OfficeExtend with Aironet 600

Hello,
I need information about the Aironet 600 access point.
I got a customer who want to deploy a guest WLAN on branch office with an authentication with a  captive portal that is centralized. I would like to use the OfficeExtend functionnality with Aironet 600 Acces point & WLC 5508 or 2504 to centralize the traffic from all access points on the controller.
On those branch offices, there were a few "free access desktops" that need a copper link. I want those devices to be also authenticated by captive portal, so I want to connect them on the four 10/100 port of the access point. But it seems that we can only use one port as "corporate remote LAN", the threee others are just for "home LAN". Is it correct ?
Is there any solution to configure the four ports as remote LAN interface ?
Thanks a lot for your help

Hi, I'd actually go after HREAP instead of Office Extend.  OE is designed for a home user, so you can plug in a phone, or one machine.
HREAP will give you centralized wireless for the guest with the webauth page, and can drop the local traffic to the wire as well.
For the wired guest, I would recommend using 802.1x with fallback to guest.  Look here
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_8021x.html
This allows the port to be put in a "Guest VLAN" that you can then direct to a authpage.  This would require a tertiary device for the wired guests.
it may be more than you are really looking for, but IMO is the best answer to the situation.
HTH,
Steve

Similar Messages

  • Aironet 600 with Mac Filtering and a switch..

    How does the Aironet 600 handle Mac Filtering if I were to connect a switch to port 4 on the back ("Secured" network port). Does it authenticate each MAC or does it do somthing similar to how 802.1x with multi-host works, the first mac authenticates and then the port's wide open? My use-case here is a printer at a remote home-office. The printer doesn't have a supplicant in it so I need to use mac filtering. Thanks.

    MAC authentication is all I use for my OutStationed workers.  No wifi, just the rlan.  Since the rlan is configured for DHCP only, no IP gets passed until MAC auth occurs.
    When Cisco packaged this up, they said 4 is enough..  IF you use an un-managed (non-cisco) switch. 
    I had a need for 2 workstations and 2 digiports..  SOP sys a managed switch..  oops.  the switch consumed 2 MAC's right off the top.. 1 for itself and 1 for each vlan.
    After enablilng 2 rlans, and configuring a pair on different networks, we discovered that they were bridged in the 602 (or somewhere).
    We ended up switching out the 602 for an ASA5505

  • Aironet 600 Series Access Points

    Hello all.
    I am wanting to setup a wireless environment in my small chuch (obviously on a small budget ) and I was thinking about using 8 Aironet 600 APs with a 2504 controller.  Does anyone see any problem with that?  I am not looking to setup a secure tunnel/VPN anywhere, I just want wifi to be available for anyone on enterprise level equipment throughout the facility.
    Thank you.
    Jay               

    The AP 600's are for OfficeExtend and will not work for you. I would look at the AP 1602 or the lower end AP 702. Those will work for you.
    http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12555/data_sheet_c78-715702.html
    http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12968/data_sheet_c78-726725.html
    Sent from Cisco Technical Support iPhone App

  • M-CMTS with SIP-600 SPA

    Dear all,
    I have a few question regarding M-CMTS with SIP-600 SPA.
    - Scenario 1: I have a uBR10012 with linecard MG20X20V(0 DS, 20 US lic) + SIP 600 and i want to use M-CMTS with  SIP-600 connect to RFGW1/RFGW10. Is that possible to do like this?
    -Scenario 2: I have a uBR10012 with line card MG3GX60V (72DS, 60 US) + SIP 600, also have a RFGW1 with 98 DS, so I still have 16 DS available, can i use SIP-600 connect to that RFGW1 do use those available DS?
    I need some help/advice about those situations, please help me.

    Hello,
    Yes, it should.
    You could check Table 4-9 VPLS Feature Compatibility by SIP and SPA Combination:
    http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1270728
    There are some restricition about H-VPLS on c7600/SIP, like it could be seen at the "VPLS Configuration Guidelines"
    section of above link. But they are generic for SIP-600 itself:
    – H-VPLS with Q-in-Q edge—Requires a Cisco 7600 SIP-600 in the uplink, and any LAN port or Cisco 7600 SIP-600 on the downlink.
    - H-VPLS with MPLS edge requires either an OSM module, Cisco 7600 SIP-600, or Cisco 7600 SIP-400 in both the downlink (facing UPE) and uplink (MPLS core).
    As for SPAs - restriction is about H-VPLS and FastEthernet one:
    "Note: H-VPLS is not available on Fast Ethernet SPAs"
    http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgeth.html#wp1196808
    Thanks,
    Sergey

  • Is The Palm Portable Keyboard compatible with Palm 600??? Why is that palm 600 seem to be outcast??? Everywhere I look, its always missing?

    Here is the link of the portable keyboard... http://www.palm.com/us/support/accessories/ppk.html
    How can I see if something is compatible with my palm 600 if I don't have any source??? Can you tell me what is identical with palm 600?? Is it 680?? or what?
    Wh can help me about my palm 600,,, I am a new user!!! Thanks...
    Post relates to: Treo 600 (GSM)

    That is the Bluetooth keyboard, not compatible with the 600. The universal wireless keyboard is compatible with the Treo 600. Click on this link for the keyboard at the Palm store. http://store.palm.com/product/index.jsp?productId=2441107&cp=1157581.1797783&parentPage=family Here is a link to the support page for your Treo 600 on the Palm website. http://www.palm.com/us/support/treo/treo600gsm/
    Post relates to: Palm i705

  • Compatible java runtimes with LSO 600

    Hi Experts
    Please advise whether Java Runtime environment is compatible with LSO 600?
    Currently most of our users use JRE 1.6 patch 10.
    Regards
    Maahir

    Hello Maahir,
    JRE is compatiable with LSO 600. And your version 1.6.1 is perfect with LSO 600.
    you can also have a look at  746917.

  • Dynamic VLAN-Assignment from RADIUS with Aironet 1242AG doesn't work properly

    Hello All,
    our setting is to assign VLANs dynamically from RADIUS (freeradius) to Clients connected to the 1242 Access-Points with one SSID. We have Firmware
    12.4(10b)JA/JDA on the Aironet 1242.
    The clients should be connected to one of three VLANs - one for staff, one for students and one for guests. I use the Web-Interface of
    the 1242, because I'm not very familiar with IOS cli.
    After assigning the first VLAN to the SSID -> click Accept, assigning the second VLAN to the SSID (overwriting the previous one) -> click Accept,
    assigning the third VLAN to SSID (overwriting again) -> click Accept,  the assignment of VLANs works really fine,
    (the only thing i change on the page is VLAN, the SSID is set to mandatory WPAv2)
    BUT...
    when the 1242 is rebooted (due a building power off or similar) it doesn't work anymore. Clients end up in an endless authentication loop.
    After doing the procedure again from above - assigning all VLANs sequently once, it works fine again !  till next reboot...
    All VLANs have same encryption, cypher, TKIP+AES CCM. On the Cisco-Site I found a command, which i also tried with no success:
    'aaa authorization network default group radius'.
    I also tried to save the working config and load it into the 1242 again, this also did not work.
    It seems that i'm doing something wrong, but what ?
    Thanks for some help,
    Frank

    All you really need to do is make sure the subinterfaces/vlans are created for each VLAN you need, then have radius push down IETF attributes 64, 65, and 81.

  • Clients timeout on DHCP lease with Aironet 1141

    Hello
    I have an interesting problem that I can't find a solution for.
    Backround info:
    I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan.
    The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server.
    After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure.
    Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
    Configuration is attached below.
    Does anyone have any ideas?

    Sure, possibly relevant parts:
    errdisable recovery cause udld
    errdisable recovery cause bpduguard
    errdisable recovery cause security-violation
    errdisable recovery cause channel-misconfig (STP)
    errdisable recovery cause pagp-flap
    errdisable recovery cause dtp-flap
    errdisable recovery cause link-flap
    errdisable recovery cause gbic-invalid
    errdisable recovery cause l2ptguard
    errdisable recovery cause psecure-violation
    errdisable recovery cause dhcp-rate-limit
    errdisable recovery cause vmps
    errdisable recovery cause storm-control
    errdisable recovery cause arp-inspection
    spanning-tree mode rapid-pvst
    spanning-tree loopguard default
    spanning-tree portfast bpduguard default
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    ip ssh time-out 60
    ip ssh authentication-retries 5
    ip ssh logging events
    ip ssh version 2
    interface GigabitEthernet1/0/1
    description Gi1/0/1 to CAT-CORE
    switchport trunk encapsulation dot1q
    switchport mode trunk
    interface GigabitEthernet1/0/4
    description Gi1/0/4 to RADIUS_serv
    switchport access vlan 240
    switchport mode access
    spanning-tree portfast
    spanning-tree bpdufilter enable
    spanning-tree bpduguard enable
    interface GigabitEthernet1/0/8
    description Gi1/0/8 to DHCP_serv
    switchport access vlan 240
    switchport mode access
    spanning-tree portfast
    spanning-tree bpdufilter enable
    spanning-tree bpduguard enable
    interface GigabitEthernet1/0/11
    description Aironet 1141 AIRONET-MO-1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 240
    switchport trunk allowed vlan 240-246,248,249
    switchport mode trunk
    interface Vlan240
    description Admin_Vlan
    ip address 192.168.240.244 255.255.255.0
    ip default-gateway 192.168.240.1
    ip classless
    no ip http server
    ip http secure-server

  • ACS with Aironet

    Hi,
    ACS has local database and Active-Directory Database for VPN Users....
    Currently Aironet Access-point is acccessed via entering static password.. could like lan users to connect to access-point through ACS using Active Directory Database....
    Is this Possible?? Would like to seek help in getting step-by-step document in getting this working......
    Thanks for all your Help....

    Thanks Jgambhir,
    I was successfully able to install the certificate and perform the task as per the document, but it didnt work. Please let me know wht is wrong now???
    1>* Certifcate Task completed.
    2>* On ACS added the Aironet client with shared Key.
    3>* Global Authentication Setup enabled as per document.
    4>* On Aironet>Security>ServerManger>(Added ACS Server with Shared Key with ports, enable EAP Authentication with ACS IP.
    5>* Aironet>Security>Encryption Manager ( enable WEB Encryption-Mandatory,
    Open authentication with EAP, Checked Network EAP.....
    saved config on ACS and Aironet and rebooted the device...???
    Searched for Aironet device, clicked on it But it ask for a WEP Key...( What have to enter here.......)
    How to check if the certificate is correctly installed ???
    How it will check for Active Directory authentication???

  • Getting started with aironet 1200 and radius

    Hi,
    Does anyone has a manual how to configure some aironet 1200 AP's with the use of a radius server?
    The best would be a manual from start (reset to factory defaults) to a working solution.
    The built-in radius server or a windows 2008r2 radius server are both possible for me.
    I have tried both, buth did not succeed. (unknown EAP type and unknown username in the radius log)
    Kind regards,
    Ernst

    i talk with a rep and i heard the new good news...there is no c sharp interface for berkeley db on handheld devices yet, it will be released later.
    imagine one having problems executing a simple select statement due to the first release bugs...
    dissapointing...
    good article rekounas once again, your blog was very helpfull especially on my first steps in the olite universe, please keep it up
    Edited by: vasileios on 03-Sep-2010 05:24

  • Linux clients not associating with Aironet 1100

    Does anyone know if there is an issue with a Linux client associating with an Aironet 1100 using WEP? Windows clients are connecting fine, and the Linux client connects to Linksys branded APs with WEP no problem.
    Aironet config:
    IOS 12.3(2)
    16 AP on same SSID, different cells
    128-bit WEP
    Linux client:
    Dlink Airplus DWL-G630
    Kernel: Slackware 2.6.12.2
    Commands used to associate
    ifconfig ath0 up
    iwconfig ath0 ath0 mode managed key restricted [2] {key}
    dhcpcd ath0
    After bringing up the ath0 interface, and running the iwconfig, you can see the iwconfig settings are sticking, but it seems to be jumping around APs when you watch the MAC of the AP. It goes from a valid MAC address to FF:FF:FF:FF:FF:FF and then to another valid address, and back again. This does not happen on the Linksys AP.
    Any ideas?
    Thanks,
    Andy

    Try entering the key (on the Linux box) as hex.
    Most of the Windows client software lets you enter the key in ASCII ... some client software requires that you put in the hex translation.
    You can check the logs on the 1100 to see what the failure message is ,,, but I'd bet it'll be something along the lines of "Invalid Key"
    Good Luck
    Scott

  • Need help with Aironet 340

    I have Aironet 340 Ap, which should be able to communicate with nokia c110 wlan card. I can see the Cisco Ap from Nokia's client application, but Cisco Ap won't associate Nokia client. Is there some setting in aironet that should be turned on/off. I think that I've tried almost anything, but no success yet. Because they both are Wi-Fi certified products I think they should work together.

    Yes they should be inter-operable. If you’ve double-checked and triple-checked your configs from spids to WEP, you might need tech support as the next step. Try disabling WEP first to see if you can associate without encryption.

  • Cisco Aironet 1410 Multipoint with Aironet 1310's

    Hello,
    We are currently expanding our wireless deployment that consists of two Aironet 1310's bridged together. We would like to hit an area in the opposite direction that is not too far away. Would replacing the 1310 in the root point with a 1410 as the root to provided point to multipoint be a feasible solution? This would make the 1410 the root bridging to two 1310's at opposite ends.
    Thank you,
    Rick

    Hi,
    Its not possible to MIX 1410 and 1310 together.. Since 1410 comes with A radio and 1310 comes with G radio and both are not compatible with each other!!
    lemme know if this answered your question..
    Regards
    Surendra
    ====
    Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

  • Newbie help with Aironet 1200 access point

    Hello everybody,
    We "inherited" an Aironet 1200 access point with antenna's throughout our building. This was installed by a company that thought they would make money selling Wi-Fi access but now they have gone bankrupt.
    We eliminated their router and installed one of our own, and we have it handing out IP addresses. When I plug it into the Aironet 1200 it works just fine. Users are able to connect wirelessly and access the internet.
    I would like to change the SSID however so that it no longer reflects the now defunct companies name.
    I cannot determine what IP address is assigned to the access point so I can't figure out how to access the management page.
    I tried connecting to the ethernet port via a DB9 to RJ45 cable and hyper terminal. After connecting the cable and powering up the access point I am still unable to connect.
    I realize once I get connected I will probably run into password issues, but I'd like to figure out how to get at least that far.
    Any ideas?

    since ur gonna change the ssid and there is a password...
    1. reset the ap. before plugging power to ap, press hold the mode button for 3 sec or until the led becomes orange or amber, then release.
    2. the ap is reset to default setting with ip address 10.0.0.1
    3. either console or gui the ap and change the bvi to ur preferred ip address.
    4. configure everything else as you want.

  • Wireless non-cisco router with aironet 1242 repeater.

    Hello everyone. I'm a newbie here. I just started learning about cisco devices. Sorry if my question seems stupid.
    I have a problem. A friend gave me an AP aironet 1242 and he wants to use it as a repeater for his wireless non cisco router.
    Is this possible? And if it is how can i do it with simple steps.
    Thanks in advance!

    Thanks for the quick response Scott. I 've read this quide before i post.
    The problem is that i can't connect with serial to the ap. So i can't use commands.
    I can connect with ethernet and see the ap interface. When i go and make the radio0 work as a repeater it shows interface down. What i want is simple steps of how to configure it from the interface.
    Sorry again.

Maybe you are looking for

  • Need to add horsepower to Power PC G5 (can't afford an Intel one yet)

    Hello all. In the ideal world I would buy a new Intel based Mac. Right now I can't afford it nor the cost of replacing all the software. So I must make do with what I have. However, I would like to get the most out of it and so I'm wondering of the g

  • Every time i try to restore my iphone for i get error 9006

    please help cant restore my phone when it trys to download the 7.1.2 ipsw i get error 9006 shortly after it starts

  • Can't get java.sh to work....

    I created the java.sh file, put it in etc/profile.d/ and made it executable. Still not working... If I run the identical commands in the java.sh from the prompt, then it works.. Any ideas?? Also, how do I specify multipl jar locations in the CLASSPAT

  • Why are we the only one in our area that Verizon keeps turning us off?

    Before Christmas we were with out phone for about a week. Finally we were told some one at the main office "accidentally" turned our service off. A couple weeks ago we were off and a "tech" found broken wires on the box on their pole. Now a tech came

  • VGA cable question, and a problem

    My PowerBook is connected to my 17" LCD via the cable that was included with the monitor. I bought a replacement VGA cable the other day. (I needed the original VGA cable to connect my Mac mini to the TV.) The original cable works perfectly with both