Solved

Cisco Air AP

Posted on 2016-11-14
6
28 Views
Last Modified: 2016-11-15
Hello Experts,

I am no cisco guy with very limited skill sets in cisco.  We have move a network off of vlans and just to a classic network setup.  On one of the vlans was 12 Cisco Air-AP1231G-A-K9 units.  We thought going in and changing the I.P. addresses, default gateway and removing vlan settings on each access point would be the best solution, but we where wrong.  4 of the 12 work after resetting all but the I.P. address and configuring them our self's.  The most common problem we have with the other 8 is they will broadcast the ssid but when you connect you get "limited access" or a continuous "obtaining ip address" on mobile devices.

This is the config file from one of the AP with the problem stated above.

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGAP08
!
enable secret 5 $1$qb63$kzc4Y8bZGGeY4Pw2H9XSY/
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid RNGWIFI
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 shutdown
 !
 encryption mode ciphers tkip
 !
 ssid RNGWIFI
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 10.100.83.18 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
snmp-server community HTF RO
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end

next is the config file from one of the working AP's.

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP01
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw27ml1
!
username wap.admin privilege 15 password 7 00361208035A02145C
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 ssid RNGWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    infrastructure-ssid optional
    wpa-psk ascii 7 051908083645480009040401
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 rts threshold 2312
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.100.83.11 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server view dot11view ieee802dot11 included
snmp-server community HTF RO
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
 exec-timeout 66 0
 login local
line vty 5 15
 login
!
ntp clock-period 2861744
ntp server 192.168.5.250
end

Any advice on this issue would be of great help.

Thank you,

GTS
0
Comment
Question by:GalaxyTechService
  • 4
6 Comments
 
LVL 20

Expert Comment

by:masnrock
ID: 41886378
Could you please also post the configuration of a working unit? It may tie to either the SSID settings OR the IP settings on the AP.
0
 

Author Comment

by:GalaxyTechService
ID: 41886395
the second config I posted is a working one.  

this is an config of another working unit.

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP02
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw27ml1
!
username wap.admin privilege 15 password 7 05390701264D471B4A
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip wep128
 !
 encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980BA9 transmit-key
 encryption vlan 25 mode ciphers wep128
 !
 ssid RNGWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 111B1702001B0D05142B3837
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 rts threshold 2312
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.100.83.12 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server community rangaire RO
snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
 exec-timeout 66 0
 login local
line vty 5 15
 login
!
ntp server 192.168.5.250
end
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41886397
Taking a quick read... why does the nonworking one have a shutdown line for Dot11Radio0?

Also noticed the differences in software versions. So far, it looks like the working ones have 12.2, while the nonworking have 12.3. Not sure if this holds 100% true, but an interesting observation.

Check all of the APs that don't work for that shutdown line and remove it.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 20

Expert Comment

by:masnrock
ID: 41886424
Found some other differences:

The working ones have these lines:

 ip radius source-interface BVI1

snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty


 exec-timeout 66 0

line vty 5 15
 login

ntp clock-period 2861744
ntp server 192.168.5.250



Nonworking one has these lines:

!
no aaa new-model
!
dot11 ssid RNGWIFI
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!


!
 encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980BA9 transmit-key
 encryption vlan 25 mode ciphers wep128
 !
 ssid RNGWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 111B1702001B0D05142B3837




 bridge-group 1 spanning-disabled
 hold-queue 160 in
no ip http secure-server
control-plane
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41886426
The secret towards the beginning is also different.

I would take the configuration from one of the working ones, change the lines that are appropriate that the specific nonworking AP you're working on, and load that. Quite a few differences.

BTW - In case you're wondering how I scanned so fast, I used Notepad++ and used the compare plugin.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 41886541
Forget all of the key stuff at the bottom of the config - that's SNMP, etc.

In the first config the dot11Radio0 interface is shutdown.

You've got at least 2 different versions of code going on here.  The non-working one looks like 12.3 code and the config is formatted slightly differently to 12.2 code, so you can't pick up the code from the 12.2 APs and simply drop it on the non-working 12.3 APs.  Saying that, the config is fine on the 12.2 APs.

On the non-working APs, do this...

interface dot11Radio0
 no encryption mode ciphers tkip wep128
 no encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980BA9 transmit-key
 no encryption vlan 25 mode ciphers wep128
 encryption mode ciphers tkip
 no shutdown

Open in new window

0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now