Aironet 2600 only reaches 54Mbps even though it is configured for WPA2-Personal PSK AES with WMM

We recently upgraded our AP's to the Aironet 2600.  We were using WEP authentication, which we found out will not let you utilize the full speed of 802.11n.  We do not have a RADIUS server.  We only want to use the 2.4 band.

I read that in order to get the higher speeds without using a RADIUS server, that we would need to use WPA2-PSK-Personal with AES encryption and enable WMM.  I made the configuration changes to a test AP, but I am still not getting a speed greater than 54Mbps.  I am in the same room.

I don't know what else I am doing or not doing correctly.  Below is my current test config:
!
! Last configuration change at 00:09:12 UTC Mon Mar 1 1993 by cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GENERICNAME
!
logging rate-limit console 9
enable secret 5 "SECRETSTRINGHASH"
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid GENERICSSID
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 "HEXNUMBERS"
!
crypto pki token default removal timeout 0
!
!
username GENERICUSERNAME password 7 "MOREHEXNUMBERS"
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 ssid GENERICSSID
 !
 antenna gain 0
 stbc
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2437
 station-role root
 world-mode dot11d country-code US both
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 no ip route-cache
!
ip default-gateway xxx.xxx.xxx.xxx
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/blahblahblah
bridge 1 route ip
!
!
!
CONSOLE and TERMINIAL CONFIG OMITTED
!
end
tmaususerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tmaususerAuthor Commented:
Something to do with MCS rates?  How do I know what to select?
0
Craig BeckCommented:
Try this...

 
default int dot11radio 0
Int dot11radio 0
encryption mode ciphers aes
ssid GENERICSSID

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tmaususerAuthor Commented:
Do I need to remove any of the current lines in my config before trying your suggestion?  Thanks by the way!
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

Craig BeckCommented:
No, the code will delete everything from the 2.4GHz radio interface, and reconfigure the SSID and encryption.

No probs! Let me know how it goes :-)
0
tmaususerAuthor Commented:
I'm gonna give it a try tomorrow.  Thanks! Do I need to enable a MCS?
0
Craig BeckCommented:
No it'll be enabled by default.
0
tmaususerAuthor Commented:
I get the message below:

GENERICSSID(config)#default int dot11radio 0
  not allowed on Dot11Radio0 interface
  not allowed on Dot11Radio0 interface
%command not allowed, cannot remove bridge-group 1Cannot disable station-role
At least one rate required
0
tmaususerAuthor Commented:
I got it to work!  

After issuing the default command which you gave me (Thank you!), even though it had wanted a rate, the radio was reset and left disabled.  I went to the GUI and set it up the way I wanted, but it still did not work.  I noticed that my computer saw the radio as 802.11g, so I tried to figure out how to make sure 802.11n was turned on.  While doing that, under "Express Set-up" I came across a setting called "Optimize Radio Network for:"  It had three options - throughput, range, default, and custom.  I selected "throughput", and I could then connect as 802.11n at 144Mbs.

Does this sound appropriate?

Below is the config I wound up with.  I also attached a picture of the setting that workedOptimize Radio for Throughput:

!
! Last configuration change at 00:51:10 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GENERICNAME
!
logging rate-limit console 9
enable secret 5 "SECRETSTRINGHASH"
!
no aaa new-model
no ip routing
!
!
dot11 syslog
!
dot11 ssid GENERICSSID
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 "HEXNUMBERS"
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 "MOREHEXNUMBERS"
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 ssid GENERICSSID
 !
 stbc
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 channel 2437
 station-role root
 world-mode dot11d country-code US both
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 no ip route-cache
!
ip default-gateway xxx.xxx.xxx.xxx
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/blahblahblah
bridge 1 route ip
!
!
!
CONSOLE and TERMINIAL CONFIG OMITTED
!
end
0
Craig BeckCommented:
Sounds good to me!

The default command should turn all of the MCS rates on, providing you enable AES as the cipher.

Glad you got it to work :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.