Cisco :: Considering And Replacing AIR-LAP1131AG-A-K9 APs
May 20, 2013
We have about 70 AIR-1131AG-A-K9 APs that were installed about 5 years ago. The controller we use is a 4404 WLC, with software 18.104.22.168. This provides us our wireless network. We use Cisco switches as access, distribution, and core switches.
We have two guest networks, one for visiting physicians and another for patients and their guests. Each of these guest networks use a 4402 WLC as an anchor controller, with software 22.214.171.124. They use the same APs as our business network.
According to my understanding of the guest networks is that a tunnel (I don't know if it is encrypted or or encapsulated) is created between the APs/Guest WLAN to the anchor controllers, so this guest traffic is isolated from our business traffic. Futhermore, these guest controllers connect directly to our firewall, which only allows them access to the Internet, and not our Internal LAN.
Well, we've been having problems with our wireless system, specifcally with patient guest access. It has gotten bad enough that they are looking to replace the Cisco APs on the south side of the hospital. We've been told that "you can get better guest access at McDonalds" : ( . I think part of our problem is that our controller code is so very old and we are have a our patient guest network open and "restrict" the number of clients attached to it by limiting our DHCP scope. The biggest complaint we get regarding the patient/guest wireless is people saying "I can't connect to the wireless", which we almost always identify as an issue caused by us running our of DHCP leases (we have about 200). These DHCP lease are used quickly, by an devices that comes into range that is set to automatically connect to any network that is in range. A lot of our staff is connected to our patient guest network and don't even realize it.
We are interested in Meraki APs because they are magaged using a cloud controller (we won't have the added expense of another controller) and they seem really easy to manage. Our biggest concern regarding Mearki is security. They make use of NAT, a Layer 3 firewall, and LAN isolation (a firewall rule that only allows clients Internet access) in each AP as a means of isolating the guest traffic from the business traffic. Does this seem like a secure way to accomplish this or are the Layer 2 tunnels that Cisco and from what I've been told recently Aruba and Juniper make use of a more secure approach?
We've been working with a Meraki vendor, who also happens to sell Aruba and Juniper wireless networks. It seems like don't suggest Meraki if we are concerned with security. They said they are good for situations where you have many geographically seperated sites. They suggested we use Juniper and Aruba, specifically because they use Layer 2 tunnels and that they used technologies like clear air (APs self adjust channels and power, which Meraki claims to do too). I thought that, hey does Cisco that too, why wouldn't we just go with Cisco if those are your selling points for Juniper and Aruba?
WCS is reporting few AP's are not associated with it. While troubleshooting, AP conneceted switch interface shows UP/UP and show power inline output gives IEEE PD instead of AIR-LAP1131AG-E-K, after doing a shut/no shut on AP connected interface. Later after sometime AP comes up.
I have a WLC 4402 with many APs connected. Most of the APs are LAP1121 and LAP1131 and are working using 802.11b/g. I tried activating 802.11a but for some reason its not working. I see under the Monitor tab that the AP's "802.11a" interface is "down". I have enabled the radio under the "Wireless" tab. Under all the "WLAN" I have enabled all the radios but still not working. 802.11a" interface is still "down".
The AP Model is AIR-LAP1131AG-E-K9 meaning "ESTI" regulation. Under "Country" I "checked" IL.
I have 10 AIR-LAP1131AG-A-K9 connected to a 4402 controller. I have a couple of questions:
- When I go into CONFIGURE/ACCESS POINT, one of the AP's has the message "**Configuration is different on the Device**". How do I connect directly to the device to check the settings? I tried to telnet but that didn't work.
- Are these access points capable of acting as a DHCP server? If so, where can I check this setting? I have workstations that are unable to pull an IP address from my DHCP server running on a Windows server. I want to make sure the AP's and/or the controller are not the issue. The clients see the SSID and the signal is strong, but when they connect they get limited network connectivity message and the IP addr is 169.254.97.123 (which is wrong).
I've a 2106 WLC and the software is upgrade to 126.96.36.199. There are 3 APs with external power adapter work normally on it. Here is the problem: There is another AP with external power adapter has join the the WLC successfully. But it can not enable the radio 802.11b. Following is the error message on CLI
(Cisco Controller) config>802.11b enable AP001d.a1ef.b5f4 Cisco AP has not enough in-line power to enable radio
Since few days the WLC 2100 series controller and 3x LAP1131AG are getting disconnected and the controller gets offline via the local ip address. At that point I have to reboot. To get anywhere and after I connect wirelessly to the AP before I know it it disconnects. It worked for 3 years straight no fuss. And now nothing. I reconfigured the WLC 10times and no diffference.
At one of our locations we are experiencing some problems getting connected to our wireless networks.
It is possible to sit right next to an AP (AIR-LAP1131AG) and only have limited access to the network.
I have attached a snapshot from inSSID from the wireless networks in the area. All of them are broadcasted by our controller and I can´t figure out how it is possible to see SSIDs in other channels than the ones in the 2.4GHz band (11-14)?
I have a customer whom has six LAP1131AG-K9 but no controller and they are interested in one of the new 2500 series, specifically a AIR-CT2504-5-K9 with a 5 AP add-on license to bring total AP capacity to 10. I can't determine clearly if this controller will work for these older AP's prior to them making the jump to 802.11n via the 3500 or 3600 series, looking to the community to confirm.
I am currently replacing my Sonicwalls with Cisco ASA5520's. One of my VPN tunnels currently functioning on the Sonicwall Requires a IKE Peer ID be programmed, I tried programing the ASA without one but the tunnel will not stay established.
I have a 7606-S router ( non redundant ) with SUP32 and i wand to replace it with RSP720-3C-GE , i am asking abouth the procedure?shall i switch off the router ? or just removeSUP32 and insert RSP720 ?are there any steps should i do before the upgrade ?i am planning to take the router out of service during the operation, how much down time it will be ?
Any documentation or information pertaining to replacing an existing wireless network. I will be looking to replace a 4400 w/12APs with a 5500 w/12APs. The users typically utilize the WiFi network on a regular, so I am trying to figure out how to replace the existing hardware without interrupting the service.
What would be the best way of handling a situation as such? I am currently looking on the Cisco Doc. website, hoping to find something related to this.
I need to replace an ageing PIX 506e with an ASA 5505.The current setup looks like this: The PIX is used for site-to-site VPN connection via the WAN 2 link. The WAN 1 link is used for general Internet connectivity.I don't have access to the Draytek Router as it is supported by a 3rd party, but I believe it uses static routing to direct the relevant traffic to/from the PIX.
When I replace the PIX with the ASA, the inside i/f connection experiences dropouts - but no errors show in the logs.The only significant difference I can see in the config is that the ASA utilises VLans for the inside & outside interface configs - I used the PIX-to-ASA Migration tool to make the initial configuration on the ASA.In tests, if I only connect the inside i/f of the ASA, pings from the LAN are stable. Once I connect the outside i/f, pings timeout approx 80% of the time.
I got a task to replace our current cisco 2800 series router which is used for easy vpn remote access with cisco asa 5510.I have a got a lot of users, i wish that user shall see no difference except of ip address they are going to use for remote login.
We have two 6509 will active/passive sup 720-3BXL cards in each and 1GB DRAM. Each handles full bgp routing table with 4-5 ISP(eBGP) connections. The problem we are facing is.. 6509 were meant for core/aggregation and seam to be wasted are edge devices. With each ISP added the DRAM creeps up to a point were is it 80% utilized.
I am looking to replace both 6509's with routers which were meant to work on the edge. As mentioned earlier, it will have 4-6 external bgp peers per router. Handle full bgp tables. Should be capable of policy based routing.
My brother's Speedstream has died. Lights don't work, etc. etc. He has ATT DSL in Detroit; Detroit does not have an internet wireless service, so he has to deal with ATT. He's po'd that he's paying $92 a month for service that doesn't work. I told him he needed a new DSL modem.
How to replace a defective redundant sup. I read on several articles that inserting new redundant sup should not be an issue as the active sup will always send its configuation to the standby. We are running SSO on the Sup720. Should I switch it to RPR before I install the redundant sup? I read a case wherein they switched it to RPR from SSO before inserting the new redundant sup. My concern is the IOS mismatch since Cisco doesn't always send the same IOS on RMAs.What I am planning is this.
1. Save/Backup configuration 2. Remove the redundant sup on slot 8 (since it is a 6513) 3. Insert the new redundant sup on slot 8. 4. Check if all the configurations were synced from slot 7 to slot 8. 5. Copy the IOS from sup-bootflash to slavesup-bootflash. (if the IOS are not the same) 6. Check show bootvar to see if the boot variables are correct. 7. If bootvar is the same, reload slot 8 to boot the new IOS.
Is this a good plan or am I missing something? I am worried with this document if the redundant sup has a different software. If i insert the card in slot8, according to Cisco, it will revert to RPR. If slot 8 boots and it has a different OS, then slot 7 will switch to RPR even if it's active. Would I still be able to access the slavesup-bootflash of slot 8? Is it going to boot 100%? I read that doing a force switchover will cause a flip and RPR would cause the line cards to reinitialize and I don't want that. Well I am not going to do a force switchover since i want slot7 to be active and retain slot 8 as hot.
I am replacing a faulty sup720 on a 6513. It s the backup/hot not the active sup. It has the same IOS on it. Is it correct that all I need to do is remove the faulty and replace it with the new sup and do a wr mem? Fromwat I have read their should be no down time all connectivity should remain stable?