Cisco :: Autonomous 1231 / 1242 Radius Configuration?
Jan 12, 2011
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
version 12.3
no service pad
service timestamps debug datetime msec
[Code].....
View 2 Replies
ADVERTISEMENT
Jan 22, 2013
I cannot TFTP this tar file to both 1230 and 1231 APs. Both are lightweight APs that I've wiped to the rommon mode (ap>) and I issue the command:
tar -xtract c1200/k9w7-mx.123-8.JA 10.0.0.2
And I get a error saying: "permission denied"
Notes:
The AP has defaulted to the 10.0.0.1 IP.
My laptop is set to 10.0.0.2 255.255.255.0 IP
My TFTP-Server is on and the root folder with the .tar file is in there.
ether_init, flash_init, tftp_init (these commands have been executed)
My firewall is disabled.
View 18 Replies
View Related
Jun 21, 2006
We have a 1231 AP and a Freeradius Server.Now we are using MAc authentication.The thing is that the AP sends two parameters to the RADIUS:
User-Name = "000ff855df2e"
User-Password = "000ff855df2e"
both are the MAC of the wireless client.I want that the AP send:
User-Name = "00-0f-f8-55-df-2e"
User-Password = "mykey"
Note that the MAC is dash separated and the password is forced to the key that I want.
View 2 Replies
View Related
Jan 17, 2011
I have some 1242s and I can't get a straight answer on whether they can do both autonomous and lightweight or just lightweight.
Model number: AIR-LAP1242AG-A-K9.
I'm assuming that the 'L' in the model numbers means it's just lightweight, but searching Cisco's site and the Internet in general it's just not clear.
I know it works as a lightweight AP, can I run it in autonomous mode?
View 3 Replies
View Related
Dec 9, 2012
After upgrading from a 1231 autonomous to an 1142 autonomous AP some machines can no longer authenticate. AP logs show authentication failure and access reject coming from the Radius server. Radius server shows authentication failures but no specific reason. Using the same account on another machine works fine. Machine settings have been verified and if we go back to the 1231 all users authenticate fine. Below are the configs:
OLD AP:
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
[code]...
View 3 Replies
View Related
Aug 13, 2006
i need to change the IOS in a Ligthwiegth Access point and make it work as an Autonomus AP 1242. I have got the image but im not realy clear about the process. I got to enter the Ligthwiegth Access point true the console port but i dont know how is the upgrading process.
View 6 Replies
View Related
Jun 5, 2013
I encounter a strange problem on several AP 1242 in version 12.4(25d)JA1 of a customer : He has 10 autonomous AP covering The APs loose LAN connectivity randomly and therefore the clients don't work anymore. The AP are connected on a 2960 and a 3560 wich are in turn connected on a 3750 wich route the trafic.After checking spanning-tree no loops are present. When I check the counters on the AP involved I see the "trhottles" and "ignored" counters incrementing on the fa0 link of the AP impacted wich mean I think it can't handle the incoming traffic. This incoming traffic seems not to be too big however. I can see drops on the switch interface connecting the AP.
View 2 Replies
View Related
Mar 8, 2012
we had a problem with a customer wlan in our warehouse (cannel overlapping). The troubleshoot needed a long time. For the future if requipred in case of problems i want to configure one access point in the warehouse as a scanner (please find picture in the attachement). The Autonomous cisco 1242 is now configured as scanner but i can't see any logfiles? Where can i find these informations. This is the cisco description of the scanner mode:Scanner—Functions as a network monitoring device. In the Scanner mode, the access point does not accept associations from clients. It continuously scans and reports wireless traffic it detects from other wireless devices on the wireless LAN. All access points can be configured as a scanner.
View 1 Replies
View Related
Sep 13, 2011
download an autonomous image for Cisco Access point 1242 ?
View 1 Replies
View Related
Feb 9, 2011
I have 3 Cisco 1242 WAPs that I have deployed at a site that has NO RADIUS/AAA devices. I have given all of them a different channel (1,6,11), but the same SSID and crypto (WPA2-PSK). The issue is when a machine boots up it associates with the closest/strongest AP, but as the device "roams" it does not which to a different AP. It stays associated with the original AP until that signal is gone. Then it quickly associates with the closest AP with no problem.
How do I get the device to associate with the strongest WAP? I have research "fast roaming and WDS" but it seems like you need EAP/LEAP and they do NOT have that at all.
View 3 Replies
View Related
Feb 7, 2013
I am trying to configure a 1242 or 3502 WGB with PEAP. There is not ACS server involved as Windows RADIUS is used. I can get the WGB to work with OPEN Authentication but when I attempt to add in the authentication/security piece I get "no association." Below is my current config. The WLAN is set to use WPA/WPA2 802.1x + CCKM.
Current configuration : 1812 bytes
!
! Last configuration change at 00:56:39 CST Tue Mar 2 1993
version 15.2
[Code].....
View 1 Replies
View Related
May 1, 2012
For the establishment of a WiFi Hot Spot with 5 Cisco 1242AG and 5 antenna AIR-ANT1728, I want to know what the config is the most suitable.
- One antenna in root mode and the other 4 in repeater mode
- Or 5 antennas in root mode
Between each terminal distance is about 100 meters outside?
View 3 Replies
View Related
Feb 2, 2013
I am setting up a guest WLAN network on our existing 1242 AP's using a seperate VLAN. On most wireless devices which are on the company network/VLAN's, I have used WEP authentication with hex keys, and no broadcast. Obviously this cannot be the same for a guest internet connection.We want to have the VLAN/SSID in guest mode (which i have configured) for broadcasting, and then once someone selects the SSID on their laptop or smart phone, they are just prompted to authenticate with a standard alphanumeric password (example "guestwifi") instead of a 40 or 128 bit key.
I have searched all over and tried multiple things in the CLI on AP1, but can't seem to get anywhere.
View 4 Replies
View Related
Oct 26, 2011
We have a couple of autonomous 1262's that I'd like to get configured. I would like to put the Ethernet interface out on our Internet subnet and have the clients get a RFC 1918 address from the radio's. Our little Linksys is setup this way and the clients are PAT'ing off the Ethernet interface when they go to the Internet.
Is this possible with these guys or do I have to put the AP ethernet interface into the same subnet with the DHCP scope? I don't have enough Internet IP's to hand out to every wireless client.
View 15 Replies
View Related
Mar 26, 2012
Recently installed a 1262N AP in autonomous mode. Have both 2.4 and 5Ghz radios running- Both on separate SSID and VLAN. I think I have 5Ghz channels using 40Mhz bands (bonded) but when I do iperf throughput test I only get about 25Mb throughput. I am sitting within 10 feet of the AP. When I switch to 2.4 I get around 60Mb and that's not bonded. I have tried multiple interfaces on my client side laptop I'm testing with since I thought maybe it was a quirky card or driver but I get same results. Am I doing something wrong here? My laptop shows a 300Mb connection to 5Ghz and 144Mb on 2.4Ghz but I know that's not true thorughput so that's why I was testing this to see what I was really getting and now I'm confused.
View 4 Replies
View Related
Jun 5, 2012
Configuring radius authentication on Nexus 7k?I have heard once you have configured the radius you are only able to run show commands on it.
View 1 Replies
View Related
Dec 3, 2011
I need to configure RADIUS VSA configuration for a my alvarion device. Following are the attributes that need to be configured.
- Packet Data Flow ID (ID 1, integer16)
- Direction (ID 4, integer8)
- Transport Type (ID 6, integer8)
- UplinkQoSID (ID 7, integer8)
- DownlinkQoSID (ID 8, integer8)
[code]....
I was able to configure the first 6 attributes, how can I add the Sub - TLV's ClassifiedID, Priority, VLAN-ID and Classifier Direction which come under Classifier. Don't see any option for that in ACS 5.x
View 1 Replies
View Related
Nov 11, 2012
I have been given a new project at work, to configure a 881W for wireless capebilities. how to get it to work using local database for the users to authenticate against, but our goal is to authenticate against a radius server that we have in place for existing Juniper AP's.
I have looked at some documentation out there and I cant seem to find what Im looking for. What I need to find out is an example of how to setup a radius server so that the wireless user can authenticate against. I have found some docs on google but those go over radius server setups for logons to the router etc.
here is what I got so far
Building configuration...
Current configuration : 2005 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 881W_AP!logging rate-limit console 9enable secret 5
[Code].....
View 7 Replies
View Related
Jan 24, 2013
I am currently trying to get eap-tls user certificate based wireless authentication working. The mismatch of guides im trying to follow has me coming up trumps with success so far.
My steps for radius:- (i think this part ive actually got ok) [URL]
Steps for the wireless profile on a win 7 client:- this has me confused all over the place [URL]
My 1130 Config:-
[code]
Current configuration : 3805 bytes
!
! Last configuration change at 11:57:56 UTC Fri Jan 25 2013 by apd
[Code].....
View 14 Replies
View Related
Nov 5, 2009
Is it possible to deploy the CSS11501 in one arm design to loadbalance the authentication traffic Radius across CSACS servers which is on UDP 1645 or 1812 port, is it required to configure the NAT or not, if yes how can define the shared secret in the CSS. also tell me how to configure the keepalive for udp traffic in this scenario other then default icmp keep alive
View 2 Replies
View Related
Apr 21, 2013
I have a couple of ACS 5.2 configured as active and backup and I am doing dot 1x authentication using these servers . I have configured the switch with the bellow configuration.
radius-server host 10.0.10.15 auth-port 1645 acct-port 1646
radius-server host 10.0.10.16 auth-port 1645 acct-port 1646
radius-server key 7 aaaaaaaaaaaaaa
please help to understand what will happen in switch
1) in case of primary failure
2)in case if primary returns alive .
View 8 Replies
View Related
Jun 20, 2012
I have a wireless install using several standalone 1142 Access Points. Yes, I know it would be better to use a WLC, but there isn't one and no funds to install one, so I have to work with what's there...
I'd like to configure the 1142's for wireless N connectivity. Yes, I know I need to ensure WPA/PSK is the security used as WPA/AES, the default option in the CLI won't be happy with wireless N.Currently I am running them in B/G only and they work just fine with WPA/AES. No issues are reported by the users, but of course I'd like to get them running N for the increased throughput so I need to kniow the CLI steps required.
View 3 Replies
View Related
Feb 22, 2013
I came across an interesting issue and thought I would see if anyone else has encountered it before contacting TAC.I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54).
View 2 Replies
View Related
Apr 23, 2012
I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54). With the background set, one switch reports the following:SwitchA (config)#r?radius-server redundancy regexp represourc rmon route-map router.
View 4 Replies
View Related
Aug 7, 2012
At work we have some older 1231 AG model access-points and a WLC with version 7.0. I was trying to convert them to lightweight and they will not join the controller without importing a .CSV file into the WLC. I cannot figure out to import that file, I cannot find any documentation on how to add the certificate with version 7.0.
View 2 Replies
View Related
Jul 11, 2012
I have four 1200 series AP. Part number of these AP's is AIR-AP1231G-A-K9. I am thinking to buy a new 2504 WLC with 5 AP licenses. Just wondering whether my AP's are compatible with WLC or not. These AP's are in close proxomity and start contending with each other if I configure the stand alone.
View 3 Replies
View Related
Oct 1, 2012
Converted a Cisco 1231 with the Update Tool to lightweight (used c1200-rcvk9w8-tar.124-21a.JA2.tar). It worked, but now the AP issn't joining the wlc: [code]
View 8 Replies
View Related
Oct 29, 2011
We have found that only Cisco 1231 WAP are exhibiting this behaviour. Their Primary WLAN controller is Cisco1 WLC but they fail to register to Primary WLC and fall back to Cisco2 WLC. After about 200 sec , they attempt to connect to Primary WLC once again and fail. The whole cycle is repeated every 250 seconds.
View 3 Replies
View Related
Sep 12, 2012
I have some old 1231 APs in the school in which I work.I would like to create a local network (no LAN, no internet, just a point to point wifi connection) managed by the access point (in DHCP).That's because we have an apple TV connected to a projector and some ipads. My idea was to put the devices locally in the same closed network for share via AIR Mirror the ipads on the apple TV.
View 3 Replies
View Related
Jul 8, 2012
I'm having little success migrating our older Aironet1231 to our new WLC 5508. The 1231 is currently registered as a LAP to a 4400 WLC and I'm in the process of moving away from this controller to the new one. I've pasted the output of the error messages I'm getting below. At this point, I'm stuck and not sure how to get around the "Failed to parse CAPWAP packet" error.
I'm getting these messages when I have:
debug pm pki enable
debug capwap errors enable
I initially got this error, but got passed it when I allowed SSC in the 5508 (Security -> AP Policies)
sshpmGetIssuerHandles: SSC is not allowed by config; bailing...
Now I'm getting these:
*sshpmLscTask: Jul 09 11:13:11.516: sshpmLscTask: LSC Task received a message 4
View 3 Replies
View Related
Oct 31, 2011
I have a problem where clients cannot roam between Cisco 1231g-e-k9 and recently installed cisco 1242g-e-k9 access points.. On looking at the CDP option on the 1231 and 1242 access points they are all aware of each other. However if I use the Network View option I see a different picture. All the 1231 access points can see each other but not see the 1242's. Network View on the1242 shows all the 1231's but none of the 1242's. The 1231 are running ver. 12.3(8)JEB and the 1242's are running ver. 12.4(21a)JA1.
View 2 Replies
View Related
Apr 22, 2013
I have configure my AP with to SSID (11 & 12), but I cannot connect to 12. It authenticates, and while trying to acquire IP address from 12, it fails and connects me to 11 (if I have already saved the SSID connection).
The following is my AP status:Product/Model Number:AIR-AP1231G-A-K9 System Software Filename:c1200-k9w7-tar.123-8.JEE System Software Version:12.3(8)JEE Bootloader Version:12.3(2)JA4
The SSID 12 already have 4 clients connected, And I am tring to connect a 5th one (smart phone), but cannot connect to 12, instead coneected to 11. Also tried with a laptop, but cant get the IP address, and give Limited Connectivity error.
View 3 Replies
View Related
Apr 28, 2013
WLC shows the next error.
AP with MAC 00:1e:13:10:40:59 (AIR-AP1231G-E-K9 ) is unknown.
I updated the AP to lightweighd firmware using upgrade tool. But upgrade tool generate the csv files empty so I had no idea about Hash key, so I resetted the APs to default values.
WLC still doesn't register them.
How Can I register the APs? The version of the WLC is 7.3.101.0
View 4 Replies
View Related