Avatar of HornAlum
HornAlum
Flag for United States of America asked on

Setting up a new Cisco Aironet 1142 with WPA2

Just bought 3 1142 standalone AP's to replace 3 older Cisco AP's. My knowledge of Cisco is intermediate, at best. Need some help getting these configured. I used another thread from someone else who was trying to set up WPA2, but i could not get my devices to connect to the SSID i set up, so i decided to do a factory reset and start over. Maybe it was because i tried it from the GUI first, then from the CLI, because i couldn't choose WPA2 from the express setup.

I can pull up the GUI, and can also hyperterminal into the AP.

Native VLAN is VLAN 1 on my switch. I trunked the port on the switch side, as i do plan on having more than one SSID, which will be on seperate VLAN's. I'm trying to set up the primary SSID first, that would be on VLAN 1



this is what I did originally:

conf t
dot11 ssid companyname
 authentication open
 authentication key-management wpa version 2
 guest-mode
 wpa-psk ascii <password key here>
 exit

int dot11radio0
 encryption mode ciphers aes-ccm
 ssid companyname
 no shutdown
 exit

int dot11radio1
 encryption mode ciphers aes-ccm
 ssid companyname
 no shutdown
 exit
exit

I could see this SSID being broadcast, but could not connect from any device ... phone, notebook, ipad.

As I said, I did a factory reset because maybe something is super screwed up now.

What am I doing wrong? someone walk me through this from scratch, keeping in mind i want to add another SSID eventually on a different VLAN?
Wireless NetworkingNetworking Hardware-OtherWireless Hardware

Avatar of undefined
Last Comment
HornAlum

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
rauenpc

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
HornAlum

ASKER
I want to set up WPA2 personal ... not enterprise. don't have a radius/authentication server. the first article points at enterprise mode. will this sitll work? I'm assuming the second article describes the bridging/sub-ints?
HornAlum

ASKER
I seem to have gotten it working. I've gotten both an iPad and a notebook PC to connect

Rauenpc, your suggestion about using sub-interfaces was helpful. As I stated, i did the factory wipe and this time, i created the ssid, but also created the subinterfaces on the gigabit interface, as well as sub interfaces on the radio as well. I've only created one SSID so far, but that is working and I can connect to it.

I didn't native tag anything when i set it up, but it seems to have done it anyway. i thought that may have been why it wasn't working. Probably more so because i wasn't properly setting the radio with the neccessary encapsulation tags (even though I still don't know what that line does)

Between the config in that example link you sent and the one in this thread (https://www.experts-exchange.com/Hardware/Networking_Hardware/Wireless/Access_Points/802.11_Wireless/Q_24652704.html), i was able to get it working.

this has been yet another crash course in cisco configs

Here's my config
hostname SHC-CAP-MAIN
!
enable secret 5 $1$nVJI$.MeNA8GpG7aUzcfTf19Si/
!
no aaa new-model
clock timezone Central -6
clock summer-time UTC recurring
!
!
dot11 mbssid
dot11 syslog
!
dot11 ssid SHC-WiFi
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 05180E0C35495D1D100B10
!
!
!
username Cisco password 7 0802455D0A16
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid SHC-WiFi
!
antenna gain 0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid SHC-WiFi
!
antenna gain 0
dfs band 3 block
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache

Open in new window

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck