Some Wireless clients won't authenticate to 887VA-W

Similar Messages

• Wireless Clients failing to authenticate via the RADIUS

  Hi friends
  I am trying to use Radius server (NPS) to authenticate my wireless users using 1941W router.
  For some reason it cannot authenticate successfully. I checked the radius server is reachable but still I dont see any luck.
  the config is like this:
  ***************Config snap shot*********************
  aaa new-model
  aaa group server radius group1
  server 10.32.0.154 auth-port 1812 acct-port 1813
  aaa authentication login EAP group group1
  aaa session-id common
  dot11 syslog
  dot11 ssid CORP
     vlan 320
     authentication open eap EAP
     mbssid guest-mode
  interface Loopback1
  ip address 10.51.240.1 255.255.255.255
  no ip route-cache
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 320 mode ciphers aes-ccm
  ssid CORP
  antenna gain 0
  mbssid
  station-role root
  interface Dot11Radio0.1
  encapsulation dot1Q 320 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
  no ip address
  no ip route-cache
  interface GigabitEthernet0.1
  encapsulation dot1Q 320 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.51.246.2 255.255.255.0
  no ip route-cache
  ip default-gateway 10.51.246.1
  ip radius source-interface Loopback1
  radius-server host 10.32.0.154 auth-port 1812 acct-port 1646 key V3rv3@mc0m
  bridge 1 route ip
  *********************End of config snap shot*********************
  When i run the debug i see the following messages which I am still trying to understand thought it would be worthwhile mentioning here:
  *******************Debug**********************
  AP1#
  *Mar  1 01:04:41.951: AAA/BIND(0000001E): Bind i/f
  *Mar  1 01:04:41.951: dot11_auth_add_client_entry: Create new client 2477.037e.22d4 for application 0x1
  *Mar  1 01:04:41.951: dot11_auth_initialize_client: 2477.037e.22d4 is added to the client list for application 0x1
  *Mar  1 01:04:41.951: dot11_auth_add_client_entry: req->auth_type 0
  *Mar  1 01:04:41.951: dot11_auth_add_client_entry: auth_methods_inprocess: 2
  *Mar  1 01:04:41.951: dot11_auth_add_client_entry: eap list name: EAP
  *Mar  1 01:04:41.951: dot11_run_auth_methods: Start auth method EAP or LEAP
  *Mar  1 01:04:41.951: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  1 01:04:41.951: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 2477.037e.22d4
  *Mar  1 01:04:41.951: EAPOL pak dump tx
  *Mar  1 01:04:41.951: EAPOL Version: 0x1  type: 0x0  length: 0x002F
  *Mar  1 01:04:41.951: EAP code: 0x1  id: 0x1  length: 0x002F type: 0x1
  030017B0: 0100002F 0101002F 01006E65 74776F72  .../.../..networ
  030017C0: 6B69643D 56434F52 502C6E61 7369643D  kid=VCORP,nasid=
  030017D0: 4B414C2D 30322D41 50312C70 6F727469  KAL-02-AP1,porti
  030017E0: 643D30                               d=0
  *Mar  1 01:04:41.955: dot11_auth_send_msg:  sending data to requestor status 1
  *Mar  1 01:04:41.955: dot11_auth_send_msg: Sending EAPOL to requestor
  *Mar  1 01:04:41.955: dot11_auth_dot1x_send_id_req_to_client: Client 2477.037e.22d4 timer started for 30 seconds
  *Mar  1 01:04:41.955: dot11_auth_parse_client_pak: Received EAPOL packet from 2477.037e.22d4
  *Mar  1 01:04:41.955: EAPOL pak dump rx
  *Mar  1 01:04:41.955: EAPOL Version: 0x1  type: 0x1  length: 0x0000
  033E86E0:          01010000                        ....
  *Mar  1 01:04:41.955: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 2477.037e.22d4
  *Mar  1 01:04:41.955: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 2477.037e.22d4
  *Mar  1 01:04:41.959: EAPOL pak dump tx
  *Mar  1 01:04:41.959: EAPOL Version: 0x1  type: 0x0  length: 0x002F
  *Mar  1 01:04:41.959: EAP code: 0x1  id: 0x2  length: 0x002F type: 0x1
  03001A20: 0100002F 0102002F 01006E65 74776F72  .../.../..networ
  03001A30: 6B69643D 56434F52 502C6E61 7369643D  kid=VCORP,nasid=
  03001A40: 4B414C2D 30322D41 50312C70 6F727469  KAL-02-AP1,porti
  03001A50: 643D30                               d=0
  *Mar  1 01:04:41.959: dot11_auth_send_msg:  sending data to requestor status 1
  *Mar  1 01:04:41.959: dot11_auth_send_msg: Sending EAPOL to requestor
  *Mar  1 01:04:41.959: dot11_auth_dot1x_send_id_req_to_client: Client 2477.037e.22d4 timer started for 30 seconds
  *Mar  1 01:04:41.963: dot11_auth_parse_client_pak: Received EAPOL packet from 2477.037e.22d4
  *Mar  1 01:04:41.963: EAPOL pak dump rx
  *Mar  1 01:04:41.963: EAPOL Version: 0x1  type: 0x0  length: 0x0012
  *Mar  1 01:04:41.963: EAP code: 0x2  id: 0x1  length: 0x0012 type: 0x1
  033603C0:                            01000012              ....
  033603D0: 02010012 01564552 56455C47 30373532  .....VERVE\G0752
  033603E0: 3736                                 76
  *Mar  1 01:04:41.963: dot11_auth_parse_client_pak: id is not matching req-id:1resp-id:2, waiting for response
  *Mar  1 01:04:41.963: dot11_auth_parse_client_pak: Received EAPOL packet from 2477.037e.22d4
  *Mar  1 01:04:41.963: EAPOL pak dump rx
  *Mar  1 01:04:41.963: EAPOL Version: 0x1  type: 0x0  length: 0x0012
  *Mar  1 01:04:41.963: EAP code: 0x2  id: 0x2  length: 0x0012 type: 0x1
  033AEE90:                   01000012 02020012          ........
  033AEEA0: 01564552 56455C47 30373532 3736      .VERVE\G075276
  *Mar  1 01:04:41.963: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 2477.037e.22d4
  *Mar  1 01:04:41.963: dot11_auth_dot1x_send_response_to_server: Sending client 2477.037e.22d4 data to server
  *Mar  1 01:04:41.963: AAA/AUTHEN/PPP (0000001E): Pick method list 'EAP'
  *Mar  1 01:04:41.963: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
  *Mar  1 01:04:41.963: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type *invalid_group_handle*
  *Mar  1 01:04:41.963: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
  *Mar  1 01:04:41.963: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
  *Mar  1 01:04:41.963: Client 2477.037e.22d4 failed: EAP reason 2
  *Mar  1 01:04:41.963: dot11_auth_dot1x_parse_aaa_resp: Failed client 2477.037e.22d4 with aaa_req_status_detail 2
  *Mar  1 01:04:41.963: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 2477.037e.22d4
  *Mar  1 01:04:41.963: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 2477.037e.22d4
  *Mar  1 01:04:41.963: EAPOL pak dump tx
  *Mar  1 01:04:41.963: EAPOL Version: 0x1  type: 0x0  length: 0x0004
  *Mar  1 01:04:41.963: EAP code: 0x4  id: 0x2  length: 0x0004
  03001DC0:                   01000004 04020004          ........
  03001DD0:
  *Mar  1 01:04:41.963: dot11_auth_send_msg:  sending data to requestor status 1
  *Mar  1 01:04:41.967: dot11_auth_send_msg: Sending EAPOL to requestor
  *Mar  1 01:04:41.967: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
  *Mar  1 01:04:41.967: dot11_auth_dot1x_send_client_fail: Authentication failed for 2477.037e.22d4
  *Mar  1 01:04:41.967: dot11_auth_send_msg:  sending data to requestor status 0
  *Mar  1 01:04:41.967: dot11_auth_send_msg: client FAILED to authenticate 2477.037e.22d4, node_type 64 for application 0x1
  *Mar  1 01:04:41.967: dot11_auth_delete_client_entry: 2477.037e.22d4 is deleted for application 0x1
  *Mar  1 01:04:41.967: %DOT11-7-AUTH_FAILED: Station 2477.037e.22d4 Authentication failed
  *Mar  1 01:04:41.967: dot11_auth_client_abort: Received abort request for client 2477.037e.22d4
  *Mar  1 01:04:41.967: dot11_auth_client_abort: No client entry to abort: 2477.037e.22d4 for application 0x1
  Any Idea where the problem could be?
  Regards,
  Mohit

  Just to add here, i ran another command on the AP/Router which indicates to me that there was no response from the Radius server.
  KAL-02-AP1#sh radius statistics
                                    Auth.      Acct.       Both
           Maximum inQ length:         NA         NA          1
         Maximum waitQ length:         NA         NA          2
         Maximum doneQ length:         NA         NA          1
         Total responses seen:          0          0          0
       Packets with responses:          0          0          0
    Packets without responses:         12          0         12
    Access Rejects           :          0
  Average response delay(ms):          0          0          0
  Maximum response delay(ms):          0          0          0
    Number of Radius timeouts:         48          0         48
         Duplicate ID detects:          0          0          0
  Buffer Allocation Failures:          0          0          0
  Maximum Buffer Size (bytes):        186          0        186
  Source Port Range: (2 ports only)
  1645 - 1646
  Last used Source Port/Identifier:
  1645/12
  1646/0
    Elapsed time since counters last cleared: 1h52m

• Some wireless clients can't discover or connection to local wired systems

  Hi,
  I've just upgraded my home wireless from an NetComm NB5540 + modem to a LinkSys X3000.
  Internet access works fine for all devices, but some wireless devices can't "see" my Win7 desktop system that's on a wired connections to the router. 
  I've tried three devices...
  Galaxy Note phone (running ICS 4.0.4) can discover and connect to file shares on my desktop system without any problems.
  Asus Transformer Prime tablet (running JellyBean 4.1.1) can see the router on the local network, but can't see my desktop. Even if I manually type in the IP address it can't connect to it
  Likewise my old WinXP laptop can see the router but can't see or connect to any other devices.
  Any suggestions welcome.
  Hugh
  ps. I tried connecting the NetComm router with just Wifi configured to one of the ethernet ports on the X3000, so I've got two Wifi networks running in parallel. If I connect to this second WiFi network with any of the above devices then they can all discover and connect to my desktop system on the wired connection to  the X3000.

  Just to test network connectivity, why don't you ping the wired client from the wireless devices that are not able access it? Do post your results so we can further analyze this scenario. By the way, when you cascaded another access point (using the NetComm router) to the X3000, was it via LAN- LAN? Was the X3000 still the DHCP server for the wireless clients?

• All non-Apple Wireless Clients won't Connect to Time Capsule

  I have a latest gen Apple 2TB TC (ME177LL/A) and have had it for about 14 months. I have never had any issue with it in the past and have perhaps only had to reset it twice in that 14 month span.
  Came home from work last night to watch some Netflix on my PS4, and noticed my PS4 couldn't connect to the network. In the PS4 OS I kept getting errors that said either the network no longer existed or my password was incorrect. I simply tried to re-enter my password multiple times, but only once was the PS4 successfully able to connect. The one time it did connect the network speed indicated in the PS4 speed test was less than 200 kpbs. Within moments, the PS4 lost connection again. I was unable to reconnect.
  At this point I figured I would just use the PS3 instead...same issue, however. Initially thought it was perhaps a PSN issue, but this time I never once could get the PS3 to connect. It repeatedly just said the network wasn't available or the password was incorrect. Went through the same troubleshooting steps that I did on the PS4 with no luck.
  At this point I realized my Lyric thermostat had been erroring out and giving me a notification on my phone---the app on my phone wasn't able to connect to the Lyric via Wifi. Also noticed my August Connect was flashing red and was not connected. DirecTV Genie was not connected to my TC network either. Then went to my home office to discover my Slingbox was no longer connected either. Interestingly enough, though, my iPhone, MacBook Pro, Mac Mini, wife's iPhone, and MacBook all were still connected to my TC network with no issues. I performed speed tests on all of them and all were giving me well over my 60 Gbps Internet speeds. These devices never disconnected nor had any hiccups.
  Essentially determined all my non-Apple devices couldn't stay connected to the TC network.
  Proceeded to just reset the TC and see what would happen. None of the non-Apple devices could connect. Same "Network not found/incorrect password"
  Then proceeded to perform factory reset on TC. At the same time I unplugged my Charter internet modem from power and cat5 out. Powered on modem, waited. Then powered up TC. I did this process twice through, once with auto selected 2.4/5 Ghz channels--still had issue with devices being unable to connect. The second time through, I set up the 2.4/5 Ghz bases upon the most "open" channels as shown by iStumblr (I live in fairly large luxury apartment building that has many networks -- so there are A LOT of networks).
  This time I appeared to have success. One-by-one I was able to connect all my non-Apple devices to this new network with the new SSID and credentials. All devices were able to connect and the PS3/PS4 were able to connect to PSN and I was very easily able to get Netflix.
  Woke up this morning and noticed all non-Apple devices were once again not connected....really not sure what's going on. Didn't have time to dive in deeper before heading to work.
  Just as an FYI, I have 2 different Macs backing up to the TC via Time Machine wirelessly (the primary reason I have a TC and not another router). Also have an Asustor AS5008T connected to the TC via round robin link aggregation. All Macs are running Yosemite. All iPhones are running iOS 8.3. Offhand, I don't know the firmware the TC is running. I made no recent changes to the network or any of the hardware.
  Anybody have any idea what could be the culprit? Any help would be greatly appreciated.

  Whilst I said in my first post that apple had removed all the logs.. you can still get them via PC version 5 airport utility... you will need to plug in via ethernet since wireless is not working. You can also install v5 utility into a Mac but I cannot tell you how. Google it.
  The other method.. and I am not at all sure if it is useful or not.
  Using the airport utility in an ipad.. click on the TC, then edit.. then advanced.. Diagnostics and Usage Data.
  Go into this and you will see the Airport utility has got a stack of info out of the TC..(for secret transmission to apple).
  eg
  I guess it is comparison between normal functionality and when it fails that will show something interesting.. meaning you will need to track the info... and it is not so easy to get it out other than as a screenshot..

• Why do some devices show up as wireless clients and not DHCP clients

  When looking at the 'Logs and Statistics' section it shows me the MAC addresses of 3 wireless devices I have on my W/LAN (Macbook and 2 wireless PVR's) in the 'wireless clients' section but no info on the 2 wireless PVR's in the DHCP clients section. Only the Macbook appears there with its ip address shown. Can anyone tell me how to find out the ip addresses of these 2 other devices. I tried connecting one of the PVR's via a cat 5 but that one still doesn't show up in the DHCP clients section.

  Esterhazyinoz wrote:
  Can anyone tell me how to find out the ip addresses of these 2 other devices. I tried connecting one of the PVR's via a cat 5 but that one still doesn't show up in the DHCP clients section.
  Try scanning with WakeOnLan to get a list of all devices and their IP addresses. If the devices got fixed IP addresses at the factory, they won't show up under DHCP.

• Wireless client can't get an IP but can associate with the Cisco 1200 AP

  Hi!
  Good day to everyone.
  I guess i need some help with regards to a problem of mine.
  I have a Cisco 1200 AP with IOS 12.3(2), the client is MS Win XP on an IBM notebook with an onboard intel wireless client.
  the RADIUS server is a MS IAS and it is integrated with MS Active directory where I authenticate.
  somehow the client can associate with WPA and TKIP however it won't receive an IP add after logging into domain. I have tried clearing out the TKIP and WPA and leave authentication open and guest mode on the config. this would be successful.
  I also want to ask what does the "list_name" on the methods of authentication on EAP? Is this a RADIUS server's name or the AD server's name?
  Attach is the configuration I made on the AP.
  Thanks in advance,
  Chris

  I have this same issue, it seems the AP is not supplying the group key needed to complete the authentiction...so your being authenticated, but not fully with the AP. I have a sniffer of a good connect and a bad one, its got something to do with the key (if you look at the link status, you will probably see something like this beside security
  TKIP, WEP, Key Absent
  The Key Absent portion is bad. Its whats stopping us from getting fully "connected" with our AP's, but i have yet to figure out why.

• Bridge does not work for wireless clients - connecting to existing network.

  Hi - I really hope somebody can help out here, after hours of trial & error, I have finally given up
  I need to connect my Airport Extreme Base Station to my existing network. I have a linksys router (192.168.15.1) connected to my modem and this linksys router acts as DHCP server too.
  I suppose I have to use "bridge mode" for that to work. But should the linksys be connected to the AEBS using the AEBS's WAN or LAN port?
  If I use "bridge mode", then wired computers to the AEBS works fine - getting an IP from the linksys etc. BUT, the wireless clients will have a self-assigned IP and not get through to the internet. It's like the AEBS will not allow wireless clients to "get through" unless AEBS itself is handing out IP addresses.
  Page 36 of this manual ( http://manuals.info.apple.com/en/DesigningAirPort_Networks10.5-Windows.pdf ) shows the setup I want. But in the picture, it says "Ethernet WAN port" but the text says: "The Apple wireless device (in this example, a Time Capsule) uses your Ethernet network to communicate with the Internet through the Ethernet LAN port ( <--> )." I don't know which one to use, WAN or LAN - they show WAN but say LAN?
  When I set it up as "share an IP address", the AEBS status tells me "double nat" and to change from "shared IP" to "bridge mode". I do that, and everything seems fine - for the wired clients. Now the wireless clients cannot connect, Airport on the MacBook Pro just say "Connection failed" and the MacBook says "Invalid password" (translated from danish), even though I set the Airport Utlity to save the password in keyring, so it should be correct... If I disable wireless encryption, the wireless clients will connect but get a self-assigned IP, and therefor not work (cannot get online)...
  It seems the only way I can get wireless to work, is if I set AEBS up as DHCP, but then it won't be on the "same network" as the linksys (192.168.15.1), but rather on 10.0.x.x as I select. If I select 192.168.x.x within AEBS, I'm also getting some error messages, conflict/subnet thing.
  Anyway - I really hope somebody knows how to get wireless clients to get an IP address from existing ethernet when connected to the AEBS.
  Thanks!!

  I've given up and had to go back to running "Double NAT" which also reports as a "problem" within the AEBS, but I just "ignore" it so the light will always be green.
  It still ***** though, as "Double NAT" is also a reason for "Back to my Mac" not working properly, but how the ** am I supposed to avoid Double NAT when the wireless will not work in bridged mode?!

• Airport Express as wireless client for Linksys WRT54G (v2)

  Hi gang. I've been trying without success for some time to get my new AX configured as a wireless client on my existing network. Here's the particulars:
  Linksys WRT54G (version 2, latest firmware), 802.11 b/g, channel 6. MAC filtering is enabled, and the AX's MAC address has been added to the persmissions table. WPA shared key security is enabled. AX is latest firmware, 6.3.
  I can access the AX no problem by connecting it via ethernet/cat-5 cable to my router. I see it in the list of connected devices on the Linksys admin page, its IP address, etc. I can configure it, no problem. Except that every time I configure it, it reboots and never joins the wireless network, no matter what I seem to do.
  Here's my normal procedure:
  - Access AirPort Admin Utility
  - Select the AX from the first screen, then click Configure. Up comes the configuration screen.
  - Click on Airport tab.
  - I change Wireless Mode to "Join an Existing Wireless Network (Wireless Client)" and enter my network SSID in the Network Name box.
  - I then click the Wireless Security button, then select "WPA2 Personal", then click "Set Pre-Shared Key" and enter my WPA key, exactly as it appears in the Linksys wireless security page. I save the configuration and the AX reboots.
  After that, I wait for half a minute, then the flashing amber (problem/no connectivity) light returns.
  I'm completely frustrated with this thing. I've searched some other postings in these forums and on the net and tried some of it but it doesn't work for me. My wireless or network setup is pretty standard stuff, so I don't get why this thing won't join the network. I don't have these problems with any other devices.
  Any help is greatly appreciated!!
  Scott

  I am experiencing the exact same problem here... I can set up a new network to this device, but cannot set it up as a client on my existing linksys network. I believe I have followed the procedure precisely yet no dice. The iTunes plays on the new network albeit on a weak signal which cuts out periodically. My thought was to put it on the linksys router with a stronger wireless signal...

• Wireless clients not trusting well-known Certificate Authorities by default??

  I'm using PEAP-MSCHAPv2 for wireless authentication.  The radius server is a Windows 2008 server running NPS.  The clients consist of a bunch of laptops (mostly running Windows).  Not all of these laptops are members of Active Directory.  So, pushing any type of policy out to all clients isn't feasible (ie. using a private PKI and using AD to push the server cert and wireless config to all domain members).  So we decided to use a public PKI and obtained a certificate for our radius server through a well known CA.  So far, so good.
  When clients to go connect, they still get a nasty warning saying:
  --START--
  The credentials provided by the server could not be validated. We recommend that you terminate the connection and contact your administrator with the information provided in the details. You may still connect but doing so exposes you to security risk by a possible rogue server.
  Details
  Radius Server:           $radius
  Root CA:                    $ca
  The server "$radius" presented a valid certificate issued by "$ca", but "$ca" is not configured as a valid trust anchor for this profile. Further, the server "$radius" is not configured as a valid NPS server to connect to for this profile.
  --STOP--
  (I replaced the actual radius server name with $radius and the CA with $ca).
  Doing a little digging, it appears this is just the expected behavior of the Windows wireless client???  What's the point of getting a signed cert by a well-known CA if the client is still going to get a nasty warning like this?
  Web browsers certainly don't behave like this.  The only difference between a web browser and the wireless client is with a browser, you're always going after a URL (ie, you can match what the browser wants to connect to versus what the CN on the server's cert comes back with) whereas on the wireless client, you generally won't know the radius server you're going to authenticate against.  But, in either scenario, the server's cert is signed by a well known CA.
  I found a nice post that mentions this, but no solution:
  http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/26886f09-e424-48da-9ecc-cf7efd9dccc0
  Well, I suppose a solution is to manually configure the client to trust certs issued by the CA and/or configure my radius server in the connection profile.  But that requires configuring each client.  And there's no way we can use AD to push a policy/cert to all clients.
  So my questions are:
  -is this really the expected behavior?
  -so browsers generally trust the default CAs whose certs are stored on the OS by default but the wireless adapters don't?

  This is a limitation of the Windows wireless client.
  http://support.microsoft.com/kb/2518158
  Somewhere was an artical the described that Microsoft wirless client does not trust public root CAs by default.  Using a 3rd party utility like Intel Pro Set trusts all the 3rd party root CAs by default so you dont get this message.
  Please respond to Microsoft and voice your problem maybe they will fix their wireless client to trust public root CAs.
  Justin.

• Trying to configure WRT54GS as a wireless client

  I have a WRT54GS v6 wireless router which I would like to configure as a wireless client.
  Can anyone tell me if this is possible?
  My main gateway/router on my main PC is a WAG354G v2. Another PC in the house connects to the gateway/router via a Linksys PCI card.
  There is a third PC in the house (with a lot of media on it) which, for some reason, is unable to access the WRT router at all, but I have successfully connected to the router from a laptop with an ethernet PCMCIA adapter and updated the firmware to the latest revision.
  So far, so good.
  Now, in the short term, it would be useful to connect the WRT router to PC3 in order to retrieve the media there - via ethernet would be fine, via wireless would be better.
  Once that is done, it would be similarly useful to have the WRT router set to connect to the main gateway router for internet access and network filesharing and use it as the client for the laptop. I know there are easier ways, but I won't bore you with the details as to why and what I have tried and tested in this respect.
  So, is it possible to do what I want?
  Thanks
  DM

  As per my under standing you need WRT54GS router connected to computer for internet access & file sharing ..... but in that case the WRT54GS router should be connected to main router using Ethernet cable at the back panel at internet port.....
  After such connection ......the second router will able to provide internet to computer connected to either 1-4 any port....
  It is not possible to let the router connected to computer only..... because the WRT54GS will generate signals ........but connected to that will not make you online ......

• AP1200 as Root Bridge: Accept wireless clients or not?

  Cisco's docs precisely contradict themselves on this topic. In some places they state clearly that configuring an AP1200 as a root bridge means it will NOT accept connections from normal wireless clients. In other places they state just as clearly that in root bridge mode an AP1200 WILL accept connections from both non-root bridges and normal wireless clients.
  Which is correct?

  Yes, I discovered that after setting up several units and running some experiments. At first all I saw were the options offered in the "express setup" area. The root-bridge choice there says nothing about wireless clients, and the help screen it invokes says it won't work. But on the radio interface config screen the option you mention is offered and ITS help screen notes wireless clients will be accepted (as its name implies).
  The telnet interface offers all the options as well.
  I can confirm that it does work: In root-bridge with wireless client mode the unit will accept associations from non-root bridges, other AP1230's in WGB mode, and even non-Cisco clients.
  The testing continues... thanks!

• Extending wireless network - allow wireless clients or not?

  Hi,
  sorry if this is a stupid question but I cannot find the answer on the internet.
  I have a setup with 3 level house, 3 airport extremes, the one in the middle connected via ethernet to router and acting as DHCP server.
  The other two are setup to 'extend network'
  Question I have is should I check "allow wireless clients" or not because when I do it seems to make the main AP extreme a client of the other two as well. This seems strange to me. any help would be appreciated.

  do you work in entertainment industry at all? I know a bob timmons...
  That would not be me.
  any ideas why my extension airport extremes see the main DHCP extreme as clients?
  This is normal. The "main" base station is a client of the "extending" Airport....and the "extending" AirPort is a client of the "main" base station.  You would not have any extension if they were not clients of each other. In simple terms, they are communicating with each other at all times.
  also any idea of the actual range of the AP extremes?
  They usually check out at about 45-50 meters or 150 feet or so....but range measurements are made in "free air" in a large space....like an airplane hangar......with no obstructions in the signal path. Most homes are laid out a bit differently.
  I've seen installations where the signal would barely go through one wall to a computer that was no more than 10 feet away from the router.  The wall was metal lathe and plaster, so in effect the very weak signal was being asked to power though metal. Not much signal was getting through.
  In very general terms, a typical wall of sheetrock or wallboard and 2 x 4s will absorb on average 15-20% of the wireless signal. A ceilng will absorb much more because it is much thicker.  In most homes, after 3 or 4 walls, or a ceiling and a wall, there won't be much signal left.
  Now, if you  have adobe walls or cement walls or ceilings, everything changes dramatically. You get the idea.
  My home is about 2400 sq ft, single level, of typical construction.  I use 3 AirPort Extremes....all connected by Ethernet....not wireless....to get full speed, fast coverage virtually everywhere.  I use an AirPort Express to "extend"....using wireless only....if I want to take my laptop out on the patio.
  Older iPhones can connect at maximum 54 Mbps if they are literally right on top of the router. Typically,they might be at 25-35 Mbps or so with a good signal in the next room.  The 180 and 270 numbers signify that these connections are 5 GHz...probably a newer Mac laptop or iMac.
  If you have a Mac laptop and don't mind a $3 investment to get a good utility, WiFi Explorer can reveal some very useful things about your network.  Post back if you are interested and we will take this up on Thursday.

• Unable to set up base station as wireless client

  I have a network with one Airport Extreme (UFO-shape) and three Airport Express base stations. Now I had to do a hard reset of all the base stations, and want to use Airport utility to set up the network again.
  I have no problems setting up the Airport extreme as the main base station, and the first Airport express as a remote base station (extending the network). I want to set up the other two Airport Express stations as wireless clients (I only use them for iTunes via Airtunes).
  My problem is that when I reach the point where I can choose between setting them up to either extend the network or as a wireless client, I am not able to proceed if I choose the latter (nothing happens when I press "continue"). I can only go through the setup process if I choose the Airport Express to be an extension of the network (a remote base station).
  For one of the Airport express, I then later manually changed the setup from "be a part of a WDS network" to "connect to a wireless network". But when I try this for the last Airport Express, I am no longer able to contact the base station if I try to do the same. I have chosen channel 11 for the network, and I think in some way or another, after I manually change the settings for the last Airport express, it switches to another channel. After this I can no longer read the base station configuration or connect to it via airtunes.
  When I do a hard reset again, and go through the process once more, everything is OK as long as I keep it as a remote base station. But I really would like it to be connected as a wireless client
  Any ideas?

  The basic wiring setup would include connecting an Ethernet cable from one of the available LAN <-> Ethernet ports to the WAN "O" port on the Time Capsule.
  You can run an Ethernet cable up to 100 meters or 300+ feet so the trick will be locate the Time Capsule in the middle of the area where you need more wireless signal coverage.
  To have the Time Capsule "extend" the wireless from the gateway, you would need to configure it to create a new wireless network using the same wireless network name, same wireless security setting and same password as the gateway's wireless network.
  The final configuration step would be to make sure that the Time Capsule is setup to operate in Bridge Mode, so that it will function as a client for the gateway router.
  The specifics of how to do this will depend on the version of AirPort Utility that you are using on your Mac. Post back if you need more details on this.

• 2504 controller + 2602 APs = wireless clients connectivity problems

  Hello, everybody!
  I have a connectivity problems of wireless clients. The symptoms are:
  1) Some clients receive 169.254.x.x., instead a correct DHCP addresses, less in a minute connection drops, and in controller's "Monitor" > "Clients" tab these clients are marked as "Excluded".
  2) Most of the clients receive the correct addresses from DHCP (192.168.2.x), but also loose connection soon.
  3) Wireless clients with correct addresses can't ping each other, gateway and an address of the controller's dynamic interface (all of them are in same subnet).
  4) And the most suspicious problem is that some machines are unable to connect to APs after several attemps to do that. I mean, I configure controller and change some options, trying to understand, whether they were applied or not and constantly connect and disconnet certain PC to the SSID. After five or ten attempts I can't connect to the SSID. During these attempts, the others PCs stay connected, without interruptions, and they could be reconnected again. It's like some kind of port security works, but I'm not sure...
  Do you have any ideas which options should I configure?
  My configuration:
  I have three interfaces on the controller: virtual, management (default) and dynamic (it is set to the WLAN)
  I have one SSID, WPA/WPA2, AES/TKIP, authentication PSK.
  My clients are a/b/g/n, all are permitted on the controller. No custom security policies were applied.
  All the devices are in a single room: controller, one AP and different clients: desktop, notebooks, iPad, Nokia Lumia, etc.
  I have an internal DHCP Server on the controller and it works perfectly well.
  I can provide all the screenshots required from web-interface of the controller...
  Many thanks in advance for all ideas that you have about these problems...

  Hi, there!
  The problem was solved.
  1) APIPA address receives only single machine with Win8 - I think there are some firewall issues
  2) Other devices have been loosing connection because they were mobile devices, like iPad and Lumia. If you keep working with it, it doesn't drop the connection
  3) The dynamic interface address and gateway address were inaccessible because i had not used an appropriate port on the controller. =)))) Firstly, it was just a guess, but it proved.
  Now, everything works with WPA2, AES, PSK...
  It is a very good day!)
  The only question remains: why I can't connect machines, which have a static IP? During the controller initialization, I said "yes" for permitting static IPs...
  Guys, many thanks for your help!

• WAG120n as a wireless client

  Hello,
  I have 802.11n wireless network at home. Unfortunately my TV box requires internet to work and it doesn't have wifi card installed (only ethernet port). It's very unconfortable to connect tv box with the router through cable.
  So is it possible to use WAG120N as a wireless client for my existing wifi network and connect tv box through cable with WAG120N? In that case WAG120N would be some kind of wireless network adapter for my TV box.
  Best.
  Solved!
  Go to Solution.

  The access point on the WAG120N is a transmitter, not a receiver. Hence, this setup will not work. This gateway can be configured as wireless access point but not a wireless ethernet bridge which is what you will need. You can get one of the following devices to connect your tv (via ethernet) to your wireless network:
  Dual Band N Ethernet Bridge (WET610N)
  Wireless N Universal Media Connector (WES610N)