GalaxyTechService
asked on
Cisco Air AP
Hello Experts,
I am no cisco guy with very limited skill sets in cisco. We have move a network off of vlans and just to a classic network setup. On one of the vlans was 12 Cisco Air-AP1231G-A-K9 units. We thought going in and changing the I.P. addresses, default gateway and removing vlan settings on each access point would be the best solution, but we where wrong. 4 of the 12 work after resetting all but the I.P. address and configuring them our self's. The most common problem we have with the other 8 is they will broadcast the ssid but when you connect you get "limited access" or a continuous "obtaining ip address" on mobile devices.
This is the config file from one of the AP with the problem stated above.
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGAP08
!
enable secret 5 $1$qb63$kzc4Y8bZGGeY4Pw2H9 XSY/
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers tkip
!
ssid RNGWIFI
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 10.100.83.18 255.255.255.0
no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
snmp-server community HTF RO
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
next is the config file from one of the working AP's.
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP01
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw2 7ml1
!
username wap.admin privilege 15 password 7 00361208035A02145C
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 051908083645480009040401
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.100.83.11 255.255.255.0
no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server view dot11view ieee802dot11 included
snmp-server community HTF RO
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
exec-timeout 66 0
login local
line vty 5 15
login
!
ntp clock-period 2861744
ntp server 192.168.5.250
end
Any advice on this issue would be of great help.
Thank you,
GTS
I am no cisco guy with very limited skill sets in cisco. We have move a network off of vlans and just to a classic network setup. On one of the vlans was 12 Cisco Air-AP1231G-A-K9 units. We thought going in and changing the I.P. addresses, default gateway and removing vlan settings on each access point would be the best solution, but we where wrong. 4 of the 12 work after resetting all but the I.P. address and configuring them our self's. The most common problem we have with the other 8 is they will broadcast the ssid but when you connect you get "limited access" or a continuous "obtaining ip address" on mobile devices.
This is the config file from one of the AP with the problem stated above.
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGAP08
!
enable secret 5 $1$qb63$kzc4Y8bZGGeY4Pw2H9
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers tkip
!
ssid RNGWIFI
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 10.100.83.18 255.255.255.0
no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
snmp-server community HTF RO
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
next is the config file from one of the working AP's.
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP01
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw2
!
username wap.admin privilege 15 password 7 00361208035A02145C
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 051908083645480009040401
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.100.83.11 255.255.255.0
no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server view dot11view ieee802dot11 included
snmp-server community HTF RO
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
exec-timeout 66 0
login local
line vty 5 15
login
!
ntp clock-period 2861744
ntp server 192.168.5.250
end
Any advice on this issue would be of great help.
Thank you,
GTS
Could you please also post the configuration of a working unit? It may tie to either the SSID settings OR the IP settings on the AP.
ASKER
the second config I posted is a working one.
this is an config of another working unit.
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP02
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw2 7ml1
!
username wap.admin privilege 15 password 7 05390701264D471B4A
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip wep128
!
encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980B A9 transmit-key
encryption vlan 25 mode ciphers wep128
!
ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 111B1702001B0D05142B3837
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.100.83.12 255.255.255.0
no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server community rangaire RO
snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
exec-timeout 66 0
login local
line vty 5 15
login
!
ntp server 192.168.5.250
end
this is an config of another working unit.
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP02
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw2
!
username wap.admin privilege 15 password 7 05390701264D471B4A
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip wep128
!
encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980B
encryption vlan 25 mode ciphers wep128
!
ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 111B1702001B0D05142B3837
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.100.83.12 255.255.255.0
no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server community rangaire RO
snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
exec-timeout 66 0
login local
line vty 5 15
login
!
ntp server 192.168.5.250
end
Taking a quick read... why does the nonworking one have a shutdown line for Dot11Radio0?
Also noticed the differences in software versions. So far, it looks like the working ones have 12.2, while the nonworking have 12.3. Not sure if this holds 100% true, but an interesting observation.
Check all of the APs that don't work for that shutdown line and remove it.
Also noticed the differences in software versions. So far, it looks like the working ones have 12.2, while the nonworking have 12.3. Not sure if this holds 100% true, but an interesting observation.
Check all of the APs that don't work for that shutdown line and remove it.
Found some other differences:
The working ones have these lines:
ip radius source-interface BVI1
snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
exec-timeout 66 0
line vty 5 15
login
ntp clock-period 2861744
ntp server 192.168.5.250
Nonworking one has these lines:
!
no aaa new-model
!
dot11 ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!
!
encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980B A9 transmit-key
encryption vlan 25 mode ciphers wep128
!
ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 111B1702001B0D05142B3837
bridge-group 1 spanning-disabled
hold-queue 160 in
no ip http secure-server
control-plane
The working ones have these lines:
ip radius source-interface BVI1
snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
exec-timeout 66 0
line vty 5 15
login
ntp clock-period 2861744
ntp server 192.168.5.250
Nonworking one has these lines:
!
no aaa new-model
!
dot11 ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!
!
encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980B
encryption vlan 25 mode ciphers wep128
!
ssid RNGWIFI
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 111B1702001B0D05142B3837
bridge-group 1 spanning-disabled
hold-queue 160 in
no ip http secure-server
control-plane
The secret towards the beginning is also different.
I would take the configuration from one of the working ones, change the lines that are appropriate that the specific nonworking AP you're working on, and load that. Quite a few differences.
BTW - In case you're wondering how I scanned so fast, I used Notepad++ and used the compare plugin.
I would take the configuration from one of the working ones, change the lines that are appropriate that the specific nonworking AP you're working on, and load that. Quite a few differences.
BTW - In case you're wondering how I scanned so fast, I used Notepad++ and used the compare plugin.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.