Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6744
  • Last Modified:

Cisco AP1400 Authentication Failed

I am using Aironet AP1410 for connectivity and the buildings are 20km apart.
I can see the bridges are associated but on Root Bridge its giving me authentication failed message. I am attaching the setting below, kindly let me know where is the mistake.


Root Bridge
 
Express Setup:
Role in Radio Network: Root Bridge
Optimize Radio Network: Range
Aironet Extensions: Enable
 
Express Security:
Static WEP Key 128 bit Key 1
 
Securtiy:
 
Encryption Manager:
WEP Encryption: Mandatory
SSID Manager:
Radio Cehcked
Client Authentication: Shared Authentication with EAP
Guest Mode/Infrastructure SSID Setting
Set Guest Mode SSID: partnet
Set Infrastructure SSID: partner
Force Infrastructure Decvices to associate only in SSID CHECKED
 
Server Manager:Corportate Server List
Root server ip
shared key
 
Default Server Priorities: EAP Priority of Root Server
AP Authentication: No Settings
Local Radius Server: General Serup : Authentication Protocol: LEAP
 
 
 
NonRoot Bridge
 
Express Setup:
Role in Radio Network: NonRoot
Optimize Radio Network: Range
 
Express Security:
Static WEP Key 128 bit Key 1
 
 
Securtiy:
 
Encryption Manager:
WEP Encryption: Mandatory
SSID Manager:
Radio Cehcked
Client Authentication: Shared Authentication with EAP
Guest Mode/Infrastructure SSID Setting
Set Guest Mode SSID: partner
Set Infrastructure SSID: partner
Force Infrastructure Decvices to associate only in SSID CHECKED
 
Server Manager: No Settings
AP Authentication: No Settings

Open in new window

0
shahzoor
Asked:
shahzoor
  • 16
  • 12
1 Solution
 
amprantiCommented:
Can you post the config of the APs, removing any sensitive data?

Thanks
0
 
shahzoorAuthor Commented:
sorry i am new to it, dont know how to get the config. I have tftp server and have upgraded the IOS.
plz guide me in steps
0
 
amprantiCommented:
connect a console to the AP, or if possible connect using telnet /ssh
When you login, and you are in enable mode (see the # next to device name) type

"sh run"

and paste here , after you remove username/passwords etc
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
shahzoorAuthor Commented:
I have attached the Config of Root and Non Root Bridge. The log at both ends is also in the same config.

Just a piece of information that both AP are associated but not Authenticated. I cannot ping Root from NonRoot Bridge. But i can see they are assocaited.
thanks
Root Bridge Config
==================
 
Building configuration... 
Current configuration : 2672 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Root
!
logging buffered 3545584 debugging
no logging console
enable secret 5 *******************
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 192.168.0.1 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
!
aaa group server radius rad_eap2
 server 192.168.0.1 auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
dot11 activity-timeout unknown default 10
dot11 activity-timeout client default 10 maximum 100000
dot11 activity-timeout workgroup-bridge default 10 maximum 100000
dot11 activity-timeout bridge default 10 maximum 100000
!
dot11 ssid CONNECT
   authentication shared eap eap_methods2
   guest-mode
   infrastructure-ssid
!
!
!
dot1x timeout reauth-period server
username Cisco privilege 15 password 7 ****************
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 ************** transmit-key
 encryption mode wep mandatory
 !
 ssid CONNECT
 !
 countermeasure tkip hold-time 0
 speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 5805
 station-role root bridge
 rts threshold 4000
 cca 15
 concatenation
 distance 20
 beacon privacy guest-mode
 infrastructure-client
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.0.1 255.255.255.240
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging history size 500
snmp-server community defaultCommunity RW
radius-server local
  no authentication eapfast
  no authentication mac
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.0.1 auth-port 1645 acct-port 1646 key 7 ***************
09345C4329415044
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end 
 
Log at Root Bridge
==================
1 Mar 14 08:25:17.927 UTC Debugging Station ******************** Authentication failed  
2 Mar 14 08:24:47.706 UTC Debugging Station ******************** Authentication failed  
3 Mar 14 08:24:17.535 UTC Debugging Station ******************** Authentication failed  
4 Mar 14 08:23:47.285 UTC Debugging Station ******************** Authentication failed  
5 Mar 14 08:23:16.753 UTC Debugging Station ******************** Authentication failed  
6 Mar 14 08:22:46.294 UTC Debugging Station ******************** Authentication failed  
7 Mar 14 08:22:16.152 UTC Debugging Station ******************** Authentication failed  
8 Mar 14 08:21:45.981 UTC Debugging Station ******************** Authentication failed  
9 Mar 14 08:21:15.046 UTC Debugging Station ******************** Authentication failed  
10 Mar 14 08:20:44.475 UTC Debugging Station ******************** Authentication failed  
11 Mar 14 08:20:05.937 UTC Debugging Station ******************** Authentication failed  
12 Mar 14 08:19:35.450 UTC Debugging Station ******************** Authentication failed  
13 Mar 14 08:19:04.478 UTC Debugging Station ******************** Authentication failed  
14 Mar 14 08:18:33.573 UTC Debugging Station ******************** Authentication failed  
15 Mar 14 08:18:03.242 UTC Debugging Station ******************** Authentication failed  
16 Mar 14 08:17:32.313 UTC Debugging Station ******************** Authentication failed  
17 Mar 14 08:17:02.029 UTC Warning Packet to client ******************** reached max retries, removing the client  
18 Mar 14 08:17:01.963 UTC Debugging Station ******************** Authentication failed  
19 Mar 14 08:16:30.960 UTC Debugging Station ******************** Authentication failed  
20 Mar 14 08:16:00.247 UTC Debugging Station ******************** Authentication failed  
 
 
 
 
NonRoot  Bridge Configuration
=============================
 
NonRoot#sh run
Building configuration... 
Current configuration : 2424 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname NonRoot
!
no logging console
enable secret 5 *******
!
ip subnet-zero
ip dhcp excluded-address 10.0.0.1 10.0.0.10
!
ip dhcp pool local-default-pool
   network 10.0.0.0 255.255.255.224
   default-router 10.0.0.1
   lease 0 0 1
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
no dot11 igmp snooping-helper
dot11 activity-timeout client maximum 100000
dot11 activity-timeout repeater maximum 100000
dot11 activity-timeout workgroup-bridge maximum 100000
dot11 activity-timeout bridge maximum 100000
!
dot11 ssid CONNECT
   authentication shared eap eap_methods
   guest-mode
   infrastructure-ssid
!
!
!
dot1x timeout reauth-period server
username Cisco privilege 15 password 7 ********
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 ******** transmit-key
 encryption mode wep mandatory
 !
 ssid CONNECT
 !
 countermeasure tkip hold-time 0
 speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role non-root bridge
 rts threshold 4000
 concatenation
 infrastructure-client
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 hold-queue 80 in
!
interface BVI1
 ip address 192.168.0.2 255.255.255.240
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
snmp-server community defaultCommunity RW
radius-server local
  user NonRoot nthash 7 ********
254F350E0F
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end 
 
 
Log at NonRoot
==============
1 Mar 2 04:39:23.857 UTC Error Interface Dot11Radio0, changed state to up  
2 Mar 2 04:39:23.856 UTC Warning Interface Dot11Radio0, Associated To AP Root ******************* [None]  
3 Mar 2 04:39:23.630 UTC Error Interface Dot11Radio0, changed state to down  
4 Mar 2 04:39:23.629 UTC Warning Interface Dot11Radio0, parent lost: Received deauthenticate (23) 23  
5 Mar 2 04:38:53.630 UTC Error Interface Dot11Radio0, changed state to up  
6 Mar 2 04:38:53.629 UTC Warning Interface Dot11Radio0, Associated To AP Root ******************* [None]  
7 Mar 2 04:38:53.287 UTC Error Interface Dot11Radio0, changed state to down  
8 Mar 2 04:38:53.286 UTC Warning Interface Dot11Radio0, parent lost: Received deauthenticate (23) 23  
9 Mar 2 04:38:23.287 UTC Error Interface Dot11Radio0, changed state to up  
10 Mar 2 04:38:23.286 UTC Warning Interface Dot11Radio0, Associated To AP Root ******************* [None]  
11 Mar 2 04:38:23.042 UTC Error Interface Dot11Radio0, changed state to down  
12 Mar 2 04:38:23.040 UTC Warning Interface Dot11Radio0, parent lost: Received deauthenticate (23) 23  
13 Mar 2 04:37:53.041 UTC Error Interface Dot11Radio0, changed state to up  
14 Mar 2 04:37:53.041 UTC Warning Interface Dot11Radio0, Associated To AP Root ******************* [None]  
15 Mar 2 04:37:52.230 UTC Error Interface Dot11Radio0, changed state to down  
16 Mar 2 04:37:52.228 UTC Warning Interface Dot11Radio0, parent lost: Received deauthenticate (23) 23  
17 Mar 2 04:37:22.229 UTC Error Interface Dot11Radio0, changed state to up  
18 Mar 2 04:37:22.228 UTC Warning Interface Dot11Radio0, Associated To AP Root ******************* [None]  
19 Mar 2 04:37:21.692 UTC Error Interface Dot11Radio0, changed state to down  
20 Mar 2 04:37:21.690 UTC Warning Interface Dot11Radio0, parent lost: Received deauthenticate (23) 23  

Open in new window

Config.txt
0
 
amprantiCommented:
A fast way to solve your probem is:

conf t
dot11 ssid CONNECT
   authentication shared

Are you sure that aaa server 192.168.0.1 is working?
0
 
amprantiCommented:
However, checking again the logs this isnt an authentication error!
This is due to some connectivity issue; wireless is subject to many and random radio interference problems, which can cause disconnections.

Can you check that your antenna havent been moved?
I dont know if it possible to check the frenzel zone for an 20km link!!
0
 
shahzoorAuthor Commented:
yes i think so
beacuse before i had different settings and i was able to ping from Roo to nonRoot and vice versa. Packet loss was also minimum but it was disconnecting.
But its just giving me Authentication Failed as u can see in log :(
0
 
shahzoorAuthor Commented:
are you sure there is nothing wrong in the configurations ??
0
 
shahzoorAuthor Commented:
antenna didint move bcz with same direction and everything i was able to ping b4 but the data transfer was not possible. But now i am not even able to ping :(
0
 
amprantiCommented:
For me looks like an RF problem
20km is huge distance for a wireless link, and its functionality depends on many, easy to change, factors. In a 20km link, a few cm is huge change to antenna aligment

- Try to reboot AP to both sides.
- Try to change channel to "root bridge" AP.
- Create a new SSID, with no security /authentication and check if ti works. If does work, then increase security step by step, and check where is the error.

Check that both sides configuration hasnt been altered (i see default usernames and default snmp communities).
0
 
shahzoorAuthor Commented:
rebooted AP = no difference
changed channel = no difference
SSID = checking now
will check the alignment as well
0
 
shahzoorAuthor Commented:
HI ampranti
                   I have deleted the SSID and created a new one. This time i configured it with minimum configurations having WEP Mandatory only. Now i can ping Root from Non Root.
Still i am getting some strange log. Deviced are associated. Please check and let me know whats wrong.I am attaching the config as well as the log of both bridges
ROOT BRIDGE 
===========
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ROOT
!
logging buffered 3545584 debugging
no logging console
enable secret 5 **********************
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
!
aaa group server radius rad_eap2
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
dot11 activity-timeout unknown default 10
dot11 activity-timeout client default 10 maximum 100000
dot11 activity-timeout workgroup-bridge default 10 maximum 100000
dot11 activity-timeout bridge default 10 maximum 100000
!
dot11 ssid CONNECT
   authentication open
   guest-mode
   infrastructure-ssid
!
!
!
dot1x timeout reauth-period server
username Cisco privilege 15 password 7 ************************
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 ************************* transmit-key
 encryption mode wep mandatory
 !
 ssid CONNECT
 !
 countermeasure tkip hold-time 0
 speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48
.0 basic-54.0
 channel 5805
 station-role root bridge
 rts threshold 4000
 cca 15
 concatenation
 distance 20
 beacon privacy guest-mode
 infrastructure-client
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.12.2 255.255.255.0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging history size 500
snmp-server community defaultCommunity RW
radius-server local
  no authentication eapfast
  no authentication mac
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
 
LOG AT ROOT
===========
1 Mar 15 23:55:47.356 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
2 Mar 15 23:55:47.266 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
3 Mar 15 23:52:06.981 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
4 Mar 15 23:52:06.359 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
5 Mar 15 23:50:55.789 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
6 Mar 15 23:50:55.671 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
7 Mar 15 23:50:22.529 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Associated KEY_MGMT[NONE]  
8 Mar 15 23:50:22.501 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
9 Mar 15 23:49:43.044 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
10 Mar 15 23:49:42.957 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
11 Mar 15 23:48:51.048 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
12 Mar 15 23:48:51.022 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
13 Mar 15 23:41:04.975 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
14 Mar 15 23:41:04.912 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
15 Mar 15 23:40:13.922 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
16 Mar 15 23:40:13.887 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
17 Mar 15 23:39:47.138 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Reassociated KEY_MGMT[NONE]  
18 Mar 15 23:39:47.106 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
19 Mar 15 23:38:07.880 UTC Information Interface Dot11Radio0, Station NonRoot 
 
******************* Associated KEY_MGMT[NONE]  
20 Mar 15 23:38:07.844 UTC Information Interface Dot11Radio0, Deauthenticating 
 
Station ******************* Reason: Sending station has left the BSS  
 
 
 
 
 
Non Root Bridge
===============
Current configuration : 2447 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname xRB_DCC
!
no logging console
enable secret 5 *******************
!
ip subnet-zero
ip dhcp excluded-address 10.0.0.1 10.0.0.10
!
ip dhcp pool local-default-pool
   network 10.0.0.0 255.255.255.224
   default-router 10.0.0.1
   lease 0 0 1
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
no dot11 igmp snooping-helper
dot11 activity-timeout client maximum 100000
dot11 activity-timeout repeater maximum 100000
dot11 activity-timeout workgroup-bridge maximum 100000
dot11 activity-timeout bridge maximum 100000
!
dot11 ssid CONNECT
   authentication open
   guest-mode
   infrastructure-ssid
!
!
!
dot1x timeout reauth-period server
username Cisco privilege 15 password 7 *****************
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 ************************8 transmit-key
 encryption mode wep mandatory
 !
 ssid CONNECT
 !
 countermeasure tkip hold-time 0
 speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
 station-role non-root bridge
 rts threshold 4000
 concatenation
 infrastructure-client
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 hold-queue 80 in
!
interface BVI1
 ip address 192.168.12.3 255.255.255.0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
snmp-server community defaultCommunity RW
radius-server local
  user NonRoot nthash 7 *************************************
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
 
LOG AT NONROOT
===============
1 Mar 1 00:15:07.420 UTC Notification Line protocol on Interface Dot11Radio0, 
 
changed state to up  
2 Mar 1 00:15:06.419 UTC Error Interface Dot11Radio0, changed state to up  
3 Mar 1 00:15:06.419 UTC Warning Interface Dot11Radio0, Associated To AP ROOT 
 
******************** [None]  
4 Mar 1 00:15:05.782 UTC Notification Line protocol on Interface Dot11Radio0, 
 
changed state to down  
5 Mar 1 00:15:04.782 UTC Error Interface Dot11Radio0, changed state to down  
6 Mar 1 00:15:04.780 UTC Warning Interface Dot11Radio0, parent lost: Too many 
 
retries  
7 Mar 1 00:14:34.163 UTC Notification Line protocol on Interface Dot11Radio0, 
 
changed state to up  
8 Mar 1 00:14:33.163 UTC Error Interface Dot11Radio0, changed state to up  
9 Mar 1 00:14:33.163 UTC Warning Interface Dot11Radio0, Associated To AP ROOT 
 
******************** [None]  
10 Mar 1 00:14:32.990 UTC Warning Interface Dot11Radio0, cannot associate: Rcvd 
 
response from ******************** channel 161 16668  
11 Mar 1 00:14:31.612 UTC Notification Line protocol on Interface Dot11Radio0, 
 
changed state to down  
12 Mar 1 00:14:30.989 UTC Warning Interface Dot11Radio0, cannot associate: No 
 
Response  
13 Mar 1 00:14:30.613 UTC Error Interface Dot11Radio0, changed state to down  
14 Mar 1 00:13:53.681 UTC Error Interface Dot11Radio0, changed state to up  
15 Mar 1 00:13:53.680 UTC Warning Interface Dot11Radio0, Associated To AP ROOT 
 
******************** [None]  
16 Mar 1 00:13:53.213 UTC Error Interface Dot11Radio0, changed state to down  
17 Mar 1 00:13:53.211 UTC Warning Interface Dot11Radio0, parent lost: Too many 
 
retries  
18 Mar 1 00:13:02.741 UTC Notification Line protocol on Interface Dot11Radio0, 
 
changed state to up  
19 Mar 1 00:13:01.739 UTC Error Interface Dot11Radio0, changed state to up  
20 Mar 1 00:13:01.737 UTC Warning Interface Dot11Radio0, Associated To AP ROOT 
 
******************** [None]  

Open in new window

0
 
amprantiCommented:
5 Mar 1 00:15:04.782 UTC Error Interface Dot11Radio0, changed state to down  
6 Mar 1 00:15:04.780 UTC Warning Interface Dot11Radio0, parent lost: Too many retries  
The SNR for this link isnt too good

Please give us the output of " sh dot11 association <MAC>" while link is connected



0
 
shahzoorAuthor Commented:
SSID [CONNECT] :
MAC Address    IP address      Device        Name            Parent         Stat
*************       192.168.12.3    bridge        NonRoot         self           Associated

SSID [CONNECT] :
MAC Address    IP address      Device        Name            Parent         Stat
***********         192.168.12.2    br1410        ROOT                -         Associated
0
 
amprantiCommented:
sh dot11 association <MAC> , replace MAC with the real MAC adderss... It shows the signal of the link
0
 
shahzoorAuthor Commented:
i tried
NonRoot#sh dot11 association "added mac address"\
but it showed me nothing
came back to
NonRoot#
prommpt
0
 
amprantiCommented:
If shows nothing then when you did it the client wasnt connected....
Just to be sure the <MAC address> is the MAC of the device on the other side..

For example:

1111.x.x.1111 <..........................> 2222.x.x.2222

If you are to 1111.x.x.1111 do:

sh dot11 assoc 2222.x.x.2222
0
 
shahzoorAuthor Commented:
as i told u earlier that i have recreated SSID etc and then i was able to ping Root from Non Root and vice versa.
Few hours ago i  did the realignment of the device as well and have changed IP addresses.
The associations log as requested by you is pasted below. Just to remind the log is taken after the alignment

Root#show dot11 associations *******************
Address           : *******************     Name             : NonRoot
IP Address        : 192.168.12.13      Interface        : Dot11Radio 0
Device            : bridge             Software Version : 12.3
CCX Version       : NONE               Client MFP       : Off
 
State             : Assoc              Parent           : self
SSID              : CONNECT
VLAN              : 0
Hops to Infra     : 1                  Association Id   : 1
Clients Associated: 1                  Repeaters associated: 0
Tunnel Address    : 0.0.0.0
Key Mgmt type     : NONE               Encryption       : WEP
Current Rate      : 36.0               Capability       : WMM
Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates       : disabled
Signal Strength   : -81  dBm           Connected for    : 318 seconds
Signal to Noise   : 10  dB            Activity Timeout : 29 seconds
Power-save        : Off                Last Activity    : 1 seconds ago
Apsd DE AC(s)     : NONE
 
Packets Input     : 1100               Packets Output   : 625
Bytes Input       : 512238             Bytes Output     : 80540
Duplicates Rcvd   : 0                  Data Retries     : 305
Decrypt Failed    : 0                  RTS Retries      : 0
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0
 
 
 
NonRoot#show dot11 associations *******************
Address           : *******************     Name             : Root
IP Address        : 192.168.12.12      Interface        : Dot11Radio 0
Device            : br1410             Software Version : 12.4
CCX Version       : NONE
 
State             : Assoc              Parent           : Our Parent
SSID              : CONNECT           VLAN             : 0
Hops to Infra     : 0                  Association Id   : 3
Tunnel Address    : 0.0.0.0
Key Mgmt type     : NONE               Encryption       : WEP
Current Rate      : 18.0               Capability       : WMM
Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates       : disabled
Signal Strength   : -82  dBm           Connected for    : 260 seconds
Signal to Noise   : 9   dBm            Activity Timeout : 15 seconds
Power-save        : Off                Last Activity    : 0 seconds ago
Apsd DE AC(s)     : NONE
 
Packets Input     : 3014               Packets Output   : 1013
Bytes Input       : 417359             Bytes Output     : 499833
Duplicates Rcvd   : 0                  Data Retries     : 809
Decrypt Failed    : 0                  RTS Retries      : 25
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0
 
NonRoot#

Open in new window

0
 
amprantiCommented:
Signal Strength   : -81  dBm & -82dBm
At the moment i cant find the specs with the minimum required signal level, but i bet its close to its minimum.
I cant think something different,sorry :(
0
 
shahzoorAuthor Commented:
you think that the signal strength is still too low?
cant i do something in radio settings to increase it?
0
 
shahzoorAuthor Commented:
whats the best way to align the device to have excellent signals?
should i keep same configuration while adjusting the device till i get better signals?
rotating the device for strenght will require rebooting the device?
is there any tool available to check the signal strength before making it live?
0
 
amprantiCommented:
You can increase power or use antennas with higher gain (db)

whats the best way to align the device to have excellent signals?
Use access points to see signal, and align antennas until you find the optimal signal

should i keep same configuration while adjusting the device till i get better signals?
Yes
rotating the device for strenght will require rebooting the device?
No
is there any tool available to check the signal strength before making it live?
conf t
int dot 0
statrion-role scanner

(Maybe isnt available if you have old IOS)
Check this command reference:
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-chap2.html#wp2309478
0
 
shahzoorAuthor Commented:
thanks ampranti
you have been such a great help
i will do the alignment part one again and will let you know
What are the recommended radio settings for Root Bridge through Web Interface?
the  best signal strength can be considered between what range ?
0
 
amprantiCommented:
Depends on your antennas, power etc...
-70 i think will be  ideal for 20km link....
0
 
shahzoorAuthor Commented:
hi
even after getting -79dbm strength i a m getting following logs at Root and Non Root
Is it bcz of poor signal strength?

Root Log
========
Information       Interface Dot11Radio0, Station NonRoot ************ Associated KEY_MGMT[NONE]  
Information       Interface Dot11Radio0, Deauthenticating Station ********** Reason: Sending station has left the BSS  


NonRoot Log
===========
Notification      Line protocol on Interface Dot11Radio0, changed state to up  
Error             Interface Dot11Radio0, changed state to up  
0
 
shahzoorAuthor Commented:
i have still made the device functional and to my astonishment the ping response is 1-5ms only :)
its working perfect
1 - Please let me know about the log i posted above, if slow signal strength mught create a problem in future, though the delay is 1-5ms on average.

2 - For checking signal strength  u told me about
conf t
int dot 0
statrion-role scanner

i am not able to use it :( since i am not a pro
please explain it and we will close this thread :)

i am really thankful to you and the support u provided. I learnt a lot from you :)
0
 
amprantiCommented:
1) If the signal dont get worse , you will not have any problem.
You may see some changes (depending on humidity etc) but should be ok.

2) Probably you need a newer IOS version
0
 
shahzoorAuthor Commented:
If there was a rating Higher than "A", i would have definately given it to Mr. Ampranti.  Really thankful for all the support and guidance. All tip and suggestions given were perfect and really helped me out in configuring the device. THANKS A LOT  :) May God Bless You
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 16
  • 12
Tackle projects and never again get stuck behind a technical roadblock.
Join Now