Solved

Configuring Cisco SAP2602 as a repeater

Posted on 2013-10-26
8
2,256 Views
Last Modified: 2013-10-26
I have a Cisco 2602 that I am trying to setup as a repeater. I haven't been able to find much documentation on setting it up as a repeater, so I'm not even sure if it's possible. I found how to configure a AP as a repeater on Cisco.com and try to do it on this AP, but I keep getting an error that states "DOT11-4-NO_SSID_OR_NO_VLAN: No SSID configured".

I believe this error is because the SSID doesn't have encryption enabled in the dot11radio interface. The config is as follows:

repeater#sh run
Building configuration...

Current configuration : 1825 bytes
!
! Last configuration change at 00:35:35 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname repeater
!
logging rate-limit console 9
enable secret 5 $1$o8sc$PekxgNDvnsGvyxAoPdk4X0
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
[b]dot11 ssid QuietDevens
   vlan 16
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 14141707180D29387470[/b]
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 106D000A0618
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm
 !
 [b]ssid QuietDevens
 ![/b]
 antenna gain 0
 parent 1 c08c.6024.cd6c
 station-role repeater
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 ip address 10.31.16.10 255.255.252.0
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end

Open in new window


I think the bolded parts are the issue. The dott11radio 0 should have the authentication in it, but when I go to set it it won't accept the authentication open or management-key commands. Example:

repeater(config)#int dot11 0
repeater(config-if)#ssid QuietDevens
repeater(config-if)#authentication open
                                 ^
% Invalid input detected at '^' marker.

repeater(config-if)#

Open in new window


I'm following steps from this article on Cisco - http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/scg12.4.25d.JA-chap19-wgb-standby.html
       
Command
Purpose
Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface dot11radio { 0 | 1 }

Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.

Step 3 

ssid ssid-string

Create an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive.

Step 4 

authentication open

Enable open authentication for the SSID.

Step 5 

authentication key-management wpa

Enable WPA authenticated key management for the SSID.

Step 6 

infrastructure ssid

Designate the SSID as the SSID that the repeater uses to associate to other access points.

Step 7 

wpa-psk { hex | ascii } [ 0 | 7 ] encryption-key

Enter a pre-shared key for the repeater.

Enter the key using either hexadecimal or ASCII characters. If you use hexadecimal, you must enter 64 hexadecimal characters to complete the 256-bit key. If you use ASCII, you must enter from 8 to 63 ASCII characters, and the access point expands the key for you.

Step 8 

end

Return to privileged EXEC mode.

Step 9 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Open in new window

I'm under the assumption that this AP doesn't allow to be configured as a repeater. I may be missing something somewhere though, so I figured the experts may be able to help.

Thanks for any help you can provide on this.
0
Comment
Question by:QuietBot
  • 4
  • 3
8 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39602646
Your config is nearly correct.  I'm guessing you did the config in the CLI as there are no subinterfaces attached to the radios or the Ethernet interface.

You need something like this:

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm
 !
 ssid QuietDevens
 !
 antenna gain 0
 parent 1 c08c.6024.cd6c
 station-role repeater
!
interface Dot11Radio0.16
 encapsulation dot1Q 16
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
!
interface Dot11Radio1.16
 encapsulation dot1Q 16
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.16
 encapsulation dot1Q 16
 bridge-group 254
 bridge-group 254 spanning-disabled
 no bridge-group 254 source-learning
!

Open in new window

0
 
LVL 15

Assisted Solution

by:The_Warlock
The_Warlock earned 100 total points
ID: 39602651
It is possible to setup this device as a  repeater. Can you post  your ROOT AP config please?

Also, take a look here:

http://www.hh.se/download/18.35d0747c132a8c31258800067/LAB+Configuring+Repeater_probl.pdf
0
 

Author Comment

by:QuietBot
ID: 39602691
@The_Warlock

I was worried this may be my problem as well. This AP is setup as an atonomous AP, but the other's are connected through a Cisco 2500 Wireless Controller. Here is the config of the AP I'm trying to connect to:

interface Dot11Radio0
 antenna gain 0
 stbc
 mbssid
 speed  basic-5.5 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 power local 10
 power client local
 packet retries 64 drop-packet
 no cdp enable
!
interface Dot11Radio1
 antenna gain 0
 traffic-metrics aggregate-report
 stbc
 mbssid
 speed  basic-6.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 power local 8
 power client local
 packet retries 64 drop-packet
 no cdp enable
!
interface GigabitEthernet0
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address 10.31.16.16 255.255.252.0
!
ip default-gateway 10.31.16.1
ip forward-protocol nd
no ip http server
!
logging trap emergencies
logging origin-id string AP:c08c.6024.cd6c
logging facility kern
logging snmp-trap notifications
logging snmp-trap informational
logging snmp-trap debugging
logging 255.255.255.255
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line vty 0 4
 transport input all
line vty 5 15
 transport input all
!
end

Open in new window

0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 400 total points
ID: 39602693
You can't connect a repeater to an AP which is joined to a WLC.

To connect an autonomous AP to a lightweight AP you need to configure the autonomous AP in universal workgroup-bridge mode.  The problem with this though is that the autonomous AP won't repeat the signal, therefore it probably isn't going to do what you want it to do.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:QuietBot
ID: 39602695
@craigbeck

repeater(config)#do sh run
Building configuration...

Current configuration : 2563 bytes
!
! Last configuration change at 00:43:45 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname repeater
!
logging rate-limit console 9
enable secret 5 $1$o8sc$PekxgNDvnsGvyxAoPdk4X0
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid QuietDevens
   vlan 16
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 14141707180D29387470
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 106D000A0618
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm
 !
 ssid QuietDevens
 !
 antenna gain 0
 parent 1 c08c.6024.cd6c
 station-role repeater
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.16
 encapsulation dot1Q 16
 no ip route-cache
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.16
 encapsulation dot1Q 16
 no ip route-cache
 bridge-group 254
 bridge-group 254 subscriber-loop-control
 bridge-group 254 spanning-disabled
 bridge-group 254 block-unknown-source
 no bridge-group 254 source-learning
 no bridge-group 254 unicast-flooding
!
interface GigabitEthernet0
 ip address 10.31.16.10 255.255.252.0
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.16
 encapsulation dot1Q 16
 no ip route-cache
 bridge-group 254
 bridge-group 254 spanning-disabled
 no bridge-group 254 source-learning
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end

Open in new window


I added those commands to the config.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39602700
As per my last post, it won't work if your root AP is joined to a WLC.  You just can't repeat from a Cisco Lightweight AP.
0
 

Author Comment

by:QuietBot
ID: 39602775
Thanks Craig, that's exactly what I was worried about. Oh well, looks like I need to run some cable then.

Thanks for your help!
0
 

Author Closing Comment

by:QuietBot
ID: 39602777
Gave Craig 400 points and warlock 100 for his attempt to help. Appreciate the quick responses guys, thanks!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now