside) static 115.111.99.134
access-group acl-outside in interface outside
route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
crypto dynamic-map dyn1 1 set reverse-route
crypto map vpn 1 match address XYZ
crypto map vpn 1 set peer XYZ Peer IP
crypto map vpn 1 set ikev1 transform-set vpn1
crypto map vpn 1 set security-association lifetime seconds 3600
crypto map vpn 1 set security-association lifetime kilobytes 4608000
crypto map vpn 2 match address NE
crypto map vpn 2 set peer NE_Peer IP
crypto map vpn 2 set ikev1 transform-set vpn2
crypto map vpn 2 set security-association lifetime seconds 3600
crypto map vpn 2 set security-association lifetime kilobytes 4608000
crypto map vpn 4 match address ML_VPN
crypto map vpn 4 set pfs
crypto map vpn 4 set peer ML_Peer IP
crypto map vpn 4 set ikev1 transform-set vpn4
crypto map vpn 4 set security-association lifetime seconds 3600
crypto map vpn 4 set security-association lifetime kilobytes 4608000
crypto map vpn 5 match address XYZ_global
crypto map vpn 5 set peer XYZ_globa_Peer IP
crypto map vpn 5 set ikev1 transform-set vpn5
crypto map vpn 5 set security-association lifetime seconds 3600
crypto map vpn 5 set security-association lifetime kilobytes 4608000
crypto map vpn 6 match address Da_VPN
crypto map vpn 6 set peer Da_VPN_Peer IP
crypto map vpn 6 set ikev1 transform-set vpn6
crypto map vpn 6 set security-association lifetime seconds 3600
crypto map vpn 6 set security-association lifetime kilobytes 4608000
crypto map vpn 7 match address Da_Pd_VPN
crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
crypto map vpn 7 set ikev1 transform-set vpn6
crypto map vpn 7 set security-association lifetime seconds 3600
crypto map vpn 7 set security-association lifetime kilobytes 4608000
crypto map vpn interface outside
crypto map vpn_reliance 1 match address XYZ_rim
crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
crypto map vpn_reliance 1 set security-association lifetime seconds 3600
crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
crypto map vpn_reliance interface outside_rim
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev1 enable outside_rim
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 2
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28000
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.8.100.0 255.255.255.224 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy XYZ_c2s_vpn internal
username testadmin password oFJjANE3QKoA206w encrypted
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXXtype ipsec-l2l
tunnel-group XXXXXXXXipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XYZ_c2s_vpn type remote-access
tunnel-group XYZ_c2s_vpn general-attributes
address-pool XYZ_c2s_vpn_pool
tunnel-group XYZ_c2s_vpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect ip-options
service-policy global_policy global
privilege show level 3 mode exec command running-config
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command crypto
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
: end
XYZ#Thanks Javier.
But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
access-list ACL-RA-SPLIT standard permit host 10.10.1.3
access-list ACL-RA-SPLIT standard permit host 10.10.1.13
access-list ACL-RA-SPLIT standard permit host 10.91.130.201
access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key sekretk3y
username ra-user1 password passw0rd1 priv 1
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key *********
username ******* password ******** priv 1
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto map vpn interface outside
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
group 1
lifetime 3600 -
Cisco Aironet 1200
Firmware 12.3(8)JEB
Hello,
I want to control client associations when AP load is high.
Is there an MIB object that enables/disables client associations?
I have searched the supported MIBS, but i could not find anything.An improper combination of power level and antenna gain can result in equivalent isotropic radiated power (EIRP) above the amount allowed per regulatory domain. Here is the URL which indicate indicates the maximum power levels allowed with the Cisco integrated antenna for each regulatory domain and also contain configuration setting.
http://www.cisco.com/en/US/docs/wireless/access_point/1200/vxworks/installation/guide/higaxd_2.html -
Bonjour
apres avoir configurer mon routeur cisco aironet 1300 et que la connexion passe tres bien.
Mais mon probléme en est que je n'arrive a me connecté sur à internet sur mon iphone. la connectivité entre le routeur et l'iphone pass tres bien.
et sur d'autres routeurs wifi je peux me connecter avec mon iphone sur internet et tel n'est pas le cas avec mon routeur aironet 1300Hi,
Vous pouvez essayer de désactiver l'extension Aironet que la désactivation des extensions Aironet améliore la capacité des machines clientes non-Cisco de s'associer au dispositif sans fil.
int dot11 0 or 1
no dot11 extension aironet
Link : http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/configuration/guide/s38rf.html#wp1135928
Regards,
Madhuri -
Clients timeout on DHCP lease with Aironet 1141
Hello
I have an interesting problem that I can't find a solution for.
Backround info:
I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan.
The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server.
After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure.
Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
Configuration is attached below.
Does anyone have any ideas?Sure, possibly relevant parts:
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh logging events
ip ssh version 2
interface GigabitEthernet1/0/1
description Gi1/0/1 to CAT-CORE
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/0/4
description Gi1/0/4 to RADIUS_serv
switchport access vlan 240
switchport mode access
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
interface GigabitEthernet1/0/8
description Gi1/0/8 to DHCP_serv
switchport access vlan 240
switchport mode access
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
interface GigabitEthernet1/0/11
description Aironet 1141 AIRONET-MO-1
switchport trunk encapsulation dot1q
switchport trunk native vlan 240
switchport trunk allowed vlan 240-246,248,249
switchport mode trunk
interface Vlan240
description Admin_Vlan
ip address 192.168.240.244 255.255.255.0
ip default-gateway 192.168.240.1
ip classless
no ip http server
ip http secure-server -
Cisco Aironet 1200 LAP Issues - LAP to Autonomous Mode
Greetings! After purchasing 4 of the Cisco Aironet 1200 G Series WAPs, I'm now running into a slight issue with them.
I received these last week with the understanding that if I didn't have the Cisco controller device, I could convert them from being the Lightweight Access Point, back to Autonomous mode with an IOS.
With this, I checked the documentation that came with the device and found the "Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode" or http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&needs_authentication=yes&CommCmd=MB%3Fcmd%3Dadd_discussion%26mode%3Dshow%26needs_authentication%3Dyes%26location%3D.ee7c7c3.
From there, I followed the instructions listed under Converting a Lightweight Access Point Back to Autonomous Mode. Before the rename of the file, I checked the device and found AIR-LAP1242G-A-K9 for the Model No.
One of the Cisco Certified admins here was able to obtain the latest build for the IOS for the device or c1240-k9w7-tar.123-8.JEB1.tar. Per the instructions, I renamed the file to coincide with the model of the device.
I followed the instructions from there, and it looked as if everything was going well. However, after the upgrade, I'm running into an issue with the following:
File "flash:/c1200-k9w7-mx.123-8.JEB1/c1200-k9w7-mx.123-8.JEB1" uncompressed and installed, entry point: 0x3000
executing...
At this point, the device just locks up. All lights are lit green on the device. According do the documentation, it should reboot and from there, I should be able to access the web interface by IP.
I've tried to perform the upgrade again using the same IOS build, but the same thing happens with the lock up.
At this point, I'm assuming the issue is with the build of the IOS that I have and I may have to look at getting an older build. However, before doing so, I thought I would post something here to see if anyone had an idea.
I may have needed to refine my searching of the forums, but wasn't able to find anything in relation to my issue. If there is something out there, I do apologize for the post and will happily refer to any current information.
If you need any further information in relation to this, please let me know. Any assistance is greatly appreciated. Thank you!Hi Jeffrey,
Reverting the Access Point Back to Autonomous Mode
Have a look at Step 3
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
Using a TFTP Server to Return to a Previous Release
Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5 Disconnect power from the access point.
Step 6 Press and hold MODE while you reconnect power to the access point.
Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
From this doc;
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
Hope this helps!
Rob -
Cisco Aironet ap1141n-e-k9 help configuration
Hi all,
i have just got a brand new aironet access point belonging to 1140 series (1141n-e-k9), it has been a while since i worked last time with cisco devices and i really need few help to configure this AP. (also useful link is appreciated)
I've an existing (wired) network with a dhcp server that provides IPs for the following class: 192.168.1.0/24 (default gw 192.168.1.254)
I would like to configure this new AP with ip 192.168.1.253 on gigabit ethernet while radio interface would have ip 192.168.2.1 and act as a dhcp server for following class: 192.168.2.0/24
Maybe it could be configured in another way but it's important for me to have client connected to ap in a subnet (i.e. 192.168.2.0/24) different from existing one (192.168.1.0/24), is it possible?
I read the manual with the title: "Cisco IOS Software Configuration Guide for Cisco Aironet Access Points" but i really can't figure out how to accomplish this simple(i guess) task.
Any help (links,tips or tricks) would be really appreciated (since my brain is about to blow up )
TIA,
AntonioHi Scott,
thanks for your answer and for links you provided , however i have a problem with that.
is it possible to find a solution for this problem internally to the AP? (sorry if my question would sound stupid)
atm i can't "put my hands" on the device the ap is connected to (it's a customer's requirement, unfortunately) and i don't know either if the switch would be a cisco device, is there a solution (maybe without vlan) to solve my problem?
since ap has an gigabitethernet interface and a radio one, couldn't i setup an ip belonging to class 192.168.1.0 to ethernet and an ip belonging to class 192.168.2.0 to radio dot11 and setup a bridge between this two interfaces?
thanks for your answer and your time,
Antonio -
Wireless site survey doubts with cisco aironet site survey utility tool
Hi,
I have 1131 autonomous AP and we have project where we need to implement WLC 5500 with 1140 LAP.
Before that , we need to do site survey . we are going to use cisco aironet adapter and with the help of site survey utility tool we are planning to do site survey .
I have below doubt before starting the site survey :
1) do we need to configure the AP 1131 with existing LAN set-up of client to get connected ?
If yes , how can i shift this 1131 ap always from one location to another location and connect to respective vlan in switch ? It would be tedious job ....
because , We need to connect ( get associated ) our laptop always to 1131 ap and then roam around to get the RSSI , signal strength , SNR and throughput .... ...
to configure the AP to existing lan set-up of client , it would not be flexible to do site survey ?
without that , how can I just plug-in power to 1131 AP with standalone configuration .... and without connecting to switch ( any lan-port ) , do the site survey ?
Please suggest me .............
In short , without connecting to LAN set-up of client , how can i do the site survey ?
2) will it be worth to do site survey with cisco aironet card ( site survey utility ) ? or we should i have different site survey software for the same ?
Please share the knowledge ....Site Surveys are important and should be done by a professional. A poor site survey can lead to a lot of problems. It would be hard to put all aspects of conducting a proper site survey in a single post. Lets cover a few of the basics.
1) If you plan to deploy 1140 model access points. Then you should use that AP in autonomous mode so you dont have to be plugged into your network
2) The AP gets powered by an exteral power source like this battery for exmaple:
http://www.tessco.com/products/displayProductInfo.do?sku=345625&WT.mc_id=google_base&sp=true
3) As far as moving the AP around you can purchase a site survey pole like this:
http://www.tessco.com/products/displayProductInfo.do?sku=392506&eventPage=1
4) As for software, I like AirMagnet Surveyor
http://www.airmagnet.com/products/survey/
But again. There is a lot to know about doing surveys... -
IPSEC between Fortinet and Cisco SA540
Hi,
We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised. Can you help me out to resolve the issue.
Regards,
Satish.Hello Venkatasatish,
I gonna send you an example of VPN between Cisco ASA 8.2 version and Fortigate mr4.
In my example i gonna use the following environments:
Cisco ASA "Zones"
Inside: 192.168.1.0/24 "Asa inside interface Ip address 192.168.1.1"
Outside: 200.200.200.0/29 "Asa outside interface Ip address 200.200.200.1"
Fortigate "Zones"
inside: 172.16.1.0/24 "Asa inside interface Ip address 172.16.1.1"
outside: 201.201.201.0/29 "Asa outside interface Ip address 201.201.201.1"
=================================> VPN Script of ASA <=================================
access-list inside_access_in remark Firewall rule from ASA to Fortigate
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0 log notifications
access-group inside_access_in in interface inside
access-list VPN_NONAT remark Nonat to VPN traffic over VPN
access-list VPN_NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list CryptoMap_ASA_to_Fortigate remark VPN Site-to-Site to Fortigate Site
access-list CryptoMap_ASA_to_Fortigate extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list VPN_NONAT
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map OUTSIDE_map 1 match address CryptoMap_ASA_to_Fortigate
crypto map OUTSIDE_map 1 set peer 201.201.201.1
crypto map OUTSIDE_map 1 set transform-set ESP-3DES-SHA
crypto map OUTSIDE_map 1 set security-association lifetime seconds 3600
crypto map OUTSIDE_map interface outside
group-policy GP_TO_FORTIGATE internal
group-policy GP_TO_FORTIGATE attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec
tunnel-group 201.201.201.1 type ipsec-l2l
tunnel-group 201.201.201.1 general-attributes
default-group-policy GP_TO_FORTIGATE
tunnel-group 201.201.201.1 ipsec-attributes
pre-shared-key cisco123
=================================> VPN Script for Fortigate ==============================
Phase 1:
FORTIGATE# config vpn ipsec phase1-interface "enter"
FORTIGATE (phase1-interface) # edit 200.200.200.1 "enter"
set interface "outside"
set keylife 86400
set mode main
set dhgrp 2
set proposal 3des-sha1
set remote-gw 200.200.200.1
set psksecret ENC cisco123
next "to apply the configuration"
Phase 2
FORTIGATE# config vpn ipsec phase2-interface
edit 200.200.200.1
set keepalive enable
set pfs disable
set phase1name "200.200.200.1"
set proposal 3des-sha1
set dst-subnet 192.168.1.0 255.255.255.0
set keylifeseconds 3600
set src-subnet 172.16.1.0 255.255.255.0
next "to apply the configuration"
Config route to VPN: I am using 100 entry, you need to take a look at your firewall.
FORTIGATE# config router static "enter"
FORTIGATE (static) # edit 100 "enter"
FORTIGATE (100) # set device "200.200.200.1"
set distance 1
set dst 192.168.1.0 255.255.255.0
Create a Rule: in my example I´m using any to any over VPN, but you can to filter based on network environments.
FORTIGATE # config firewall policy "enter"
FORTIGATE (policy) # edit 100 "enter"
config firewall policy
edit 100
set srcintf "200.200.200.1"
set dstintf "inside"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
set comments "Access from VPN ASA site"
FORTIGATE (policy) # edit 101 "enter"
config firewall policy
edit 101
set srcintf "inside"
set dstintf "200.200.200.1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
set comments "Access to VPN ASA Site"
After that, please start a traffic between private network, 192.168.1.0 and 172.16.1.0/24.
Please let me know about it!
Good luck.
Fabio Jorge Amorim
Maybe you are looking for
-
I am writing a servlet that searches a Directory and gets all of the volume objects it has. I want to take the volume objects and get all of the information about them. I have been able to do this but I want the servlet to be multi-threaded because I
-
Why is there no box to switch languages? Just because I live in Thailand doesn't mean that I read and write in Thai. Please include a language box to switch languages at the front end of download pages and other places as needed.
-
ISO: person or forum for data modeling guidance
hello - Is there anyone here who is willing/able to advise me on the data model that my husband and I have been working on? Alternatively, can anyone suggest an alternative forum, or where I need to go to have this done professionally? Our background
-
Logging a custom StepType Property
I followed the "Logging a New Step Property to a Database in TestStand" description but I get this answer back: An exception occurred calling 'LogResults' in 'ITSDBLog' of 'DBLog 1.0 Type Library' An error occurred while setting a column value. Schem
-
Need Advice! MySQL Field Type and data display
DW8/PHP/MySQL This is a two part question. First off I am builing a database (mySQL) driven review site with PHP. I am working on creating my database, however I would like some input/advice from others. Below are some example fields that will be in