Solved

Cisco Aironet 1130AG configuration advice needed

Posted on 2013-06-28
4
370 Views
Last Modified: 2015-01-29
I have 3 Cisco Aironet 1130AG series access points in autonomous mode and would like to ask you for your advice on best ways to configure to provide coverage in a three storey house and garden log cabin.

So far what I've come across is ways to:
configure an additional access point as repeater, which affects the bandwidth available;
configure WDS, which would allow for seamless migration to next infrastructure AP etc.

First of all am I on the right path here in thinking WDS is what I should be looking at? the person who will be living there constantly walks while on the phone thus it is imperative that connections do not drop when he is using VoIP softphones :)

I have so far experimented with this cisco example where one aironet is configured as WDS AP acting as the RADIUS server and rest are configured as Infrastructure APs:
Wireless Domain Services AP as an AAA Server Configuration Example
So far my Infra APs register with the WDS AP, but I have not been able to make the SSIDs visible...

Either way am I on the right track here WDS wise and if not how should I be considering doing this?

Thanks in advance
0
Comment
Question by:ee-gd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39286451
WDS is absolutely the way to go.

Can you post a config from the WDS AP which is acting as the Local RADIUS server?
0
 

Author Comment

by:ee-gd
ID: 39289544
Thanks.

here are the configs:

ag-wds-ap#sh run
Building configuration...

Current configuration : 3015 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ag-wds-ap
!
logging rate-limit console 9
enable secret 5 $1$xhCn$t0BSh**HrD.
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius Infrastructure
 server 192.168.1.201 auth-port 1812 acct-port 1813
!
aaa group server radius Clients
 server 192.168.1.201 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login method_Infrastructure group Infrastructure
aaa authentication login method_Clients group Clients
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
no ip domain lookup
!
!
dot11 syslog
!
!
username Cisco password 7 1531**F0725
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 description ----- Bridge to internal LAN -----
 ip address 192.168.1.201 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
  no authentication eapfast
  no authentication mac
  nas 192.168.1.201 key 7 106F05090D565**0327250F2130275209
  user infrastructureAP1 nthash 7 12385531465F542672080670600143213551**557000628554941080D7405
  user infrastructureAP2 nthash 7 144730585A277E73710A15610251375659077**850D54494F787E74720B76
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.201 auth-port 1812 acct-port 1813 key 7 13241B02034D051922232**4010213420F
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp authentication-server infrastructure method_Infrastructure
wlccp authentication-server client leap method_Clients
wlccp wds priority 254 interface BVI1
!
line con 0
line vty 0 4
!
end

Open in new window


and the infrastructure one that shows as registered:
ag-wds-ap#show wlccp wds ap
  HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
 ag-infra-ap1                     001b.d561.503a  192.168.1.202   REGISTERED
ag-wds-ap#

ag-infra-ap1#sh run
Building configuration...

Current configuration : 1921 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ag-infra-ap1
!
logging rate-limit console 9
enable secret 5 $1$lF**/
!
no aaa new-model
no ip domain lookup
!
!
dot11 syslog
!
dot11 ssid Cisco123
   authentication network-eap eap_methods
!
!
!
username Cisco password 7 1**3
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 26061D6**C978330C1A84 transmit-key
 encryption mode wep mandatory
 !
 ssid Cisco123
 !
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 !
 encryption key 1 size 128bit 7 9823F25A0AB8F0B7**8BBEA transmit-key
 encryption mode wep mandatory
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 description ----- Bridge to internal LAN -----
 ip address 192.168.1.202 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
wlccp ap username infrastructureAP1 password 7 122A0C101**93D141242
!
line con 0
line vty 0 4
 login local
!
end

Open in new window

0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39290131
To show the SSID name in the broadcast:

dot11 ssid Cisco123
   authentication network-eap eap_methods
   guest-mode
0
 

Author Comment

by:ee-gd
ID: 39292947
thanks this made the SSID visible, but i am not able to connect to it.

In the WDS guide I followed they used WEP - does WDS support something better that WEP?
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question