Problem with cipher.getInstance
hello,
I am working with JavaCard 2.2.2 on windows with JDK1.5.
I have this fallowing part of code on my card (in fact I use JCWDE):
public void initialisation(){
key = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT,KeyBuilder.LENGTH_DES, false);
// try{
ecipher = Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD,true);
dcipher = Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD,true);
ecipher.init(key, Cipher.MODE_ENCRYPT);
dcipher.init(key, Cipher.MODE_DECRYPT);
//} catch (javacard.security.CryptoException e) {
When I launch it, I have this error:
Java Card 2.2.2 Workstation Development Environment, Version 1.3
Copyright 2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.
jcwde is listening for T=1 Apdu's on TCP/IP port 9 025.
Exception from the invoked install() method:public static void fr.sogeti.Izy.tes.Test.install(byte[],short,byte) throws javacard.framework.ISOException
javacard.framework.ISOException
I dont know why, when i use the debugger mode, this application stop at this line:
ecipher = Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD,true);
Could you help me?
Regards
Alexis
I try but it doesn't work... (same error)
if you want I can put my full code?
my new code:
private byte[] Crypto = {(byte)0xA0, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x62, (byte)0x03, (byte)0x01, (byte)0x0C,
(byte)0x0f, (byte)0x01, (byte)0x01};
public void initialisation(){
key = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT,KeyBuilder.LENGTH_DES, false);
key.setKey(Crypto, (short)0);
// try{
ecipher = Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD,false);
dcipher = Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD,false);
ecipher.init(key, Cipher.MODE_ENCRYPT);
dcipher.init(key, Cipher.MODE_DECRYPT);
//} catch (javacard.security.CryptoException e) {
-----
Similar Messages
-
Problem with Cipher.ALG_RSA_PKCS1_OAEP constant
Hi everybody.
I've got some data encrypted with RSA public key and padded according to PKCS 1 OAEP.
I tried to use this line in the constructor of my applet:
private WiMaxApp (byte buffer[], short offset, byte length)
rsa_PrivateCrtKey = (RSAPrivateCrtKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_1024, false);
/* Doing this here get error back at compilation time */
rsa_Cipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1_OAEP, false);
// rsa_Cipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false);
// register(buffer, (short)(offset+1) ,(byte)(buffer[offset]));
register();
}and I get an error when I launch the simulator:
cm> install -i 77696d61782e617070 -q C9#() 77696d6178 77696d61782e617070
=> 80 E6 0C 00 20 05 77 69 6D 61 78 09 77 69 6D 61 .... .wimax.wima
78 2E 61 70 70 09 77 69 6D 61 78 2E 61 70 70 01 x.app.wimax.app.
00 02 C9 00 00 00 ......
(3234 usec)
<= 6A 80 j.
Status: Wrong data
jcshell: Error code: 6a80 (Wrong data)
jcshell: Wrong response APDU: 6A80
Unexpected error; aborting executionIf I put the same line in the process() method it compile well, but at run time I get an error.
If I use the Cipher.ALG_RSA_NOPAD it does work, but when I decrypt with the private key the data, obviously, it does not decrypt correctly...
Does anyone knows where is the problem? I'm using a Jcop simulator 41 v2.2
Please, it's very important, I need help as soon as possible.
Thank you very much in advance,
emanueleLooks like the JCOP simulator (and probably the JCOP cards as well) do not support the PKCS#1-OAEP padding scheme.
If I use the Cipher.ALG_RSA_NOPAD it does work, but when I decrypt
with the private key the data, obviously, it does not decrypt correctly...I hope you did not forget to initialize the keypair (it is not part of your posted code). The KeyBuilder does only allocate the memory for storing an RSA keypair - you have to initialize (or better fill) it with a valid RSA keypair.
Jan -
i am using java 1.4.2 on Windows 2000 Professional
I am using "Assembla" as JCE Provider for Microsoft Keystore. But when i call Cipher.init() i am getting the following error
MSKeyStoreJNI: Could not acquire context for temporary container used for importing public key.
SYSMSG: The keyset is not defined.
The Code is as follow :
-----------------------------import java.util.*;
import javax.crypto.*;
import java.security.*;
import java.security.cert.*;
import se.assembla.jce.provider.ms.*;
// JCE Provider for Microsoft Keystore https://download.assembla.se
public class cipher
public cipher(String[] args) throws Exception
Security.addProvider(new MSProvider());
KeyStore ks = KeyStore.getInstance("msks", "assembla");
ks.load(null,null);
X509Certificate cert = null;
String alias = null;
for(Enumeration e = ks.aliases(); e.hasMoreElements();)
alias = (String) e.nextElement();
if(ks.isKeyEntry(alias))
cert = (java.security.cert.X509Certificate) ks.getCertificate(alias);
break;
Cipher c = Cipher.getInstance("RSA", "assembla");
c.init(Cipher.ENCRYPT_MODE, cert); // error on this line
public static void main(String args[])
try
new cipher(args);
catch(Exception e)
e.printStackTrace();
}--- hasstar
--- [SCJP]
--- url : http://www.myjavaserver.com/~hasstarYes, I tried KeyStore ks = KeyStore.getInstance("RSA", "assembla"); instead of msks?
and it is not working. (www.bouncycastle.org)
I tried www.bouncycastle.org, but i don't know how to get Certificates from Microsoft Keystore.
If u know how to get keys from Microsoft Keystore please help -
Problem creating Cipher object using getInstance
Hi all, Can anyone please help me with this? I am using jdk1.4 which has jce. I have put jce.jar jars in classpath. When I create Cipher object like
Cipher itsocipher1 = Cipher.getInstance("DES");
it compiles fine but when I exicute it get following error java.lang.NoSuchMethodError at javax.crypto.SunJCE_d.a(DashoA6275) at javax.crypto.SunJCE_d.a(DashoA6275) at javax.crypto.SunJCE_d.verify(DashoA6275) at javax.crypto.SunJCE_b.f(DashoA6275) at javax.crypto.SunJCE_b.<clinit>(DashoA6275) at javax.crypto.Cipher.getInstance(DashoA6275) at EncryptDecrypt.main(EncryptDecrypt.java:26) Please Guide. Thanks.Copy the jce provider's jar file ( if using SunJCE, then copy sunjce_provider.jar file) to jre's lib/ext directory.
You can also see in the java.policy file where the jvm is looking for the jar files.
grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
}; -
Compability problem with Java and Python RSA algorithm implementation
I have client server application. Server is writtein in python, client in java. Client receives messages from server encrypted with RSA (http://stuvel.eu/rsa), and I'm unable to decrypt it. It seems that this is RSA algorithm compatibility problem. I'm using algorithm from java.security package, instatinating Cipher object like this: c = Cipher.getInstance("RSA"); . I noticed that this algorithm produces for input blocks of lengtrh <=117 ouput block of length 128. Server I guess uses the most triviall impelentation of RSA ( (1 byte is encrypted to 1 byte) So i want to make my java algorithm compatibile with this one which server uses. How to do that ? Do i have to instatinate Cipher object in different way ? Or use another library ?
azedor wrote:
First you said it was no good because it could only handle <= 117 byte inputs, now you say it is no good because it produces a 128-byte output. You're not making sense.First i said that this two RSA implementations are not compatibile, and first reason i noticed firstly is that Python imlementation for input of length N produces cryptogram of the same length. Not true. In general, the RSA encryption of any number of bytes less than the length of the modulus will produce a result of length near that of the modulus. When N is less than the length of the modulus, it is rare that N bytes of cleartext produces N bytes of ciphertext.
Java implementation for data block of length <=117 produces alwasy 128 bytes of output.Pretty much correct and very much desirable. This is primarily a function of the PKCS1 padding which is used to solve two basic problems. First, as I alluded to in my first response, it is the nature of the algorithm that leading zeros are not preserved and second when the cleartext is very small (a few bytes) the exponentiation does not roll over and it is easy to decrypt the result. Both these problems are addressed by PKCS1 padding.
>
>
After what sabre150 said i think of giving up idea of translating Python code to Java and considering to use another assymetric cryptography algorithms on both sides. Can you recommend me sth what should be compatibile with Python ?This seems to be at odds with your statement in reply #3 "Also have acces only to client code so i have to change sth in java." ! This statement is why I said "I suspect ... you have dug a deep hole".
In your position I would use the Python bindings for openssl. Once more, Google is your friend. -
Problems with an SSL connection
I'm trying to execute a Post request using HTTPS. To achieve that I'm using commons-httpclient v.3.0rc1 and a custom SSLSocketProtocolSocketFactory that can work with untrusted self-signed certificates.
My code works on Windows 2000 Pro, but it fails on Linux (Suse Linux 8.2). However I'm using JDK 1.4.2 both in Windows and LInux, with the same list of security providers set at $JAVA_HOME/jre/lib/security/java.security file.
I've heard about problems with security when upgrading form JDK 1.4.x to JDK 1.5, but it's not the case.
Any idea about this?
This is the exception I get when I run my code on Linux:
Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:514)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
at com.gd.define.orion.mailets.AbstractHttpMailet.send(AbstractHttpMailet.java:451)
... 6 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
at javax.crypto.Cipher.getInstance(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35)
at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69)
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82)
... 24 moreI've read in other forums that server and client running on same machine can cause problems using SSL. Is that real? Could it happen even when server uses JDK 1.5 and client uses JDK 1.4.2? May JDK version conflicts appear?
Thanks in advance -
Having problem with des encryption in jcwde
I have problem with encrypting data using des encryption.... when i debug, it is stopping at the dofinal() method....help needed.
public class wallet extends Applet {
public short balance= (short) 22;
final static byte Wallet_CLA = ( byte ) 0xB0;
public short isVerified;
// public short tryCounter;//number of tries for pin
public byte[] pin=new byte[]{ 0x10, 0x10};
public byte[] key_array=new byte[]{(byte)0x09,(byte)0x0e,(byte)0x0d,(byte)0x0c,(byte)0x0b,(byte)0x0a,(byte)0x09,(byte)0x08};
public OwnerPIN m_pin;
// public Cipher m_cipher;
public DESKey m_desKey;
public Cipher m_cipher;
final static byte ENCRYPT= (byte) 0x10;
final static byte VERIFY = ( byte ) 0x20;
final static byte CREDIT = ( byte ) 0x30;
final static byte DEBIT = ( byte ) 0x40;
final static byte GET_BALANCE = ( byte ) 0x50;
final static short SW_INVALID_DEBIT_AMOUNT = 0x6A83;
final static short SW_INVALID_CREDIT_AMOUNT = 0x6A84;
final static short SW_VERIFICATION_FAILED = 0x6A85;
final static short SW_PIN_BLOCKED = 0x6A86;
final static short SW_CIPHER_DATA_LENGTH_BAD= 0x6A87;
private wallet(byte bArray[], short bOffset, byte bLength) {
isVerified=0;
//tryCounter=3;
m_pin = new OwnerPIN((byte) 3, (byte) 4);
m_pin.update(pin, (short) 0, (byte) pin.length);
m_desKey=(DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
m_desKey.setKey(key_array, (short)0);
m_cipher =Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2, false);
m_cipher.init(m_desKey,Cipher.MODE_ENCRYPT);
//register(bArray,(short)(bOffset+1),bArray[bOffset]);
public static void install(byte bArray[], short bOffset, byte bLength)
throws ISOException {
new wallet(bArray, bOffset, bLength).register();
public void process(APDU apdu) throws ISOException {
// TODO Auto-generated method stub
byte[] buff = apdu.getBuffer();
if(selectingApplet())
return;
//byte[] buff = apdu.getBuffer();
if(buff[ISO7816.OFFSET_CLA] == Wallet_CLA)
switch (buff[ISO7816.OFFSET_INS])
case ENCRYPT:
encrypt(apdu);
return;
case VERIFY:
verify(apdu);
return;
case CREDIT:
credit(apdu);
return;
case DEBIT:
debit(apdu);
return;
case GET_BALANCE:
getBalance(apdu);
return;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
return;
private void getBalance(APDU apdu) {
// TODO Auto-generated method stub
if(!(m_pin.getTriesRemaining()>0))
ISOException.throwIt(SW_PIN_BLOCKED);
if(!(m_pin.isValidated()))
ISOException.throwIt(SW_VERIFICATION_FAILED);
byte[] buffer = apdu.getBuffer();
//buffer[0]=(byte) balance;
apdu.setOutgoing();//indicates apdu has outgoing data
apdu.setOutgoingLength ( ( short ) 2 ) ; //outgoing data length(le)
//storing balance in buffer array
buffer [ 0 ] = ( byte ) ( balance >> 8 ) ;
buffer [ 1 ] = ( byte ) ( balance & 0xFF ) ;
apdu.sendBytes ( ( short ) 0, ( short ) 2 ) ;
//apdu.setOutgoingLength(len)
return;
private void debit(APDU apdu) {
// TODO Auto-generated method stub
if(!(m_pin.getTriesRemaining()>0))
ISOException.throwIt(SW_PIN_BLOCKED);
if(!(m_pin.isValidated()))
ISOException.throwIt(SW_VERIFICATION_FAILED);
byte[] buffer = apdu.getBuffer();
byte numBytes=(byte) apdu.getIncomingLength();//number of bytes received
if(numBytes!=1)
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
byte byteRead= (byte)apdu.setIncomingAndReceive();
byte debitAmount=buffer[ISO7816.OFFSET_CDATA];
if(balance > (short)debitAmount)
balance=(short) (balance-(short)debitAmount);
else
ISOException.throwIt(SW_INVALID_DEBIT_AMOUNT);
private void credit(APDU apdu) {
// TODO Auto-generated method stub
if(!(m_pin.getTriesRemaining()>0))
ISOException.throwIt(SW_PIN_BLOCKED);
if(!(m_pin.isValidated()))
ISOException.throwIt(SW_VERIFICATION_FAILED);
byte[] buffer = apdu.getBuffer();
byte numBytes=(byte) apdu.getIncomingLength();
if(numBytes!=1)
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
//setting the apdu direction as incoming and getting number of bytes
byte byteRead= (byte)apdu.setIncomingAndReceive();
byte creditAmount=buffer[ISO7816.OFFSET_CDATA];
if(creditAmount<0)
ISOException.throwIt(SW_INVALID_CREDIT_AMOUNT);
balance=(short) (balance+(short)creditAmount);
private void verify(APDU apdu)
byte[] buffer = apdu.getBuffer();
byte numBytes=(byte) apdu.getIncomingLength();
byte byteRead= (byte)apdu.setIncomingAndReceive();
//byte pass=buffer[ISO7816.OFFSET_CDATA];
if(m_pin.getTriesRemaining()>0)//check whether the try limit has been crossed
//if(Util.arrayCompare(buffer, (short)ISO7816.OFFSET_CDATA, pin, (short)0, (short)2)==0)//comparing pins
if(m_pin.check(buffer, (short)ISO7816.OFFSET_CDATA,byteRead))
isVerified=1;//setting status as verified
else//wrong password
//tryCounter--;
ISOException.throwIt(SW_VERIFICATION_FAILED);
else
ISOException.throwIt(SW_PIN_BLOCKED);
// TODO Auto-generated method stub
private void encrypt(APDU apdu)
byte[] buffer=apdu.getBuffer();
short bytelen=(short)(apdu.setIncomingAndReceive());
//short byteRead=(short) (buffer[ISO7816.OFFSET_LC] & 0x00FF);
byte[] outbuff=new byte[(short)16];
if(((short)bytelen%8)!=0)ISOException.throwIt(SW_CIPHER_DATA_LENGTH_BAD);
//m_cipher.update(buffer, ISO7816.OFFSET_CDATA, (short)bytelen, outbuff, (short)0);
m_cipher.doFinal(buffer,(short) ISO7816.OFFSET_CDATA, (short)bytelen, buffer, (short)0); //"DEBUGGER STOPS AT THIS LINE"
Util.arrayCopyNonAtomic(outbuff, (short)0, buffer, (short)ISO7816.OFFSET_CDATA, (short)bytelen);
apdu.setOutgoing();
apdu.setOutgoingLength((short)bytelen);
apdu.sendBytesLong(outbuff,(short)ISO7816.OFFSET_CDATA,(short)bytelen);
//apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, (short)bytelen);
Edited by: 977213 on Dec 16, 2012 10:24 PMHi,
Check out Cipher. dofinal method,
the 4th parameter should be the destination which is outbuff.
it shoul be change to :
m_cipher.doFinal(buffer,(short) ISO7816.OFFSET_CDATA, (short)bytelen, outbuff, (short)0); when I run your code the result was all 00, that was because of this error,
maybe the debugger has the same problem,
check it and tell me the result
Regards,
Hana -
dear sir
I am working with javacard 2.2.2, windows, jdk 1.5 and JCWDE
I would like to know the byte length of an array ("aCrypter" in this fallowing code)
1 public byte[] cryter(byte[] Crypter){
2
3 ecipher.init(key, Cipher.MODE_ENCRYPT);
4 ecipher.doFinal(Crypter, (short)0, (short)aCrypter.length, donneeCrypter , (short)0);
5
6 return donneeCrypter;
7 }
JCVM return an error on line 4 (it works with "(short)1"
there is a solution to know the array length?
regards
Alexis
Edited by: Alexis &quot;le francais&quot; on 21 mars 2011 07:33thanks for your help.
In fact I would like to crypt and after decrypt with this fallowing code:
private byte[] Crypto = {(byte)0xA0, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x62, (byte)0x03, (byte)0x01, (byte)0x0C,
(byte)0x0f, (byte)0x01, (byte)0x01};
public void process(APDU apdu) throws ISOException {
// TODO Auto-generated method stub
byte[] buffer = apdu.getBuffer();
if (this.selectingApplet()) return;
if (buffer[ISO7816.OFFSET_CLA] != CLA_MONAPPLET) {
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case INS_INTERROGER_COMPTEUR:
tab = new byte[1000];
tab[0]= compteur;
tableau = cryter(tab);
tableau2= decrypter(tableau);
apdu.setOutgoing();
apdu.setOutgoingLength((short) 7);
apdu.sendBytesLong(tableau2,(short) 0, tableau2.lenght);
break;
public void initialisation(){
key = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT,KeyBuilder.LENGTH_DES, false);
key.setKey(Crypto, (short)0);
ecipher = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2,false);
public byte[] decrypter(byte[] aDecrypter){
ecipher.init(key, Cipher.MODE_DECRYPT);
donneeDecrypte = new byte[10000];
ecipher.doFinal(aDecrypter, (short)0, (short)aDecrypter.length, donneeDecrypte, (short)0);
return donneeDecrypte;
public byte[] cryter(byte[] Crypter){
ecipher.init(key, Cipher.MODE_ENCRYPT);
donneeCrypter = new byte[10000];
ecipher.doFinal(Crypter, (short)0, (short)Crypter.length, donneeCrypter, (short)0);
return donneeCrypter;
}Now "crypter" method is executed, but when the debugger is at this fallowing line there is a problem :
tableau2= decrypter(tableau);maybe the size of the array?
>
return ecipher.doFinal(aCrypter);
>
I work with Javacard 2.2.2, this method does not exist in the API only :
abstract short doFinal270(byte[] inBuff, short inOffset, short inLength,byte[] outBuff, short outOffset)Edited by: le francais on 22 mars 2011 03:07 -
Weird problems with Smartcard (Java 1.6, PKCS#11, OpenSC, Linux)
Summary: After accessing the PKCS#11 keystore I thought it would be a cake to encrypt/decrypt stuff within Java. At first I created a Cipher object with the approprate provider ("SunPKCS11-OpenSC") and selected a supported algorithm ("RSA/ECB/PKCS1Padding"). That done, I wanted to encrypt a single text message which did fail with java.security.InvalidKeyException: init() failed.
After searching the web I found [a thread|http://search.sun.com/search/clickthru?qt=smartcard&col=developer-forums&cksum=afe91b01a2dea2bc99a47d8754fb022d&url=http%3A%2F%2Fforum.java.sun.com%2Fthread.jspa%3FforumID%3D9%26threadID%3D572349&path=%2Fsearch%2Fonesearch%2Findex.jsp&hit=4] here from a guy which had a similar problem. I read, that while you cannot encrypt successfully with the private key it works with the public key. I tested it and it worked, but the decryption failed again. After "some" runs I received an error message from the OpenSC middleware layer:
pkcs15-lib.c:3354:sc_pkcs15init_update_file: File 3f0050154403 too small (require 287, have 256) - please increase size in profile
java.security.InvalidKeyException: Could not create RSA public key
I ended up having four automagically created public keys on my card and I have no room for others. I don't know what's going on, but for sure I did call no method which creates data objects on my card. You find my environment at the bottom. For those who are interested, here is a code snippet:
public void ciphertest() {
System.out.println("Test for en- and decrypting stuff.");
char[] pin = { '0', '0', '0', '0' };
try {
// KeyStore erzeugen
KeyStore ks = KeyStore.getInstance("PKCS11", providerName);
ks.load(null, pin);
System.out.println(" KeyStore loaded. Size: "+ks.size());
// Elemente im KeyStore anzeigen lassen
//ciphertest_listKeyStoreElements(ks);
// Schluesselobjekt erzeugen
String alias = "Certificate";
PrivateKey kpriv = (PrivateKey) ks.getKey(alias, null);
X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
System.out.println(" PrivateKey.getAlgorithm: "+kpriv.getAlgorithm());
System.out.println(" PrivateKey.getFormat: "+kpriv.getFormat());
// Cipherobjekt erzeugen und initialisieren f�r Verschl�sselung
Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding", providerName);
//System.out.println(c.getParameters());
//System.out.println(c.getProvider().getInfo());
// Verschl�sseln
String message = "La dolce vita!";
System.out.println(" Message to be encrypted: '"+message+"'");
c.init(Cipher.ENCRYPT_MODE, cert);
System.out.println(" Encrypting...");
byte[] ciphertext = c.doFinal(message.getBytes());
System.out.println(" Length of cipher: "+ciphertext.length);
// Entschl�sseln
c.init(Cipher.DECRYPT_MODE, kpriv);
System.out.println(" Decrypting...");
byte[] cleartext = c.doFinal(ciphertext);
// Test auf Gleichheit
System.out.println(new String(cleartext));
} catch (Exception e) {
System.out.println(e.toString());
Environment: I set up OpenSC (with pcsc-lite) under Linux. My smartcard is the G&D Starcos SPK 2.3, my reader the Reiner SCT pinpad pro (a). I have created the PKCS#15 structure on the card via OpenSC's pkcs15-init tool, created the private/public keys and uploaded a certificate. The certificate is recognized by Java's keystore. I can browse the card, dump contents via opensc. I can access the card via Java, like setting the keystore and list the contents.I had not much time today, but I managed to find out that the call to the Cipher.init() method wants to add and has successfully created/added public key objects on my smartcard (which I cannot remove anymore :-().
public void ciphertest_SunPKCS11_unwanted_keys() {
log("Test: SunPKCS11 provider creates unwanted public keys on smartcard.");
char[] pin = { '0', '0', '0', '0' };
try {
KeyStore ks = KeyStore.getInstance("PKCS11", providerName);
ks.load(null, pin);
X509Certificate cert = (X509Certificate) ks.getCertificate("Certificate");
Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding", providerName);
c.init(Cipher.ENCRYPT_MODE, cert);
} catch (Exception e) {
System.out.println(e.toString());
} Any suggestions what's going on here? This is driving me nuts, one day was planned for this and now three days have been consumed. -
Problems with BouncyCastle security provider on Linux
Hi!
I'm using BouncyCastle security provider which is supplied by vendor as a signed jar.
I haven't any problems while using it on Windows.
But I have some problems on Linux platform.
This code:
Cipher cipher = Cipher.getInstance(SOME_ASSYM_ALGORITHM, "BC");
throws an exception:
java.lang.SecurityException: The provider BC may not be signed by a trusted party
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.getInstance(DashoA12275)
But security provider jar is signed!
May be a reason of this exception is something else?
Has anybody faced with such problem?
I'm using Java 2 SDK, Standard Edition 1.4.2_10.
Thanks in advance,
Alex.Has anybody faced with such problem?I used bouncycastle for the first time yesterday without issue.
(sorry, I can't help) -
Cipher.getInstance closes Applet JAR file.
I am trying to use a Cipher in a signed Applet in java plugin-1.4 under I.E. Once I execute a Cipher.getInstance the applet jar file is closed and I cannot create any new classes that havent been previously loaded from it. The classloader ends up returning an "IlleagleStateException: Zip file closed".
Is this a known bug? Is there a workaround? Perhaps a way to re-open the JAR file.
I have been combing the FAQ's without finding any other refrences to the problem.I haven't found a solution to the original problem but for someone else that is looking for a workaround for this. I found that if I use two JAR with my Cipher in the second one, I can still load class files out of the first. I.E. <PARAM NAME = java_archive VALUE = "supportClasses.jar,mainApplet.jar"> where mainApplet.jar contains the code that uses the Cipher.
-
SunJCE TripleDES problem with JDK 1.6
Hello All,
If this has been answered in another post I am sorry I but couldn't find it. Ok, I am using the attched class to do TripleDES encryption and decryption. It works great in JDK1.4 and 1.5, but no go in 1.6. What has changed? I am on a project with right now uses 1.4 and I want to to be able to run on JRE 1.6 later without having to recompile. Why doesn't this work?
I downloaded the SunJCE Unlimited Stringth policy files which fixed the key size issue I was getting, but now it's getting "Given final block not properly padded" when I try and decrypt my data that was originally encryoted using the 1.4 JRE.
import java.io.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class Crypto
Cipher ecipher;
Cipher dcipher;
// 8-byte Salt
byte[] salt = {
(byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32,
(byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03
// Iteration count
int iterationCount = 19;
String Alg = "PBEWithMD5AndTripleDES";
public Crypto(String passPhrase)
try {
// Create the key
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt, iterationCount);
SecretKey key = SecretKeyFactory.getInstance(Alg).generateSecret(keySpec);
ecipher = Cipher.getInstance(key.getAlgorithm());
dcipher = Cipher.getInstance(key.getAlgorithm());
// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount);
// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
catch (java.security.InvalidAlgorithmParameterException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (java.security.spec.InvalidKeySpecException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (javax.crypto.NoSuchPaddingException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (java.security.NoSuchAlgorithmException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (java.security.InvalidKeyException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
public String encrypt(String str)
try
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
String result = new sun.misc.BASE64Encoder().encode(enc);
return (result);
} catch (javax.crypto.BadPaddingException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (IllegalBlockSizeException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (UnsupportedEncodingException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
} catch (java.io.IOException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
return null;
public String decrypt(String str)
try
// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer((str));
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Convert to a string
String result = new String(utf8, "UTF8");
// Decode using utf-8
return result;
catch (javax.crypto.BadPaddingException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
catch (IllegalBlockSizeException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
catch (UnsupportedEncodingException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
catch (java.io.IOException e)
System.err.println(e.getMessage()+"\n"+Functions.getStackTrace(e));
return null;
}any help woule be appreciated.
thank you
Tyson OSwaldIf you explicitly use "PBEWithMD5AndTripleDES"then
it works OK. It is just the method call thatreturns
the wrong string!I'm not sure what you are stating here, I am
explicitly using PBEWithMD5AndTripleDES.No! You are usingecipher =
Cipher.getInstance(key.getAlgorithm());and you should useecipher =
Cipher.getInstance("PBEWithMD5AndTripleDES");or use the 'Alg' constant you have setup.Doh!, I see. It works now, thanks!
>
The problem is that key.getAlgorithm() should return
"PBEWithMD5AndTripleDES" but will return
"PBEWithMD5AndDES".
Message was edited by:
sabre150 -
Problem with decimals and grouping characters in Java 6
I'm having problems with locales in Java 6.
I have the following code:
NumberFormat format = NumberFormat.getInstance(new Locale("es", "CO", "Traditional_WIN"));
BigDecimal number = new BigDecimal("123456");
System.out.println(format.format(number));If I run it with Java 5, I get 123,456 which is OK, and is excatly the output I would expect.
If I run it with Java 6, I get 123.456 Why am I getting a different output?
Am I doing something wrong?change the separator symbol, something like:
DecimalFormat format = (DecimalFormat)NumberFormat.getInstance(new Locale("es", "CO", "Traditional_WIN"));
BigDecimal number = new BigDecimal("123456");
DecimalFormatSymbols dfs = format.getDecimalFormatSymbols();
dfs.setGroupingSeparator( ',' );
format.setDecimalFormatSymbols( dfs );
System.out.println(format.format(number));regards; -
Problem with PBEWithMD5AndDES on RedHat 9
Hi,
I'm trying to encrypt a string then save it in the database, then retrieve the string and decrypt it.
I have tested this on JDK1.3 (Sun and IBM) yet it works on Windows XP Pro and Debian, but as soon as I try it on RedHat 9 it fails.
Where it all goes wrong is that when I call encrypt I get back an empty string, whereas I should get an encoded string. I suspect that it has to do with the following error which I can only recreate if I try writing it to a file and reading it back again, although there is absolutely NO exceptions thrown if I run the source below! (I have checked everything from system's default encoding and permissions in the security file)
sun.io.MalformedInputException
at sun.io.ByteToCharUTF8.convert(ByteToCharUTF8.java(Compiled Code))
at java.io.InputStreamReader.convertInto(InputStreamReader.java:144)
at java.io.InputStreamReader.fill(InputStreamReader.java:193)
at java.io.InputStreamReader.read(InputStreamReader.java:256)
at java.io.BufferedReader.fill(BufferedReader.java:145)
at java.io.BufferedReader.read(BufferedReader.java:163)
I can successfully encode a string and immediately decode it and it works, but I cannot save the encrypted string!
Any ideas?
I'm using Sun's jce1_2_2.jar (as a jre ext setup), and their sunjce_provider.jar.
JDK version:
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0)
Classic VM (build 1.3.0, J2RE 1.3.0 IBM build cx130-20010925 (JIT enabled: jitc))
package sap.cryptography;
import javax.crypto.*;
import javax.crypto.interfaces.*;
import javax.crypto.spec.*;
import java.io.*;
public class CryptoTest {
private PBEKeySpec pbeKeySpec;
private PBEParameterSpec pbeParameterSpec;
private SecretKeyFactory keyFac;
private Cipher cipher;
private SecretKey pbeKey;
private char[] alphabet;
private byte[] salt = { (byte) 0x73, (byte) 0x99, (byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0xc7, (byte) 0x21, (byte) 0x8c };
private int count = 20;
private char[] key = {'S', 'o', 'm', 'e', 'k', 'i', 'n', 'd', 'O', 'f', 'K', 'e', 'y'};
public CryptoTest() {
String al = new String("sdsadwqerwqw3243fde32543rfdasasdasd23434WFSDFERT512edqdqw421");
this.alphabet = al.toCharArray();
java.security.Provider sunJce = new com.sun.crypto.provider.SunJCE();
java.security.Security.addProvider(sunJce);
try {
this.pbeParameterSpec = new PBEParameterSpec(salt, count);
this.pbeKeySpec = new PBEKeySpec(this.key);
this.keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
this.pbeKey = this.keyFac.generateSecret(pbeKeySpec);
this.cipher = Cipher.getInstance("PBEWithMD5AndDES");
catch(Exception e) {
e.printStackTrace();
public String convertToALPH(String text) {
return java.net.URLEncoder.encode(text);
private byte getByteEnc(char a) {
for(byte i = 0; i < this.alphabet.length; i++)
if(a == this.alphabet) {
return i;
return 0;
public String convertToString(String text) {
return java.net.URLDecoder.decode(text);
public String encrypt(String clearText) {
try {
this.cipher.init(Cipher.ENCRYPT_MODE, this.pbeKey, this.pbeParameterSpec);
byte[] cipherText = this.cipher.doFinal(clearText.getBytes());
return new String(cipherText);
catch(Exception e) {
System.out.println("[CryptoTest:enrypt] Exception encrypting string(" + clearText + "): " + e.getMessage());
e.printStackTrace();
return null;
public String decrypt(String eText) {
byte[] encryptedText = eText.getBytes();
try {
this.cipher.init(Cipher.DECRYPT_MODE, this.pbeKey, this.pbeParameterSpec);
byte[] clearText = this.cipher.doFinal(encryptedText);
String ret = new String(clearText);
return ret;
catch(Exception e) {
System.out.println("[CryptoTest:decrypt] Exception decoding string(" + eText + "): " + e.getMessage());
e.printStackTrace();
return null;
public static void main(String[] args) {
if(args==null)
System.out.println("Usage:\tjava CryptoTest somestringtoencrypt\nOR\tjava CryptoTest somestringtodecrypt 1");
boolean decrypt = false;
CryptoTest c = new CryptoTest();
if(args.length > 1) {
String deconverted = c.convertToString(args[0]);
System.out.println("Deconverted: " + deconverted);
String decrypted = c.decrypt(deconverted);
System.out.println("Decrypted: " + decrypted);
else {
String encrypted = c.encrypt(args[0]);
System.out.println("Encrypted: " + encrypted);
String converted = c.convertToALPH(encrypted);
System.out.println("Converted: " + converted);
Many thanks,
Andy//I'm slightly confused by your comment, since when I write the string out to something I encode it in URLEncoding (or now as Base64 encoding) anyway.
What caused me the trouble was not this section but rather that the cipher.doFinal failed to encrypt when I was using UTF8 encoding, as soon as I switched to ISO8859-1 encoding it worked fine - irrespective of the surrounding code.
The changed method which now work are:
public String encrypt(String clearText) {
try {
this.cipher.init(Cipher.ENCRYPT_MODE,this.pbeKey,this.pbeParameterSpec);
byte[] cipherText = this.cipher.doFinal(clearText.getBytes(encType));
return new String(cipherText, encType);
catch(Exception e) {
System.out.println("[Crypto:decrypt] Exception encrypting string("+clearText+"): "+e.getMessage());
e.printStackTrace();
return null;
public String decrypt(String eText){
try {
byte[] encryptedText = eText.getBytes(encType);
this.cipher.init(Cipher.DECRYPT_MODE,this.pbeKey,this.pbeParameterSpec);
byte[] clearText = this.cipher.doFinal(encryptedText);
String ret = new String (clearText, encType);
return ret;
catch(Exception e) {
System.out.println("[Crypto:decrypt] Exception decrypting string("+eText+"): "+e.getMessage());
e.printStackTrace();
return null;
} -
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN .
HI All,
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN . the WLC are providing the HQ and one of the Branches the Wireless services .
Am using all the available 9 SSIDs at the HQ , and am using only 4 of it at the Brnche.
The problem that i have are happening only at the Branch office as i cant room between the SSIDs within Diferent VLANs but i can do it with the one that pointing to the same VLAN. Once the client ( Laptop/Phone ) connected to one of the SSIDs. it imposiible to have him connected to the other ones with Different VLAN. meanwhile, It says its connected to the other SSID but its not getting IP from that pool.
here is the Show Run-Config from my WLC .. and the Problem happening between the SSID AMOBILE and ASTAFF. i have the Debug while am switching between the SSIDs if needed .
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.11.04 10:20:47 =~=~=~=~=~=~=~=~=~=~=~=
show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: FCW1535L01G
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... WLAN Controller 5508
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 10.125.18.15
Last Reset....................................... Software reset
System Up Time................................... 41 days 5 hrs 14 mins 42 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... US - United States
--More or (q)uit current module or <ctrl-z> to abort
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +20 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 10
Number of Active Clients......................... 61
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
AP Bundle Information
Primary AP Image Size
ap3g1 5804
ap801 5192
ap802 5232
c1100 3096
c1130 4972
c1140 4992
c1200 3364
c1240 4812
c1250 5512
c1310 3136
c1520 6412
c3201 4324
c602i 3716
Secondary AP Image Size
ap801 4964
c1100 3036
--More or (q)uit current module or <ctrl-z> to abort
c1130 4884
c1140 4492
c1200 3316
c1240 4712
c1250 5064
c1310 3084
c1520 5244
c3201 4264
Press Enter to continue or <ctrl-z> to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or <ctrl-z> to abort
Network Information
RF-Network Name............................. OGR
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or <ctrl-z> to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Enabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or <ctrl-z> to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or <ctrl-z> to abort
AP Summary
Number of APs.................................... 8
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
KNOWLOGY_DC01 disabled -
KNOWLOGY_DC02 disabled -
--More or (q)uit current module or <ctrl-z> to abort
KN1252_AP01 disabled -
KN1252_AP02 disabled -
Anham_AP03 disabled -
ANHAM_AP01 disabled -
ANHAM_AP04 disabled -
ANHAM_AP02 disabled -
Press Enter to continue or <ctrl-z> to abort
AP Location
Total Number of AP Groups........................ 3
Site Name........................................ ANHAM8075
Site Description................................. ANHAM 8075 Location
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
Site Name........................................ Knowlogy_DC
--More or (q)uit current module or <ctrl-z> to abort
Site Description................................. DC Center Access points
WLAN ID Interface Network Admission Control Radio Policy
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
Site Name........................................ OGR
Site Description................................. 1934 OGR Office
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
7 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Site Name........................................ default-group
Site Description................................. <none>
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
5 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
9 knowlogy_ogr Disabled None
10 management Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Press Enter to continue or <ctrl-z> to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch IP Address.................. 10.125.18.15
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abortIP Address.................. 10.125.18.15
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
--More or (q)uit current module or <ctrl-z> to abort
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 11
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
--More or (q)uit current module or <ctrl-z> to abort
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 44
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
--More or (q)uit current module or <ctrl-z> to abort
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or <ctrl-z> to abort
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
--More or (q)uit current module or <ctrl-z> to abort
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 36
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 5
Cisco AP Name.................................... KN1252_AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:ef:06:50
IP Address Configuration......................... DHCP
IP Address....................................... 10.125.18.101
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.125.18.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ Knowlogy Conference Rooms Side
Cisco AP Group Name.............................. OGR
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.4.10.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Medium Power (15.4 W)
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1252AG-A-K9
AP Image......................................... C1250-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX122990L5
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 118
WLAN 1 :........................................ 111
WLAN 2 :........................................ 111
WLAN 4 :........................................ 112
WLAN 6 :........................................ 112
WLAN 7 :........................................ 111
WLAN 9 :........................................ 112
WLAN 8 :........................................ 112
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 26 days, 00 h 24 m 39 s
--More or (q)uit current module or <ctrl-z> to abort
AP LWAPP Up Time................................. 26 days, 00 h 23 m 48 s
Join Date and Time............................... Wed Oct 9 10:59:07 2013
Join Taken Time.................................. 0 days, 00 h 00 m 50 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 7
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:df:a5:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 ..........Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
Order confirmations will be sent to customer by email and also through pdf
Hi Experts, Can you explain what are the config to do firstly the order confirmation should be converted to pdf format and this will be sent to customer by email. Thanks in advance Edited by: kumaar palani on May 2, 2008 3:15 AM
-
Videos are not shown in any webpage, extensions ok, flash ok, what is the problem?
Safari 6.0.5; most of the videos are not shown in any webpage, only Youtube and a very few amount of sites are working. I've been having the same problem for months. Any Solutions?
-
Photo I set as desktop comes out too zoomed in
Hello, When I try to set a a photo as my desk top image it comes out very zoomed in...quite beyond merely fitting to screen. Is it something to do with my wide screen? It even does this with 16:9 photos. Thanks for any help in advance. W
-
Common diemsions and more then one fact table join problem
Hi, I have 5 common dimension and 3 fact table which in the same subject area. When I want to display results from more then one fact table sending database then query more then one and I think BI server join this two different result on OBI server.
-
I'm in the process of building the site and can't find any information on how to sell through the site online, using paypal or even just credit card. Is this possible/legal on an iweb site? Thanks for your time (assuming anyone out there's reading th