Aironet 2600 only reaches 54Mbps even though it is configured for WPA2-Personal PSK AES with WMM
We recently upgraded our AP's to the Aironet 2600. We were using WEP authentication, which we found out will not let you utilize the full speed of 802.11n. We do not have a RADIUS server. We only want to use the 2.4 band.
I read that in order to get the higher speeds without using a RADIUS server, that we would need to use WPA2-PSK-Personal with AES encryption and enable WMM. I made the configuration changes to a test AP, but I am still not getting a speed greater than 54Mbps. I am in the same room.
I don't know what else I am doing or not doing correctly. Below is my current test config:
!
! Last configuration change at 00:09:12 UTC Mon Mar 1 1993 by cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GENERICNAME
!
logging rate-limit console 9
enable secret 5 "SECRETSTRINGHASH"
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid GENERICSSID
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 "HEXNUMBERS"
!
crypto pki token default removal timeout 0
!
!
username GENERICUSERNAME password 7 "MOREHEXNUMBERS"
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid GENERICSSID
!
antenna gain 0
stbc
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
world-mode dot11d country-code US both
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no ip route-cache
!
ip default-gateway xxx.xxx.xxx.xxx
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/blahblahblah
bridge 1 route ip
!
!
!
CONSOLE and TERMINIAL CONFIG OMITTED
!
end
I read that in order to get the higher speeds without using a RADIUS server, that we would need to use WPA2-PSK-Personal with AES encryption and enable WMM. I made the configuration changes to a test AP, but I am still not getting a speed greater than 54Mbps. I am in the same room.
I don't know what else I am doing or not doing correctly. Below is my current test config:
!
! Last configuration change at 00:09:12 UTC Mon Mar 1 1993 by cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GENERICNAME
!
logging rate-limit console 9
enable secret 5 "SECRETSTRINGHASH"
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid GENERICSSID
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 "HEXNUMBERS"
!
crypto pki token default removal timeout 0
!
!
username GENERICUSERNAME password 7 "MOREHEXNUMBERS"
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid GENERICSSID
!
antenna gain 0
stbc
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
world-mode dot11d country-code US both
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no ip route-cache
!
ip default-gateway xxx.xxx.xxx.xxx
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/blahblahblah
bridge 1 route ip
!
!
!
CONSOLE and TERMINIAL CONFIG OMITTED
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do I need to remove any of the current lines in my config before trying your suggestion? Thanks by the way!
No, the code will delete everything from the 2.4GHz radio interface, and reconfigure the SSID and encryption.
No probs! Let me know how it goes :-)
No probs! Let me know how it goes :-)
ASKER
I'm gonna give it a try tomorrow. Thanks! Do I need to enable a MCS?
No it'll be enabled by default.
ASKER
I get the message below:
GENERICSSID(config)#defaul
not allowed on Dot11Radio0 interface
not allowed on Dot11Radio0 interface
%command not allowed, cannot remove bridge-group 1Cannot disable station-role
At least one rate required
GENERICSSID(config)#defaul
not allowed on Dot11Radio0 interface
not allowed on Dot11Radio0 interface
%command not allowed, cannot remove bridge-group 1Cannot disable station-role
At least one rate required
ASKER
I got it to work!
After issuing the default command which you gave me (Thank you!), even though it had wanted a rate, the radio was reset and left disabled. I went to the GUI and set it up the way I wanted, but it still did not work. I noticed that my computer saw the radio as 802.11g, so I tried to figure out how to make sure 802.11n was turned on. While doing that, under "Express Set-up" I came across a setting called "Optimize Radio Network for:" It had three options - throughput, range, default, and custom. I selected "throughput", and I could then connect as 802.11n at 144Mbs.
Does this sound appropriate?
Below is the config I wound up with. I also attached a picture of the setting that worked
:
!
! Last configuration change at 00:51:10 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GENERICNAME
!
logging rate-limit console 9
enable secret 5 "SECRETSTRINGHASH"
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid GENERICSSID
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 "HEXNUMBERS"
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 "MOREHEXNUMBERS"
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid GENERICSSID
!
stbc
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
channel 2437
station-role root
world-mode dot11d country-code US both
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
!
interface Dot11Radio1
no ip address
no ip route-cache
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no ip route-cache
!
ip default-gateway xxx.xxx.xxx.xxx
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/blahblahblah
bridge 1 route ip
!
!
!
CONSOLE and TERMINIAL CONFIG OMITTED
!
end
After issuing the default command which you gave me (Thank you!), even though it had wanted a rate, the radio was reset and left disabled. I went to the GUI and set it up the way I wanted, but it still did not work. I noticed that my computer saw the radio as 802.11g, so I tried to figure out how to make sure 802.11n was turned on. While doing that, under "Express Set-up" I came across a setting called "Optimize Radio Network for:" It had three options - throughput, range, default, and custom. I selected "throughput", and I could then connect as 802.11n at 144Mbs.
Does this sound appropriate?
Below is the config I wound up with. I also attached a picture of the setting that worked
:!
! Last configuration change at 00:51:10 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GENERICNAME
!
logging rate-limit console 9
enable secret 5 "SECRETSTRINGHASH"
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid GENERICSSID
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 "HEXNUMBERS"
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 "MOREHEXNUMBERS"
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid GENERICSSID
!
stbc
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
channel 2437
station-role root
world-mode dot11d country-code US both
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
!
interface Dot11Radio1
no ip address
no ip route-cache
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no ip route-cache
!
ip default-gateway xxx.xxx.xxx.xxx
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/blahblahblah
bridge 1 route ip
!
!
!
CONSOLE and TERMINIAL CONFIG OMITTED
!
end
Sounds good to me!
The default command should turn all of the MCS rates on, providing you enable AES as the cipher.
Glad you got it to work :-)
The default command should turn all of the MCS rates on, providing you enable AES as the cipher.
Glad you got it to work :-)
ASKER