Solved

Configure a Cisco Aironet 1240AG repeater

Posted on 2010-09-16
5
5,478 Views
Last Modified: 2013-12-21
I have 2 Cisco Aironet 1240AG devices.  One is already configured as an access point with multiple vlans and SSID's.

I want to setup the 2nd device as a repeater and can't figure it out.

I have uploaded the two configs.  The AP is fully configured and working fine.  The repeater is where I am having difficulties.  What I am asking for is basically a written config for the repeater that will work with the AP.  I have removed IP address and changed some names of the SSIDs for security.

I am going to award the max amount of points that I can for this.

Please help.
CiscoAP.txt
repeater.txt
0
Comment
Question by:Mhorrocks1962
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:dusanm011
Comment Utility
First to answer your question from repeater.txt attachment.

Enter the MAC address for the access point to which the repeater should associate.
You can enter MAC addresses for up to four parent access points. The repeater attempts to associate to MAC address 1 first; if that access point does not respond, the repeater tries the next access point in its parent list.

Be carefull, if multiple BSSIDs are configured on the parent access point, the MAC address for the parent might change if a BSSID on the parent is added or deleted.
(Optional) You can also enter a timeout value in seconds that determines how long the repeater attempts to associate to a parent access point before trying the next parent in the list. Enter a timeout value from 0 to 65535 seconds.
 Now question, what cind of difficulties do you have? Do they connect at all? You can check LED status ... It can explain a lot. Such as:
•The status LED on the root access point is steady green, indicating that at least one client device is associated with it (in this case, the repeater).
•The status LED on the repeater access point is steady green when it is associated with the root access point and the repeater has client devices associated to it. The repeater's status LED flashes (steady green for 7/8 of a second and off for 1/8 of a second) when it is associated with the root access point but the repeater has no client devices associated to it.
And more to it the repeater access point should also appear as associated with the root access point in the root access point's Association Table.
 
I hope it will help you.
Regards.
0
 

Author Comment

by:Mhorrocks1962
Comment Utility
Thanks for your response.  UPDATE:  Repeater is working and talking to the AP.  My question is now, I realize that you can't configure multiple VLANs on the repeater and that it supports only the native vlan on the AP.

My AP is configured for multiple VLANs (3) 90,100, and 250 setup with different ssid's.  How can I use the repeater to connect to the other vlans on the AP to pull the appropriate IP?  Is this even possible.

You still have my config for the AP, I am including the new repeater config.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname REPEATER
!
enable secret 5 (removed)
!
no aaa new-model
!
!
!
dot11 ssid IT
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 (removed)
   admit-traffic
!
dot11 ssid MGMT
   authentication open
   authentication key-management wpa
   infrastructure-ssid
   wpa-psk ascii 7 (removed)
!
dot11 ssid VISITOR
!
power inline negotiation prestandard source
!
!
username Cisco password 7 (removed)
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 ssid IT
 !
 ssid MGMT
 !
 ssid VISITOR
 !
 parent 1 (removed)
 station-role repeater
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address (removed)
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end
0
 
LVL 4

Accepted Solution

by:
dusanm011 earned 500 total points
Comment Utility
Well yes it is truth that you can not setup multiple VLANs on the repeater and that it supports only the native vlan on the AP.But you may want to look in the way how do you setup your SSID's.

Among other things like VLAN, client authentication method, maximum number of client associations using the SSID, RADIUS accounting for traffic using the SSID, guest mode there is a repeater mode, where you shold include authentication username and password.

So, if your access point will be a repeater or will be a root access point that acts as a parent for a repeater, you can set up an SSID for use in repeater mode. You can assign an authentication username and password to the repeater-mode SSID to allow the repeater to authenticate to your network like a client device.
If your network uses VLANs, you can assign one SSID to a VLAN, and client devices using the SSID are grouped in that VLAN.

And that leaves just setting up  repeater to connect to parent AP through these credential to become member of some VLAN or VLAN's. I would suggest you to go for settup a repeater as a LEAP client.

command:
 authentication network-eap
list-name
- enables LEAP authentication on the repeater so that LEAP-enabled client devices can authenticate through the repeater. For list-name, specify the list name you want to use for EAP authentication. You define list names for EAP and for MAC addresses using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored

and command
authentication client username
username
password password

Configure the username and password that the repeater uses when it performs LEAP authentication. This username and password must match the username and password that you set up for the repeater on the authentication server.


Nevertheless, DO NOT FORGET that you should use repeater to serve ONLY  client devices that do not require high throughput. Repeaters extend the coverage area of your wireless LAN, but they drastically reduce throughput.

I hope it helps.

Regards.
0
 

Author Comment

by:Mhorrocks1962
Comment Utility
here are both of my configs.  I need to be able to get a separate ID for each SSID (there are three), I don't want to setup additional equipment because the company won't dish out any money.  The AP is fine, I get a separate IP for each ssid.  The Repeater only gives out the IP for ssid SLI-MGMT.

CONFIG for AP:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname sli-wap1
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
!
!
!
dot11 ssid SLI-IT
   vlan 90
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 06420231144A5C110C10544D5E403B26
!
dot11 ssid SLI-MGMT
   vlan 100
   authentication open
   authentication key-management wpa
   infrastructure-ssid optional
   wpa-psk ascii 7 065E18794B165F010641161314477C15
!
dot11 ssid SLI-VISITOR
   vlan 250
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 0045400D055F1C0F5B3509185D4C5C00
!
power inline negotiation prestandard source
!
!
username Cisco privilege 15 password 7 051E105A734E1E2F14
username psuydam privilege 15 password 7 113A0C0E1C421F
username mhorrocks privilege 15 secret 5 $1$GiM.$jgNWZdUKccqg3.3yrI6.z1
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 90 mode ciphers tkip
 !
 encryption vlan 100 mode ciphers tkip
 !
 encryption vlan 250 mode ciphers tkip
 !
 ssid SLI-IT
 !
 ssid SLI-MGMT
 !
 ssid SLI-VISITOR
 !
 antenna gain 5
 station-role root access-point
!
interface Dot11Radio0.90
 encapsulation dot1Q 90
 no ip route-cache
 bridge-group 90
 bridge-group 90 subscriber-loop-control
 bridge-group 90 block-unknown-source
 no bridge-group 90 source-learning
 no bridge-group 90 unicast-flooding
 bridge-group 90 spanning-disabled
!
interface Dot11Radio0.100
 encapsulation dot1Q 100 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.250
 encapsulation dot1Q 250
 no ip route-cache
 bridge-group 250
 bridge-group 250 subscriber-loop-control
 bridge-group 250 block-unknown-source
 no bridge-group 250 source-learning
 no bridge-group 250 unicast-flooding
 bridge-group 250 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 90 mode ciphers tkip
 !
 encryption vlan 100 mode ciphers tkip
 !
 encryption vlan 250 mode ciphers tkip
 !
 ssid SLI-IT
 !
 ssid SLI-MGMT
 !
 ssid SLI-VISITOR
 !
 dfs band 3 block
 channel dfs
 station-role root access-point
!
interface Dot11Radio1.90
 encapsulation dot1Q 90
 no ip route-cache
 bridge-group 90
 bridge-group 90 subscriber-loop-control
 bridge-group 90 block-unknown-source
 no bridge-group 90 source-learning
 no bridge-group 90 unicast-flooding
 bridge-group 90 spanning-disabled
!
interface Dot11Radio1.100
 encapsulation dot1Q 100 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.250
 encapsulation dot1Q 250
 no ip route-cache
 bridge-group 250
 bridge-group 250 subscriber-loop-control
 bridge-group 250 block-unknown-source
 no bridge-group 250 source-learning
 no bridge-group 250 unicast-flooding
 bridge-group 250 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 speed 100
 full-duplex
!
interface FastEthernet0.90
 encapsulation dot1Q 90
 no ip route-cache
 bridge-group 90
 no bridge-group 90 source-learning
 bridge-group 90 spanning-disabled
!
interface FastEthernet0.100
 encapsulation dot1Q 100 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.250
 encapsulation dot1Q 250
 no ip route-cache
 bridge-group 250
 no bridge-group 250 source-learning
 bridge-group 250 spanning-disabled
!
interface BVI1
 ip address 10.160.11.250 255.255.254.0
 no ip route-cache
!
ip default-gateway 10.160.10.254
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end


REPEATER Config:

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SLI-REPEATER
!
enable secret 5 $1$uh7q$0gDKqz2C660uxj9Buo1oP0
!
no aaa new-model
!
!
!
dot11 ssid SLI-MGMT
   authentication open
   authentication key-management wpa
   guest-mode
   infrastructure-ssid
   wpa-psk ascii 7 025E13030C5E59394F180D011D544435
!
power inline negotiation prestandard source
!
!
username Cisco password 7 05280F1C2243
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 ssid SLI-MGMT
 !
 parent 1 001d.e581.74d0
 station-role repeater
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.160.11.251 255.255.254.0
 no ip route-cache
!
ip default-gateway 10.160.10.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end
0
 

Author Closing Comment

by:Mhorrocks1962
Comment Utility
Thanks for responding.  I was looking for a written config file that I could use, but your answer was spot on.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now