[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2546
  • Last Modified:

Configuring Cisco SAP2602 as a repeater

I have a Cisco 2602 that I am trying to setup as a repeater. I haven't been able to find much documentation on setting it up as a repeater, so I'm not even sure if it's possible. I found how to configure a AP as a repeater on Cisco.com and try to do it on this AP, but I keep getting an error that states "DOT11-4-NO_SSID_OR_NO_VLAN: No SSID configured".

I believe this error is because the SSID doesn't have encryption enabled in the dot11radio interface. The config is as follows:

repeater#sh run
Building configuration...

Current configuration : 1825 bytes
!
! Last configuration change at 00:35:35 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname repeater
!
logging rate-limit console 9
enable secret 5 $1$o8sc$PekxgNDvnsGvyxAoPdk4X0
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
[b]dot11 ssid QuietDevens
   vlan 16
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 14141707180D29387470[/b]
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 106D000A0618
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm
 !
 [b]ssid QuietDevens
 ![/b]
 antenna gain 0
 parent 1 c08c.6024.cd6c
 station-role repeater
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 ip address 10.31.16.10 255.255.252.0
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end

Open in new window


I think the bolded parts are the issue. The dott11radio 0 should have the authentication in it, but when I go to set it it won't accept the authentication open or management-key commands. Example:

repeater(config)#int dot11 0
repeater(config-if)#ssid QuietDevens
repeater(config-if)#authentication open
                                 ^
% Invalid input detected at '^' marker.

repeater(config-if)#

Open in new window


I'm following steps from this article on Cisco - http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/scg12.4.25d.JA-chap19-wgb-standby.html
       
Command
Purpose
Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface dot11radio { 0 | 1 }

Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.

Step 3 

ssid ssid-string

Create an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive.

Step 4 

authentication open

Enable open authentication for the SSID.

Step 5 

authentication key-management wpa

Enable WPA authenticated key management for the SSID.

Step 6 

infrastructure ssid

Designate the SSID as the SSID that the repeater uses to associate to other access points.

Step 7 

wpa-psk { hex | ascii } [ 0 | 7 ] encryption-key

Enter a pre-shared key for the repeater.

Enter the key using either hexadecimal or ASCII characters. If you use hexadecimal, you must enter 64 hexadecimal characters to complete the 256-bit key. If you use ASCII, you must enter from 8 to 63 ASCII characters, and the access point expands the key for you.

Step 8 

end

Return to privileged EXEC mode.

Step 9 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Open in new window

I'm under the assumption that this AP doesn't allow to be configured as a repeater. I may be missing something somewhere though, so I figured the experts may be able to help.

Thanks for any help you can provide on this.
0
QuietBot
Asked:
QuietBot
  • 4
  • 3
2 Solutions
 
Craig BeckCommented:
Your config is nearly correct.  I'm guessing you did the config in the CLI as there are no subinterfaces attached to the radios or the Ethernet interface.

You need something like this:

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm
 !
 ssid QuietDevens
 !
 antenna gain 0
 parent 1 c08c.6024.cd6c
 station-role repeater
!
interface Dot11Radio0.16
 encapsulation dot1Q 16
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
!
interface Dot11Radio1.16
 encapsulation dot1Q 16
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.16
 encapsulation dot1Q 16
 bridge-group 254
 bridge-group 254 spanning-disabled
 no bridge-group 254 source-learning
!

Open in new window

0
 
Robert Sutton JrSenior Network ManagerCommented:
It is possible to setup this device as a  repeater. Can you post  your ROOT AP config please?

Also, take a look here:

http://www.hh.se/download/18.35d0747c132a8c31258800067/LAB+Configuring+Repeater_probl.pdf
0
 
QuietBotAuthor Commented:
@The_Warlock

I was worried this may be my problem as well. This AP is setup as an atonomous AP, but the other's are connected through a Cisco 2500 Wireless Controller. Here is the config of the AP I'm trying to connect to:

interface Dot11Radio0
 antenna gain 0
 stbc
 mbssid
 speed  basic-5.5 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 power local 10
 power client local
 packet retries 64 drop-packet
 no cdp enable
!
interface Dot11Radio1
 antenna gain 0
 traffic-metrics aggregate-report
 stbc
 mbssid
 speed  basic-6.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 power local 8
 power client local
 packet retries 64 drop-packet
 no cdp enable
!
interface GigabitEthernet0
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address 10.31.16.16 255.255.252.0
!
ip default-gateway 10.31.16.1
ip forward-protocol nd
no ip http server
!
logging trap emergencies
logging origin-id string AP:c08c.6024.cd6c
logging facility kern
logging snmp-trap notifications
logging snmp-trap informational
logging snmp-trap debugging
logging 255.255.255.255
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line vty 0 4
 transport input all
line vty 5 15
 transport input all
!
end

Open in new window

0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
Craig BeckCommented:
You can't connect a repeater to an AP which is joined to a WLC.

To connect an autonomous AP to a lightweight AP you need to configure the autonomous AP in universal workgroup-bridge mode.  The problem with this though is that the autonomous AP won't repeat the signal, therefore it probably isn't going to do what you want it to do.
0
 
QuietBotAuthor Commented:
@craigbeck

repeater(config)#do sh run
Building configuration...

Current configuration : 2563 bytes
!
! Last configuration change at 00:43:45 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname repeater
!
logging rate-limit console 9
enable secret 5 $1$o8sc$PekxgNDvnsGvyxAoPdk4X0
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid QuietDevens
   vlan 16
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 14141707180D29387470
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 106D000A0618
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm
 !
 ssid QuietDevens
 !
 antenna gain 0
 parent 1 c08c.6024.cd6c
 station-role repeater
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.16
 encapsulation dot1Q 16
 no ip route-cache
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.16
 encapsulation dot1Q 16
 no ip route-cache
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface GigabitEthernet0
 ip address 10.31.16.10 255.255.252.0
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.16
 encapsulation dot1Q 16
 no ip route-cache
 bridge-group 254
 bridge-group 254 spanning-disabled
 no bridge-group 254 source-learning
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end

Open in new window


I added those commands to the config.
0
 
Craig BeckCommented:
As per my last post, it won't work if your root AP is joined to a WLC.  You just can't repeat from a Cisco Lightweight AP.
0
 
QuietBotAuthor Commented:
Thanks Craig, that's exactly what I was worried about. Oh well, looks like I need to run some cable then.

Thanks for your help!
0
 
QuietBotAuthor Commented:
Gave Craig 400 points and warlock 100 for his attempt to help. Appreciate the quick responses guys, thanks!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now