IPhone4 and Cisco Aironet 1141 access point - fail using WPAv2 Personal
I cannot get my iPhone4 (latest s/w) to connect to a Cisco Aironet 1141 access point if I specify WPAv2 Personal. It is a single access point without radius etc. I have no problems connecting using "no security", WEP or WPAv1. Is there a problem with the iPhone4 implementation of WPA2 as all my other PCs connect just fine on WPAv2?
With the Aironet 1141 I can switch security between WPAv1 & WPAv2 while keeping all other settings identical. Thus I can clearly demonstrate how the iPhone4 connects when both devices are set to WPAv1 yet will fail to connect when I switch both to WPAv2. As I have said, all other PCs I have connect via WPAv2 without any issues.
I cannot get my iPhone4 (latest s/w) to connect to a Cisco Aironet 1141 access point if I specify WPAv2 Personal. It is a single access point without radius etc. I have no problems connecting using "no security", WEP or WPAv1. Is there a problem with the iPhone4 implementation of WPA2 as all my other PCs connect just fine on WPAv2?
With the Aironet 1141 I can switch security between WPAv1 & WPAv2 while keeping all other settings identical. Thus I can clearly demonstrate how the iPhone4 connects when both devices are set to WPAv1 yet will fail to connect when I switch both to WPAv2. As I have said, all other PCs I have connect via WPAv2 without any issues.
Similar Messages
-
Configuring Cisco Aironet 1100 Access Point. Please help!
Hi all,
I have dozens of Cisco Aironet 1100 access points, each is managing its own wi-fi with DHCP.
I had to disable dhcp on them because they are on a wired subnet where I am using the static IPs and don't want my wired clients to get DHCP addresses, nor someone to be able to plug the wire into own laptop and get on the network.
It's been working fine with one exception - I need to be able to ping my access points from the central site, and I can't.
What IOS command would enable ICMP echo on my access points in this case?
Please help!Hi all,
I have dozens of Cisco Aironet 1100 access points, each is managing its own wi-fi with DHCP.
I had to disable dhcp on them because they are on a wired subnet where I am using the static IPs and don't want my wired clients to get DHCP addresses, nor someone to be able to plug the wire into own laptop and get on the network.
It's been working fine with one exception - I need to be able to ping my access points from the central site, and I can't.
What IOS command would enable ICMP echo on my access points in this case?
Please help! -
Multiple Cisco Aironet 1131AG access points and same SSID?
We have multiple Cisco Aironet 1131AG devices, all wired on one Cisco L2 switch(2560) who is connected to L3 switch (3550). We assigned one VLAN for access point in L3 switch who acts as vtp server (L2 switch is vtp client). All ap's will have static ip address and all will have same SSID and no security and they will be using multiple channels (ex. 1,6,11). They will operate in 3 floor building for roaming wireless client. We won't using any wireless controller.
So my question is this: How to configure APs-all the same with different ip's, can we use L3 switch to create dhcp server for access points VLAN (pool for clients, and the rest for static ip for ap's)? Can one of the ap's be WDS and in the same time local radius server with users without Cisco Secure ACS or similar controller or I didn't understand this quite well :-). I followed guide http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32roamg.html for WDS where the part abou Cisco ACS is a problem, so I can use same ap as Local Authenticator as in guide http://www.cisco.com/en/US/docs/wireless/access_point/12.3_4_JA/configuration/guide/s34local.html#wp1035723.
Many thanks...Well, just so you know, WDS and local RADIUS authentication is only needed if you're using authentication on your wireless connection. You say you're not planning to use security, so this isn't necessary. However, I'd highly recommend at least using a simple WPA2-PSK to lock down your connection, otherwise you might end up giving free Internet access at best, and at worst you might be giving access to company PCs and servers. If you want to further use an 802.1x or WPA authentication method, then yes, you can use an AP as a RADIUS server and WDS to improve authenticated roaming, but this is far more limited than using a Cisco ACS.
As for your other questions, yes, your APs can all be configured the same except for at least three parameters: IP address, channel, and hostname. Configure your static IP addresses on the AP's BVI1 interface. Don't place it on the Radio or Ethernet interfaces, because if either of these interfaces goes down you'll lose the ability to configure the AP, so it's best to use the BVI1 interface.
And yes, configuring a DHCP scope for your clients on your L3 switch is a good design, or you could also use your DHCP server on a different subnet by using the ip helper-address command on the L3 interface. I hope this helps! Let me know if you need help configuring any of this.
Merry Christmas!
Jeff -
Cisco Aironet 1700 access-point?
Earlier this month Cisco released a new autonomous IOS for the 2700 and 3700 access-points. If I look at the release logs, they reference to a new 1700I access-point:
Support for Cisco Aironet 1700 Series access point
- This access point is built on 3x3:2(2.4GHz), 3x3:2(5GHz) MIMO technology, and comes with integrated antennas, and supports 802.11a,b,g,n,ac. This access point has both primary and secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port. The primary port can be set as trunk port. The secondary port is gigabit Ethernet 1, and is the access port. You can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id
- Supported model is 1700I
(http://www.cisco.com/c/en/us/td/docs/wireless/access_point/ios/release/notes/rn-15-3-3.html)
Has anyone of you guys have some inside information about this new access-point? :-) My guess is that it is gonna be the successor for the 1600I, so the same price but 802.11ac and CleanAir Express (?)yes. It looks like 8.0.100.0 code introduced this new AP model support for AireOS controllers.
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
HTH
Rasika -
Can't scan Cisco Aironet 1200 Access Point with Spiceworks
I'm trying to scan two Cisco Aironet 1200 AP's using SNMP and Spiceworks gives the following error:
"Error creating SNMP session"
I'm using a community string of public and also tried community as both are setup in the device.
SNMP is enabled in the device.
Any ideas?
Thanks!
This topic first appeared in the Spiceworks Communitysorted it.
-
Can an Aironet WiFi Access Point bridge multiple internal VLANs?
I have Cisco Aironet 2700e access points. Historically they were configured with a single SSID on both radios with WEP 128bit security.
I now need to add new WiFi devices to the network that have limited flexibility. They must be associated only with a specific radio (2.4ghz or 5ghz) and WPA2PSK security.
My thought was to create two additional SSIDs on the 2700 access points, one for 2.4gz WPA2PSK and the other for 5ghz WPA2PSK. The pre-existing SSID will continue to use 128bit WEP. To do that I need to use VLANs on the 2700e.
I have no other VLANS on my network. I only need VLANs on the 2700e because I have different physical devices that support different WiFi frequencies and security options. I don't need to segment the network.
How do I bridge the VLANs on the 2700e?
Devices that connect to the non-native VLANs appear to be isolated from the rest of the network (as I would suspect with VLANs). But that's not what I want . I'm only using VLANs because I need multiple SSIDs, and I need multiple SSIDs because I have different physical devices that want different WiFI access point configurations. I can't seem to find any way to configure the 2700e to bridge the VLANs for the multiple SSIDs.
Any guidance would be appreciated. I could buy additional access points but that seems to be defeating the purpose of having a device like the 2700e.
Any help would be appreciated.
Thank you.I made these changes to the example here:
https://supportforums.cisco.com/document/55561/multiple-ssid-multiple-vlans-configuration-example-cisco-aironet-aps
and it seems to be working. (By "working" I mean that I can now ping to/from devices connected on different SSIDs.) I had to make these changes from the CLI. There does not seem to be a way to make these changes from the GUI. Is that correct? If there is a way to make these changes from the GUI please let me know.
The changes I made were to make the sub interface for Dot11 radio 0 on the VLANs part of bridge-group 1. So assuming the config in the example:
ap(config)#interface Dot11Radio0.2
ap(config-subif)#no bridge-group 2
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
ap(config)#interface Dot11Radio0.3
ap(config-subif)#no bridge-group 3
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
I did not change the bridge group on the Ethernet interface.
Questions:
1. Did I create any new problems making this change? It seems to work, but am I going to get myself in trouble somewhere else? Intuitively it makes sense to me: the VLANs are now part of the same bridge group (1, the native VLAN). So all traffic should be bridged together. Correct?
2. I didn't change the Ethernet sub interfaces. I don't seem to need to make that change. I also don't like things sitting out there that I don't understand. Should I do anything to clean up the Ethernet interfaces?
3. The original configuration was made entirely from the GUI. This change needs to be made from the CLI. Can it be done from the GUI? I can't seem to find a way to change bridge groups for a sub interface from the GUI. It worried me that it can't be done from the GUI.
Thank you.
Larry -
Securing Aironet 350 Access Point
Hello -
My small network is operating correctly using the Aironet 350 Access Point and multiple clients. However, the setup is not secure.
How is it possible to secure access to our AP?
Specifically: I would like to establish a WEP key, as some devices (i.e. pocket-pc's) do not support more advanced security schemes.
Thanks,Extensible Authentication Protocol (EAP) authentication, also called 802.1x authentication, provides dynamic WEP keys to wireless users. Dynamic WEP keys are more secure than static, or unchanging, WEP keys.
For more details on configuring both types of WEP refer the following document,
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12215ja/i12215sc/s15wep.htm -
Aironet 350 Access Point needs security
I have been asked to help a fledgling school lock down their wireless network. The network is currently setup as 3 Aironet 350 Access Points with operating on the same subnet distributed around the school.
These have NOT been updated or touched since the day they were installed, by all acounts. I think they are running VXworks. My issue is that most support links that might prove helpful seem to be broken.
A few simple questions:
Can the Aironet 350 be secured and then used with a simple shared key? This link seems to say no, that you must have Cisco software on the user computer as well. that certainly can't be right, can it?
I'm clearly out of my comfort zone with these, but they just don't have anyone to do this for them. It looks like they need to be flashed to IOS and then able to use WPA but not WPA2? I'm having trouble finding a firmware lik for the 350 as well because it's EOL.
Basically, any help or information is welcome! I'm ready to just pull the plug on them and call them secure!350 APs (not bridges) can be converted to IOS. Then they can do WPA-PSK TKIP. Downside is they only have 802.11b radios. The latest IOS they can run is old but could probably be setup with WDS using an internal RADIUS server on one.
The upgrade tool and image are still available for download. I'm attaching a .pdf of instructions.
You need these files:
Aironet-AP-Cisco-IOS-Conversion-Tool-v2.1.exe
AP350-Cisco-IOS-Upgrade-Image-v2.img -
Roaming between two WiFi access points fails
Hi...
I just bought a Hawking WiFi range extender...a device that acts like a second wireless access point for rooms that are far from your wireless router. It's also known as a repeater. It has the same SSID (network name) as the one set up by the router.
You are supposed to be able to move about the house and you will connect to whichever device has the higher signal strength, transparently, with no hiccups, like moving your cell phone from one cell antenna to another.
The setup works fine with my Dell laptop, but not with my MacBook Pro or my iPad. When I change "zones", the Network locks up. This is repeatable and consistent.
I've heard rumors about Apple product difficulties with this "WiFi roaming."
Can anyone help?
Thx
SteveI've been using a roaming setup in my home for years. The company I work for has building wide WiFi roaming setup with multiple WiFi access points on each floor. At home and at work, I frequently move my MacBook between access points without loosing things like my VPN, Screen Sharing, File Sharing, ssh terminal sessions, etc....
But 3rd party networking hardware has not always been well tested against Apple products. Many times 3rd party networking vendors test against some version of Windows and then ship it. Sometimes the 3rd party vendor offers a firmware update that corrects issues with Apple products.
At home I have Apple Airport Extreme base stations for my roaming setup. At work, the company is using Cisco commercial WiFi access points.
A roaming setup needs to have all WiFi devices on the same network "Subnet". That means a 2nd WiFi base station cannot act as a router, but must be just a bridge on the existing router's subnet (generally that means it cannot be offering DHCP services nor NAT services).
The 2nd WiFi base station must have the same SSID (as you said you setup).
And it must have the same security password using the same encryption algorithm (WPA2 preferred from a security stand point). You did not mention this, but I'll assume you did this as well. -
Newbie help with Aironet 1200 access point
Hello everybody,
We "inherited" an Aironet 1200 access point with antenna's throughout our building. This was installed by a company that thought they would make money selling Wi-Fi access but now they have gone bankrupt.
We eliminated their router and installed one of our own, and we have it handing out IP addresses. When I plug it into the Aironet 1200 it works just fine. Users are able to connect wirelessly and access the internet.
I would like to change the SSID however so that it no longer reflects the now defunct companies name.
I cannot determine what IP address is assigned to the access point so I can't figure out how to access the management page.
I tried connecting to the ethernet port via a DB9 to RJ45 cable and hyper terminal. After connecting the cable and powering up the access point I am still unable to connect.
I realize once I get connected I will probably run into password issues, but I'd like to figure out how to get at least that far.
Any ideas?since ur gonna change the ssid and there is a password...
1. reset the ap. before plugging power to ap, press hold the mode button for 3 sec or until the led becomes orange or amber, then release.
2. the ap is reset to default setting with ip address 10.0.0.1
3. either console or gui the ap and change the bvi to ur preferred ip address.
4. configure everything else as you want. -
Cisco 1142 Wireless access point intermittently will not authenticate
Hi all,
We have a Cisco 1142 standalone access point, and from time to time I will come into the office and it will not authenticate any users to either our guest or corporate networks. I then have to go in and reboot the access point. After that, it begins to work. Any advice? Here's my configuration below:
Current configuration : 6450 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname cisco-chiap01
logging monitor errors
enable secret 5 $1$fsD8$CU42/3/Up5AAlL4hQWvvg0
aaa new-model
aaa group server radius rad_eap
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_eap2
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
login on-failure log
login on-success log
dot11 syslog
dot11 vlan-name Admin vlan 100
dot11 vlan-name DevNetwork vlan 20
dot11 vlan-name Guest vlan 150
dot11 vlan-name Network vlan 16
dot11 ssid DevNetwork
vlan 20
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
dot11 ssid Guest
vlan 150
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 7 142407060101380B013A3A2670435642
information-element ssidl advertisement
dot11 ssid Network
vlan 16
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
username monkeyman privilege 15 secret 5 $1$ZZ7C$rqimu2FNONdfeacMNGAD/.
bridge irb
interface Dot11Radio0
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
parent timeout 120
speed 5.5 11.0 basic-6.0 9.0 12.0 36.0 48.0 54.0
packet retries 128 drop-packet
channel 2462
station-role root
rts threshold 512
rts retries 128
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface Dot11Radio1
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
traffic-metrics aggregate-report
dfs band 3 block
mbssid
parent timeout 120
speed 6.0 12.0 basic-24.0 36.0 48.0 54.0
channel width 40-above
channel dfs
station-role root access-point
interface Dot11Radio1.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio1.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.11
encapsulation dot1Q 11
no ip route-cache
interface GigabitEthernet0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface GigabitEthernet0.100
encapsulation dot1Q 100
ip address 192.168.100.3 255.255.255.0
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
interface GigabitEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
no bridge-group 150 source-learning
bridge-group 150 spanning-disabled
interface BVI1
ip address 172.17.16.251 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface GigabitEthernet0
access-list 1 permit 172.17.16.1
access-list 1 remark Admin network access
access-list 1 permit 192.168.100.0 0.0.0.255
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.17.21.10 auth-port 1812 acct-port 1813 key 7 047958071C3561410D4A44
radius-server host 172.17.16.12 auth-port 1645 acct-port 1646 key 7 08045E471A48574446
radius-server host 172.17.21.10 auth-port 1645 acct-port 1646 key 7 1320051B185D56797F
radius-server timeout 15
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
access-class 1 in
endWhen the issue occurs does that affect both 2.4GHz & 5GHz devices ? I would see which band operating devices affected.
I noticed you have set CH11 under Radio 0 statically. I would prefer to configure it as below so AP can change the channel depend on the environment.
int d0
channel least-congested
HTH
Rasika
**** Pls rate all useful responses **** -
What access point to use with O2?
When I connect to the web I have the option to choose how I want to connect (so at home I'll use a WLAN). With O2 what access point are recommended on a postpay contract and does it vary depending on 3G or GPRS reception ?
i.e. use O2 MobileWeb with 3G?
Thanks,Generally "WEB" should be used with a standard access point i.e no proxies etc
check the settings under menu>tools>settings>connection>access points
open the access point you normally use and select options>advanced settings you can then see if any proxies have been added. If necessary delete both the proxy and port
If clear leave as is and make sure your access point name is the default "02" type. Contact them for this.
iPhone 5 32GB
MacBook Pro Retina 15" Mac OS X Mountain Lion 10.8.4 -
Hi
I changed "access point in use" for incoming mail from default
"Always ask" to another one. I don't know, how to change it back.
In selection are only existing access points. Any idea? RegardsI have a N95 8GB so some things might differ on your phone. Anyway, I have noticed that the mail access point connection is maintained even after downloading all messages. You can check the status of the connection by viewing the menu of your mailbox in 'messaging' and looking for a 'connect/disconnect' tab. If you try to view a link in a message while still connected to the mail access point, the phone will automatically use that existing connection. (There appears to be no 'disconnect after mail retrieval' function which is unsatisfactory IMO.) As far as I can see, your only option would be to manually disconnect from the mailbox connection at which point the 'always ask' prompt would reappear for the web link. I think I understand what you would like to have, but this is not possible I fear because the phone will always opt for the pre-existing connection.
-
HT204387 Why can't my ipad2 and iPhone4 and 5 recognise each other as devices using bluetooth?
Why can't my ipad2 and iPhone4 and 5 recognise each other as devices using bluetooth?
Bluetooth should allow me to connect to other devices to transfer data like photo's, music, files, whatever between my apple devices and non apple devices.
Other phones allow me to do this..........what is happening here?
An unhappy apple devices owner.
I want to know who I complain to if this is how Apple devices operate.
Any answers anyone.This is not a supported profile...
See Here > http://support.apple.com/kb/HT3647
More Info in the User Manuals...
and there is this Discussion...
https://discussions.apple.com/message/16294930#16294930
You can leave Feedback for Apple here...
http://www.apple.com/feedback/ -
I have a MacBook that is synced with my ipad. My daughter has an Iphone4 and no computer. How can we use the one computer for both devices that are unique and keep them separate. thank you for your help!
This should help:
How to use multiple iPods, iPads, or iPhones with one computer
Regards.
Maybe you are looking for
-
More than 5 weeks and still no phoneline
I first made contact with BT in March to sort out Boradband, the guy on the phone tried to do a line test but as it didnt show up he said the only thing he could so was set us up for a phone line and activate broadband once the phone line was sorted.
-
My iphone 4s is dictating everything. I can't scroll through the phone. I have to double click on everything. How do I turn this off?
-
Transfer of credit of capital goods
Hi all, when i do transfer of credit for capital goods by J2I8 t.code, when i click on transfer button the acc. doc. is generated and part 2 is posted,but the entry is not removed from list when i run that tcode again.why is it so?
-
JDeveloper v10.1.3.0 - Debugging Mode - Unable to fiind source file
I just upgraded to a newer (10.1.3.0) version of JDeveloper. When I'm stepping through Java code in the debugger and I need to step into code that is in another project, I get a dialog box telling me "Unable to find source file". The dialog box has f
-
After kernal panic, zeroed HD but Fresh Tiger install fails...
Our little brave 12" PowerBook G4 started to behave a little odd today. It all started with iTunes being empty all of a sudden. And when I tried to import the old playlist, iTunes [9.2] crashed. Did this a few times when something started nagging in