WPA2 configuration on Aironet 1042N

Similar Messages

• Cisco Aironet 1130AG WPA2 Configuration

  Hi everyone,
  First of all, let me introduice myself. I just graduated as an IT-engineer and started working in a company who gives support to their users, but also does installations. One day a week I am permanent located with 1 customer. I give support to users, but also implement new systems. I really love networking, but it's really not my strongest point. Especcialy when it comes to CLI. So I was hoping you could help me.
  With this customer they have 4 floors with on each floor a Cisco Aironet 1130AG. At the moment they are using WEP as a protection with a really long key. The users find this annoying, but I am more concerned about the security perspective. So I want to implement WPA2 with a shorter key for the people to remember. On one floor, I also want to add a public network when other people want to connect and just need internet access.
  Is it possible you guys could help me change the current set-up and give advices regarding the security and implementation. For me I would be great if all of the Access Points could work togheter and just be 1 wireless network. I don't know if this is possible and how to do it? For the public network I know there also need to be some changes in VLAN's, so I would appreciate the help there for setting up trunks. The firewall is a cisco ASA5505.
  At the moment I am running this configuration:
  I tried setting up this with the GUI, but it doesn't look like the configuration at the moment is shown in the GUI or maybe I am just looking in the wrong places.
  Thanks again for helping me configure this!! Much appreciated!
  !version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO-AP-V0!enable secret 5 $1$vhoF$wv3N1r1sMiiuhGgQTpx5b0!no aaa new-model!!!dot11 ssid private-v0   authentication open    guest-mode!power inline negotiation prestandard source!!username Cisco password 7 14341B180F0B!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 FD0B4EB47C9301A55E6A685157C8 transmit-key encryption mode wep mandatory ! ssid private-v0 ! speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 packet retries 128 drop-packet station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption key 1 size 128bit 7 4A476E1E760D683C46307A755A29 transmit-key encryption mode wep mandatory ! ssid private-v0 ! no dfs band block speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.2.220 255.255.255.0 no ip route-cache!ip default-gateway 192.168.2.1ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagbridge 1 route ip!!!line con 0line vty 0 4 login local!end

  Look at those:
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
  www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008055c39a.shtml
  HTH
  Amjad

• How to setup WPA2-PSK on aironet 1602 i

  I have an AIR-SAP1602I-A-K9 WAP and I am interested in configuring it for WPA2-PSK security for WAP access.  I don't see a way to do this in the GUI, does this model support that type of security?  Thank you.

  Yes it does support WPA2/AES.  Please review this guide as it should help:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116599-config-wpa-psk-00.html
  -Scott

• Configuring CISCO AIRONET AP

  Hello;
  how to configure the IP Adress of CISCO AIRONET 1600i AP to access It through the Web browser and configure It?
  we tried to assign a static IP using CLI so we downloaded Tera Term and tried to connect It using the DB Cable. The following message shows up:
  *Mar 1 01:41:43.674: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  we tried to execute 'Enable' command and It works then we tried to execute 'config t' command but failed (the other commands do not work too):
  APf07f.06f0.93b5#config t
  ^ % Invalid input detected at '^' marker.
  I connected the Aironet AP to a Router which has 192.168.1.1 as a default IP Adress and thats what shows up on the terminal:
  Translating "CISCO-CAPWAP-CONTROLLER.Home"...domain server (192.168.1.1)
  *Mar 1 00:34:05.251: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
  *Mar 1 00:34:05.255: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.Home
  Not in Bound state.
  *Mar 1 00:34:50.754: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  *Mar 1 00:34:53.766: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
  *Mar 1 00:34:53.830: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.1.5, mask 255.255.255.0, hostname APf07f.06f0.93b5

  Hi 
  By default these AP comes with lightweight image & require a WLC to manage it.(unless you specifically order this AP with autonomous image)
  If you want to convert it autonomous (to use without a WLC) then you have to load an autonomous image to it. You should have an image like this (ap1g2-k9w7-tar.153-3.JAB.tar)  to begin with (you may require a valid maintenance contract to download this from cisco web site)
  Then you can follow one of the methods to convert it to a autonomous AP
  1. http://mrncciew.com/2012/10/20/lightweight-to-autonomous-conversion/
  2. http://mrncciew.com/2013/12/13/ap-conversion-using-mode-button/
  HTH
  Rasika

• Aironet 350 configuration to Aironet 1300

  Is it possible to download an ini configuration from an Aironet 350 bridge, convert it and upload it to an Aironet 1300 bridge?

  Nevermind...I found it http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/s12213JA.html#wp55027

• Best practice configuring 2602i aironet 50-70 users.

  Hi Im new to cisco wireless AP.
  I need your advice and best way to configure wireless AP. we have 50-70 users in 2 buildings  3 storey. 2 vlans
  I have 2 cisco aironet 2602i and 1 1142 aironet.. it is okey if AP-1142 to be access points? and 2 -2602i will be the bridge? can anyone give me configurations?
  Thanks

  Hi Rasika,
  its seems working now, please see attached for your comments!

• Configuring Cisco Aironet 1140 for Radius and setting up a Radius server

  guys i need some help setting up my Radius to work with cisco aironet 1140, i am new at this however i was tasked with setting up a Radius server and setting our AP with WPA2- enterprise so users can log into our AP using AD credentials.
  When i try to setup on the AP a new SSID i do not see the option for WPA2- enterprise?

  Here are other links with examples:
  https://supportforums.cisco.com/thread/331581
  http://targetcisco.blogspot.com/2011/03/cisco-autonomous-access-point.html
  http://downloads.avaya.com/css/P8/documents/100041614
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Aironet 1042N-E-9: Problems and questions.

  Hello,
  I have seven Aironet 1042 WAPs, AP1,AP2, ... AP7  . The log reads "Interface Dot11Radio0, Deathenticating station (MAC Address ) Reason:Sending station has left the BSS". Why ?
  They are many ERROR CRC,  i do no know what ?
  Anybody have any ideas what might be causing this problem WAP?
  I have set up 7AP 1042 with the same SSID in standlone mode. I would  like to know if the wifi channels must be configured in auto select or  in manual setting.
  In addition, WDS allows it to increase wireless network coverage?
  What is crypto pki certificate chain TP-self-signed ?
  Thanks,

  Hi,
  As mention before the error message "Interface Dot11Radio0, Deathenticating station (MAC Address ) Reason:Sending station has left the BSS" means that the wireless client is not within range of the current access point, it power down its radio, it went in to sleep mode or when working in a bad wifi deployment.
  Also remember that AP selection or roaming is a client based decision and if we do not have a proper wifi deploy the wireless clients could be disconnecting and connecting to other APs.
  Remember that when working with the 2.4GHZ radio and we have more then 1 access point covering the same site we need to distribute the 3 no overlapping channels that are 1-6-11 between them so that the units do not create interference.
  Also if you leave the units on lease congested they are going to be changing from channel constantly making the radio go down and come back up every time it changes the radio and affecting your wireless clients.
  Since you have more than 3 access points then you will need to reuse the same overlapping channels leaving the units the further apart.
  Also set the data rates to best range on all access points or just basic the lower data rate.
  Make sure that the overlap between the APs is not more than 15%

• Global Configuration Mode (Aironet 2600i)

  Hello to all,
  It's my first time in the forum, I thank any help possible. I bought a Cisco Wireless AIR-CAP2602i-E-K9 and have some practice on Cisco routers, but can not log in "Global Configuration Mode", not existe the command "Configure". How active configuration? Thank you for your attention.
  Helio Viegas

  Hello Helio,
  As per your query i can suggest you the following solution-
  Cisco IOS Command Modes
  The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.
  When you start a session on the access point, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved when the access point reboots.
  To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password to enter privileged EXEC mode. From this mode, you must enter privileged EXEC mode before you can enter the global configuration mode.
  Using the configuration modes (global, interface, and line), you can make changes to the running configuration. If you save the configuration, these commands are stored and used when the access point reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode.
  For more information please refer to the link-
  http://www.cisco.com/en/US/docs/wireless/access_point/12.2_15_JA/configuration/guide/s15cli.html
  Hope this will help you.

• Need Assistence Configuring 2 Aironet 1310s as a Bridge

  I'm just starting to setup 2 1310s as a bridge for the first time. I've setup some basic settings through the web interface: IP settings on the BVIs, single SSID, and no security (yet). Also, I've set one as a root-bridge and the other as a non-root bridge. Things seem to look good so far on the root bridge, but when I try to enable the the dot11 interface on the non-root bridge, I keep getting the following message in the log:
  %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No Response
  I guess the first obvious question is: should I be able to establish a wireless signal without the external antennas? I don't have the external antennas yet, but my understanding is that I can establish a wireless signal without them as long as the 2 1310s are fairly close together; right now they are in my lab only a couple feet apart.
  If my assumption is correct, what am I missing here?
  Thanks,
  Sean

  Thanks for the response, I do have the internal antennas enabled. Unfortunately, I don't have rubber duck antennas to work with, but it sounds like the internal antennas should work for testing. I also have the TNC connectors facing each other. I'm still getting the same error. Here, let me include the configurations, maybe someone will notice my mistake:
  The root bridge:
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname mosj141wbr31
  enable secret xxx
  no aaa new-model
  resource policy
  ip subnet-zero
  dot11 ssid mosj141lab
  authentication open
  infrastructure-ssid optional
  username Cisco password xxx
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid mosj141lab
  speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
  station-role root bridge
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.16.1.53 255.255.255.224
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  end
  The non-root bridge:
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname mosj141wbrlab1
  enable secret xxx
  no aaa new-model
  resource policy
  ip subnet-zero
  dot11 ssid mosj141lab
  authentication open
  infrastructure-ssid optional
  username Cisco password xxx
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid mosj141lab
  speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
  station-role non-root bridge
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.16.1.55 255.255.255.224
  no ip route-cache
  ip default-gateway 10.16.1.33
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  end
  Thanks again for your responses.

• Basic configuration for Aironet 1220B

  I'm trying to setup my AP so that the ethernet port connects to a hub on my LAN, just like I would connect a PC, printer or server, then us it from a wireless device just like it was on my LAN. I can see the wireless portion of the box from a notebook computer and connect to the SSID fine. I can also ping the ethernet port from a wired computer and can connect to the HTTP port fine. But the notebook can't ping anything on my LAN thru the AP. I thought one of the sample configs would have this, since it's so simple.

  12.05 would be the best path for VxWorks upgrade, but you should consider converting the AP to IOS to provide better troubleshooting tools and compatibility. The conversion from VxWorks to IOS is done using a conversion image, which you can load through the browser. The only caveats:
  1. You'll want to upgrade the IOS again, after you've completed the conversion. The conversion image loads an old IOS image.
  2. You'll want to make sure you disable your radios prior to upgrading.
  3. You'll lose your configuration as a result of the conversion (though that can be a good thing). There is a conversion tool that allows you to retain your configuration, but it typically adds a lot of unnecessary junk in the configuration. With a single AP, I'd just do a straight conversion without the tool and then acquaint myself with the IOS GUI by reconfiguring from scratch.
  Here are some useful links:
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_release_note09186a00802145c2.html#wp33375
  -Location of conversion image and tool.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_release_note09186a00802145c2.html#wp35396
  -Conversion instructions
  The above references are in the conversion image release notes. Take a look through the complete release notes for other important notes.
  -Ben

• Configuring Cisco Aironet 1100 Access Point. Please help!

  Hi all,
  I have dozens of Cisco Aironet 1100 access points, each is managing its own wi-fi with DHCP.
  I had to disable dhcp on them because they are on a wired subnet where I am using the static IPs and don't want my wired clients to get DHCP addresses, nor someone to be able to plug the wire into own laptop and get on the network.
  It's been working fine with one exception - I need to be able to ping my access points from the central site, and I can't.
  What IOS command would enable ICMP echo on my access points in this case?
  Please help!

  Hi all,
  I have dozens of Cisco Aironet 1100 access points, each is managing its own wi-fi with DHCP.
  I had to disable dhcp on them because they are on a wired subnet where I am using the static IPs and don't want my wired clients to get DHCP addresses, nor someone to be able to plug the wire into own laptop and get on the network.
  It's been working fine with one exception - I need to be able to ping my access points from the central site, and I can't.
  What IOS command would enable ICMP echo on my access points in this case?
  Please help!

• Configuring Aironet 1040 with WPA2-PSK

  I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
  This is what I have so far:
  Current configuration : 1684 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap1
  logging rate-limit console 9
  enable secret 5 $1$q9i9$V8Z042Zif0H7t4qN5awMM.
  no aaa new-model
  ip domain name Office
  dot11 syslog
  dot11 ssid WLAN
     vlan 30
     authentication open
  username Cisco password 7 05280F1C2243
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid WLAN
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  ssid WLAN
  antenna gain 0
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.2.2 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.2.1
  ip http server
  no ip http secure-server
  ip http help-path
  http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  access-list 111 permit tcp any any neq telnet
  bridge 1 route ip
  line con 0
  access-class 111 in
  line vty 0 4
  access-class 111 in
  login local
  end

  OK, I figured out some of what was going on. The admin account was set to read only instead of read/write, and both radios had not been added to my VLAN. Now I have successfully (?) configured WPA2-PSK on both wireless access points, and they are broadcasting their SSIDs, but I am unable to connect to them for an unknown reason. I am prompted for the pre shared key and then the connection fails. Hmm...

• WPA/WPA2 on Cisco 1042N AP

  Hi Guys,
  I need to configure WPA or WPA2 authentication on cisco 1042N access points. But I believe that for this requirement I need to have either an internal or external RADIUS server, but my customer want to just a normal WPA/WPA2 authentication like what we configure on cisco WAP200 or WAP4410 accesspoints, is there any work arounds to configure WPA/WPA2 authentication in a simpler manner rather than configuring RADIUS server option? Please advise.
  Regards,
  Suthakar

  you don't need a RADIUS server to do WPA/WPA2.  RADIUS is only needed if you are looking to do 802.1x for your authentication.
  To do WPA2/AES
  dot11 ssid TEST
  authentication open
  authentication wpa version 2
  wpa-psk ascii 0 12345678
  Interface Dot11Radio0
  encryption mode ciphers aes
  Steve

• AIRONET 1310 BRIDGE CONFIGURATION

  Hi I desperately need help. I am trying to configure 2 Aironet 1310s as Root bridge and non-Root bridge. When I configure the root bridge the wireless interface remains up.When I try to configure the non-root bridge the AP/Bridge will assume the role of non-root bridge and immediately disable the wireless interface with line potocol down .I tried swapping the roles and still get the same proble. I am running IOS version 12.4(10b)JA

  Hi
  I finally made a breakthrough. The issue here is the internal antannae. It seems it does not work well. I tried to use the antannae from the linksys wireless router and enabled them, I one time got the radios associate. I connected to the network and was able to ping the Pcs on each end of the network.
  Now what I am interested in finding out is why those radios cannot work with the internal antannae. The model I have is AIR-BR-1310-E-K9-R.Is this designed to come with an internal antanna. I was able to pick one bar from my laptop from within 5 metres from the bridge. so what is the issue with these radios.