FlexConnect Access Point - Wired 802.1X or MAB Authentication

Similar Messages

• Requirement for Native VLAN on Flexconnect Access Point

  Hi All,
  Just looking at AP configuration using 5508 WLC.
  We have APs deployed at all branch sites connected over a corporate L3 WAN to a Data Centre which houses the WLC(s)
  When setting the AP for Flexconnect mode there is a requirement that one native VLAN must be configured for each FlexConnect AP. If the AP is attached to a L2 switch and I want to enable multiple VLAN Mappings then I would need to add these VLANs to the allowed VLAN list on a trunk link between the AP and the switch (802.1Q) on the branch site.
  Normally if I configured a trunk link I would never add the Native VLAN to the trunk and never use it for any traffic. In this case it would appear that I MUST use the native VLAN (which seems to go against my better judgement). So my question (after all this) is: What must the AP use the Native VLAN?
  Thanks All.

  This has always been a standard practice for access points that has to connect to a trunk port. This goes back to the autonomous access points and also with FlexConnect and Mesh if your setting up Ethernet bridging.  Wired side is different from the wireless side as you have noticed. 
  Please rate helpful post and Cisco Support Community will donate to Kiva
  Scotty

• Access Point support 802.11a/g/b/r

  can you suggest me the access point which support 802.11a/g/b/r ?
  My problem is with 802.11 r. i am not getting clear idea about the wireless access point which will support 802.11r
  kindly suggest me the product

  There are no APs that support 802.11r yet. 802.11r is a standards extension to support fast secure roaming that was only ratified a month or so ago. It requires client device support and there are no clients that support it yet.
  If you want fast secure roaming, Cisco offers CCKM on all our APs and CCKM and PKC on all our controllers.
  I suspect though, that you may have meant, 802.11n, which is a higher data rate PHY/MAC standards extension. That is supported in the AP1250 series.

• 2 Access Points?

  I have a E4200 as well as a WRT54G. I'm looking to create two different access points to the same network, one access point being 802.11g (WRT54G) and the other being 802.11n (E4200) I want to do this because I need the extra speed from 802.11n for streaming video to my consoles. The problem is that there are multiple devices that only reach up to 802.11g.
  Would it be possible to plug the WRT54G into the E4200 in order to give a second access point (probably with different SSID) so that 802.11g devices can connect to the network, without having to destroy my 802.11n network? The WRT54G is currently running DD-WRT.

  Yes. You can use two access points. davidssw posted the general instructions. I think dd-wrt even supports "bridge mode" which allows you to to connect the internet port of the WRT to your E4200. You could then use all 4 ethernet ports on the WRT for wired devices.
  You can use different SSIDs etc. on both. Most important make sure that you assign different non-overlapping channels on both for the 2.4 GHz band. Pick two from 1,6,11. Operate the E4200 on 20 MHz channels only for the 2.4 GHz band.m Don't use the "auto 20/40" setting. A 40 MHz channel on the 2.4 GHz band basically allocates most of the total available 2.4 GHz band and thus you will most definitively interfere with your WRT and the E4200 should eventually automatically switch back to 20 MHz channels anyway. Thus, instead choose 20 MHz and a static channel to avoid this situation.
  I would also suggest to use a different SSID for the 5 GHz band on the E4200 and, if possible, use that SSID for streaming. Of course, this depends on your consoles and whether they support the 5 GHz band or not...

• Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points

  Hi Guys,
  I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1300". I want the AP to broadcast only 1 SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
  The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1300. I can connect to the radius server, but I am not sure how to confirgure the AP's port, radio port, vlan and SSID.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
  I go through some references:
  3.5  RADIUS-Based VLAN Access Control
  As discussed earlier, each SSID is mapped to a default VLAN-ID on the wired side. The IT administrator may wish to impose back end (such as RADIUS)-based VLAN access control using 802.1X or MAC address authentication mechanisms. For example, if the WLAN is set up such that all VLANs use 802.1X and similar encryption mechanisms for WLAN user access, then a user can "hop" from one VLAN to another by simply changing the SSID and successfully authenticating to the access point (using 802.1X). This may not be preferred if the WLAN user is confined to a particular VLAN.
  There are two different ways to implement RADIUS-based VLAN access control features:
  1. RADIUS-based SSID access control: Upon successful 802.1X or MAC address authentication, the RADIUS server passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge.
  2. RADIUS-based VLAN assignment: Upon successful 802.1X or MAC address authentication, the RADIUS server assigns the user to a predetermined VLAN-ID on the wired side. The SSID used for WLAN access doesn't matter because the user is always assigned to this predetermined VLAN-ID.
  extract from: Wireless Virtual LAN Deployment Guide
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
  ==============================================================
  Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
  ==============================================================
  Controller: Wireless Domain Services Configuration
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml
  Any help on this issue is appreicated.
  Thanks.

  I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
  I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
  Hope this helps

• Wi-Fi Access Point with B Channel or Wi-Fi with B Channel

  What does Wi- Fi with B channel or Wi-Fi Access point with B Channel mean. Can someone explain me. I am confused

  I don't know what your asking.  if your talking about 802.11b, that is a standard and you can compare the difference of 802.11b, 802.11a, 802.11g, 802.11n and or 802.11ac. Wireless devices, that means client devices have to be able to support the standard that the access point is using.  So if an access point is 802.11b only, the wireless client device has to be able to support 802.11b.  If for example, the access point is 802.11b/g/a/n/ac, that means the client has to be able to support at least one of those standards to be able to connect.
  Just take a look at the standards,  here is a link to a quick comparison.
  http://compnetworking.about.com/cs/wireless80211/a/aa80211standard.htm
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• How can i change regulatory domain C to A of access point

  Recently my office got an access point - (AIR-CAP2602E-C-K9)  which is not synchronizing with controller (AIR-CT2504-5-K9 )as it is in domain A , all other AP also in domain A. Now can i change the domain of access point or what is the possible solution to add new AP with controller ? is it possible to run both domain (A, C)  at the same time with one controller ?   

  Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain
  The Japanese government has changed its 5-GHz radio spectrum regulations. These regulations allow a field upgrade of 802.11a 5-GHz radios. Japan allows three frequency sets:
  •J52 = 34 (5170 MHz), 38 (5190 MHz), 42 (5210 MHz), 46 (5230 MHz)
  •W52 = 36 (5180 MHz), 40 (5200 MHz), 44 (5220 MHz), 48 (5240 MHz)
  •W53 = 52 (5260 MHz), 56 (5280 MHz), 60 (5300 MHz), 64 (5320 MHz)
  Cisco has organized these frequency sets into the following regulatory domains:
  •-J regulatory domain = J52
  •-P regulatory domain = W52 + W53
  •-U regulatory domain = W52
  Regulatory domains are used by Cisco to organize the legal frequencies of the world into logical groups. For example, most of the European countries are included in the -E regulatory domain. Cisco access points are configured for a specific regulatory domain at the factory and, with the exception of this migration process, never change. The regulatory domain is assigned per radio, so an access point's 802.11a and 802.11b/g radios may be assigned to different domains.
  For more information please refer to the link-
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/321930RN.html#wp111182

• Access point without enough power

  My AIR-LAP1252G-E-K9 access point doesn't register against the controller. The switch is seeing both the MAC and the IP of the AP, but the power inline seems not to be enough. Although the switch sees the AP's IP address by CDP, this one doesn't answer the ping request.
  Device ID: SFJ2AP2
  Entry address(es):
  IP address: 10.20.147.226
  Platform: cisco AIR-LAP1252G-E-K9 , Capabilities: Trans-Bridge IGMP
  Interface: GigabitEthernet1/0/7, Port ID (outgoing port): GigabitEthernet0
  Holdtime : 125 sec
  Version :
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 18:56 by prod_rel_team
  advertisement version: 2
  Duplex: full
  Power drawn: 11.000 Watts
  Power request id: 63976, Power management id: 2
  Power request levels are:11000 0 0 0 0
  Management address(es):
  Is this a hardware problem? What could be the source of it?
  Thanks in advanced for your ideas!
  Best regards,
  Laura

  Hi Laura,
  Yes, it's most cetainly a "PoE" problem;
  Powering the Aironet 1250 Series Access Point with 802.3af Power over Ethernet
  The Aironet 1250 Series Access Point with one RM1252 radio module installed requires 12.95W, which is within the 802.3af Power over Ethernet (PoE) standard. Any Cisco switch supporting 802.3af may be used to power the Aironet 1250 Series Access Point with one RM1252 radio module installed. This is ideal for businesses that chose to only deploy on a single frequency (2.4 GHz or 5 GHz). A single radio provides optimum performance with approximately 300 Mbps maximum PHY data rate. Customers who deploy dual-band, 802.11n radios and power the 1250 Series using standard 802.3af will have more reliable and predictable coverage than that provided by traditional 802.11a/g networks; however, operation will be limited to a single transmitter per radio with maximum PHY data rates of 150 Mbps instead of 300 Mbps per radio. Customers with a significant investment in 802.11 a/b/g client devices that have low-to-medium bandwidth needs but high-reliability requirements will benefit the most from this type of deployment scenario.
  Powering the Aironet 1250 Series Access Point with Cisco Enhanced PoE
  Cisco Enhanced PoE was designed for customers who want to install new PoE-enabled technologies that require greater than 15.4W per port to function at full capability, such as wireless technology based on the IEEE 802.11n standard. Cisco Enhanced PoE provides the full power requirements for dual-radio modules and eliminates the need to run an additional cabling drop or insert a separate power injector. Support for Enhanced PoE is currently available on a variety of Cisco Catalyst® switching platforms. For more information on Enhanced PoE, visit
  http://www.cisco.com/en/US/prod/switches/epoe.html.
  What are you using for the 1252's?? If you are using an "E" Series 3750 this is a very good thread;
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless - Mobility&topic=General&topicID=.ee6e8b8&fromOutline=&CommCmd=MB?cmd=display_location&location=.2cc039db
  Hope this helps!
  Rob

• 11b client and 11g Access Point

  Can 11g Access Point support 11b client ?
  i have a Access Point AIR-AP1231G-E-K9.
  Users with a 11g client adaptor is able to login successfully, but users with 11b client adaptor is not able to login.
  How should i configure that AP so that 11b client can login as well ?
  Should i downgrade my access point back to pure 11b ?

  Hi
  11b users should be able to log in, as this AP supports both 11b and 11g at the same time.
  Please try this:
  Under interface dot11Radio0, configure:
  speed default.
  This should set data rates to factory default settings allowing both 802.11b and 802.11g client devices to associate to the access point’s 802.11g radio.
  HTH

• IOS 4.2.1 breaks web-based authentication to wifi access points

  Whenever I tried to access the *wifi access points* I use more often *whose authentication is web-based*, like the one at my public library or at my office, although I input my username and password correctly, I am always bounced back to the login form.
  Before iOS 4.2.1 I know that there was a problem of this sort already, related to *some incompatibility between Safari's auto-fill features and the access points*, that could be solved by simply turning off auto-fill, and I did that. But know *it looks like the problem got to a new level of subtlety*.
  Interestingly, *everything worked nicely while I was using the Gold Master version of iOS 4.2.0* that never made it to release, so the solution has to be found among the differences between 4.2.0 and 4.2.1, if you're an Apple engineer reading this.
  Can you help? Any idea or trick to try that I didn't already? Thanks!
  Giacecco

  Hi Richard,
  You mentioned that 'Apple put the AirPrint spec out there for all printer makers'. I've been looking around but I haven't found any spec. Where did you find it?
  Do printer makers have to buy a license in order to be able to advertise that they've implemented the AirPrint protocol? Is there maybe an Apple review process in place?
  TIA
  Geert

• How do I use Airport Extreme to create wired access point on wireless network?

  Bit of an odd situation. I just went from cable to DSL at home and the modem moved from right by my computer to upstairs.
  Trouble is, there's no real easy way to get a cable from the modem upstairs to my X-box (sans wireless connector) downstairs.
  I could buy the wireless adaptor for the X-Box, but I was hoping I wouldn't have to spend any more money.
  I have my airport extreme, and I was hoping I could use it to create a wired access point on the network, recieving the signal from the wireless modem upstairs and allowing me to plug in the X-Box.
  Is this possible? If so, how? I've been through the config panel about a dozen times, but can't figure out what combination to set up.
  Thanks.

  Will it work if I use the express to create the network?
  Yes, providing that you have an 802.11n version of the AirPort Express and the Express has been configured to "Allow this network to be extended".
  Then, the AirPort Extreme can be configured to "extend" the Express network. When you do this, the AirPort Extreme will provide more wireless coverage and the LAN Ethernet ports are enabled, so you can connect an Ethernet device.
  This will not be a "normal" Ethernet connection. It will only work as well as the wireless "hop" between the Express and Extreme allow.
  For best results and performance, a wired connection through the hole in the wall is always best. If you decide to do this, you will need the "new" AirPort Express with both a WAN and LAN port on the device. But, you could try wireless first to see if it will meet your goals before you reach for the tools.

• AirPort Extreme (5th Gen) WiFi access point disappears but wired ethernet is ok

  My AirPort Extreme SSID and access point "disappear" randomly from available WiFi networks. I had a 1st gen AirPort Extreme and never had this problem until earlier this year. I thought it might be a failing radio in the 1st gen unit so I used it as a good excuse to get a 5th gen AirPort extreme about 3 months ago. Same problem has been occuring; unfortunately it is random and I cannot get a handle on what/when/why it is happening.
  For example, my iPhone 4S was connected to the network at about 1700 today and when I next checked the phone around 2115, no wifi connection and my network was not listed in the WiFi connections. The base station is away from other wireless devices (mouse, keyboard) and is about 10 feet from the nearest PC and monitor. Both printers are accessed via ethernet, not wifi. The strange and puzzling thing is that the PC, which is connected by ethernet to the AirPort Extreme, is still connected to the internet (I can browse, check email, newsgroups, etc.).
  When I run the AirPort Utility, the base station is identified (AirPort Extreme 802.11n 5th Generation), there is an appropriate IP address, Version 7.6 firmware, and MAC address is listed. However, when I attempt to Continue or do a Manual Setup, I'm prompted for the admin password, the progress bar moves during 'reading from the Apple wireless device. Please wait...,' and then the utility reports "An error occured while tryong to access the Apple wireless device. Make sure your network connection is valid and try again. Error -6722.
  If I unplug, wait, and reattach the power to the base station, WiFi becomes available again. When the WiFi connection "disappears", the LED light is solid green.
  Any insights are appreciated; please let me know other helpful information I can provide.
  Scott

  I have the exact same problem and it's driving me nuts.
  I bought an airport extreme n last week and plugged it in, hooked it up to my adsl router by Ethernet, configured it to set up a new wifi network and got the green light. I use an iPhone 4, iPad 2, and Windows 7 PC with an N wifi adaptor.
  The airport works fine for about 2 hours before the wireless network disappears without a trace. Green light remains on the base station and I can connect fine by Ethernet.
  "it just don't make sense"
  I hope it's not a windows-7-only thing, Apple.
  PS. Updated firmware to the newest version, no difference.
  Airport is near to a wireless phone so I set a specific wireless channel and frequency to prevent a clash. No change.

• Subject: FlexConnect compatibility with Access Point

  Subject: FlexConnect compatibility with Access Point
  Summary: Hi,
  We have today one Cisco 5508 and those access point on remote sites
  o CISCO AIR-LAP-1131AG-E-K9
  o CISCO AIR-LAP-1231G-E-K9
  o CISCO AIR-LAP-1142N-E-K9
  We plan to use redundancy on the controller and implement Flexconnect on the remote site. What we need to know is if I can implement Flexconnect on all actual access point - I think it is possible on 1142N + 1131G but do not know on 1231AG - is it correct or I'm wrong
  We plan to install the latest SW version for 5508 controller.
  Thank you
  Jean

  Here is what is supported
  Note All features discussed in this chapter apply to indoor (1040, 1140, 1250, 1260, 3500) and outdoor mesh access points (1500 series) unless noted otherwise. Mesh access point or MAP is hereafter used to refer to both indoor and outdoor mesh access points.
  Link to the guide
  http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml
  Sent from Cisco Technical Support iPhone App

• Need help finding wired access point or range extender?

  I currently have a EA6500 in a rather large home.  (4500 sq ft)   The router is on one side of the house and my office is on the other side of the house where wireless does not work well.   I am trying to use Samsung Tablet but the connection keeps dropping here.  when I move the tablet closer it works fine.
  Is there a range extender/access point I can purchase to use with the EA6500 where I can connect device via wired ethernet?
  If I connect range extender/access point to EA6500 router via wireless the signal in my office appears too weak to be extended properly?  I tried the RE1000 but was not successful.
  Please let me know if there is another product to try.
  Thank you.

  Was this extender working fine before and you’re trying to reconfigure its settings? In order for this to work properly, the wireless settings for the main router should be synchronized to it. After making sure that the wireless settings are synchronized, place the extender to an area in between the router and where you want to repeat the signal. If you will encounter connection problems after setting up the extender, you can reset the extender and reconfigure the settings. Make sure as well that the firmware is upgraded. For more info about setting up the range extender, you can refer to the following links:  What to do before manually setting up your range extender, Setting up the range expander without the installation CD, Getting to Know the WRE54G v3.

• Need to admin disable 802.11a radio from a few light weight access points

  Hi team,
  I need help to admin disable the 802.11a radio interface from a few lightweight APs. The operational status of these radio interfaces is down, so I am getting the following error when I try to disable them from the wireless LAN controller.
  (Cisco Controller) config>802.11a disable wds2.hyd.shaw.net
  This slot is not operational because Regulatory Domain Check has failed! Unable to disable the Cisco AP.
  Could you please let me know how I can administratively disable the 802.11a radios on these APs? Please let me know if you need more details here.
  Regards,
  Swati

  The two previous posts are correct: the regulatory domain is probably not allowing radio a to be enabled.
  To be sure about this you can go to GUI of the wireless LAN controller > Wireless > Country. Here your country (or region) should be selected. Then depending on the access points that you have they may or may not join or turn on the radio. Per example if you have an access point from Europe (like AIR-AP1131AG-E-K9) then you will have a conflict if only the “America” regulatory domain (-A) is selected.
  Here is a link with a list of products and their regulatory domain that might help:
  http://tools.cisco.com/squish/648C8
  What you can do here is to simply allow the regulatory domain that the access point needs and you should not have any problems.
  IMPORTANT NOTE: If you change the regulatory domain and use an access point that transmit at certain channels and frequencies that are not allowed (illegal) in your country (region) you may have legal implications.
  I hope this information helps you with your concern.