Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 136
  • Last Modified:

Cisco Air AP

Hello Experts,

I am no cisco guy with very limited skill sets in cisco.  We have move a network off of vlans and just to a classic network setup.  On one of the vlans was 12 Cisco Air-AP1231G-A-K9 units.  We thought going in and changing the I.P. addresses, default gateway and removing vlan settings on each access point would be the best solution, but we where wrong.  4 of the 12 work after resetting all but the I.P. address and configuring them our self's.  The most common problem we have with the other 8 is they will broadcast the ssid but when you connect you get "limited access" or a continuous "obtaining ip address" on mobile devices.

This is the config file from one of the AP with the problem stated above.

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGAP08
!
enable secret 5 $1$qb63$kzc4Y8bZGGeY4Pw2H9XSY/
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid RNGWIFI
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 shutdown
 !
 encryption mode ciphers tkip
 !
 ssid RNGWIFI
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 10.100.83.18 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
snmp-server community HTF RO
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end

next is the config file from one of the working AP's.

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP01
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw27ml1
!
username wap.admin privilege 15 password 7 00361208035A02145C
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 ssid RNGWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    infrastructure-ssid optional
    wpa-psk ascii 7 051908083645480009040401
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 rts threshold 2312
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.100.83.11 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server view dot11view ieee802dot11 included
snmp-server community HTF RO
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
 exec-timeout 66 0
 login local
line vty 5 15
 login
!
ntp clock-period 2861744
ntp server 192.168.5.250
end

Any advice on this issue would be of great help.

Thank you,

GTS
0
GalaxyTechService
Asked:
GalaxyTechService
  • 4
1 Solution
 
masnrockCommented:
Could you please also post the configuration of a working unit? It may tie to either the SSID settings OR the IP settings on the AP.
0
 
GalaxyTechServiceAuthor Commented:
the second config I posted is a working one.  

this is an config of another working unit.

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RNGWAP02
!
enable secret 5 $1$pQsI$0uSLLyGQ5.I7xezRw27ml1
!
username wap.admin privilege 15 password 7 05390701264D471B4A
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip wep128
 !
 encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980BA9 transmit-key
 encryption vlan 25 mode ciphers wep128
 !
 ssid RNGWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 111B1702001B0D05142B3837
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 rts threshold 2312
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.100.83.12 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.100.83.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
snmp-server community rangaire RO
snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty
bridge 1 route ip
!
!
line con 0
line vty 0 4
 exec-timeout 66 0
 login local
line vty 5 15
 login
!
ntp server 192.168.5.250
end
0
 
masnrockCommented:
Taking a quick read... why does the nonworking one have a shutdown line for Dot11Radio0?

Also noticed the differences in software versions. So far, it looks like the working ones have 12.2, while the nonworking have 12.3. Not sure if this holds 100% true, but an interesting observation.

Check all of the APs that don't work for that shutdown line and remove it.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
masnrockCommented:
Found some other differences:

The working ones have these lines:

 ip radius source-interface BVI1

snmp-server community HTF RW
snmp-server chassis-id RNGWAP02
snmp-server enable traps tty


 exec-timeout 66 0

line vty 5 15
 login

ntp clock-period 2861744
ntp server 192.168.5.250



Nonworking one has these lines:

!
no aaa new-model
!
dot11 ssid RNGWIFI
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 010108034C020006314D5D1A
!
!
!
username Cisco password 7 106D000A0618
!


!
 encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980BA9 transmit-key
 encryption vlan 25 mode ciphers wep128
 !
 ssid RNGWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 111B1702001B0D05142B3837




 bridge-group 1 spanning-disabled
 hold-queue 160 in
no ip http secure-server
control-plane
0
 
masnrockCommented:
The secret towards the beginning is also different.

I would take the configuration from one of the working ones, change the lines that are appropriate that the specific nonworking AP you're working on, and load that. Quite a few differences.

BTW - In case you're wondering how I scanned so fast, I used Notepad++ and used the compare plugin.
0
 
Craig BeckCommented:
Forget all of the key stuff at the bottom of the config - that's SNMP, etc.

In the first config the dot11Radio0 interface is shutdown.

You've got at least 2 different versions of code going on here.  The non-working one looks like 12.3 code and the config is formatted slightly differently to 12.2 code, so you can't pick up the code from the 12.2 APs and simply drop it on the non-working 12.3 APs.  Saying that, the config is fine on the 12.2 APs.

On the non-working APs, do this...

interface dot11Radio0
 no encryption mode ciphers tkip wep128
 no encryption vlan 25 key 1 size 128bit 7 D50846394FF1355A46184A980BA9 transmit-key
 no encryption vlan 25 mode ciphers wep128
 encryption mode ciphers tkip
 no shutdown

Open in new window

0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now