Cisco Wireless :: Radius Authentication With Aironet 1140?
Mar 28, 2012
I try to setup a 1141 aironet AP to authenticate my user through our Ms Radius Server ( Win 2008 R2).Everything is fine with small Bussiness AP WAP4410N with the following configuration:But I can't setup successfully the aironet 1141 with the same settings and getting it works.Here is my configuration for the Aironet 1141 Vlan 1 is the ssid I want to get it work with Radius.
View 1 Replies
ADVERTISEMENT
Jan 25, 2012
I bought 2 Cisco 1140 series Access Points a couple of months ago. We would like to use PEAP to autheticate with Microsoft IAS Radius Server & Active directory. I cannot find a document which describes how to setup this type of configuration. The only document which is close is how to setup LEAP & with ACS: [URL] I initially followed the 'TechReplublic's Ultimate Guide to Enterprise Wireless LAN Security' which has all the steps to setup Radius server, client side configuration, Certificates and finally a handy excel script to generate a config for the AP. This did not work. [URL] I am now trying to configure the AP using the Web GUI. I can see the network on the client machine but when I try to connect it timesout.
View 1 Replies
View Related
Aug 2, 2011
I've set up a Cisco Aironet 1301 AP to be used for a guest network. I've got several other of the Aironet 1140-series around the business but none of them are in reach of this one at the moment.
The problem I have is that clients that try to connect to the AP are either not able to connect at all or lose their connection after some seconds. The config is more or less copied from the other APs with the same guest VLAN.
View 2 Replies
View Related
Jun 3, 2012
I have a Cisco Aironet 1140 with ENABLED broadcasting SSID, encryption is WPA2(personal). Ubuntu 12.04 and Windows 7 are authenticated, but MACBooks never be authenticated. Any specific configuration for MAC books?
View 6 Replies
View Related
Dec 19, 2010
I just installed an Aironet 1140 to replace a Netgear ProSafe access point that I had in my network prior. I'm having one issue that I can't figure out though. None of the client PCs can establish a connection to an external (over the internet) VPN server while on the Aironet wireless. If i unplug the AP and plug a PC into the same port that normall feeds the Aironet I can VPN just fine.
Is there any "VPN Passthrough" option that needs to be enabled somewhere on the 1140 that is blocking this traffic for some reason?
i'm running the following IOS BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(18a)JA3, RELEASE SOFTWARE (fc1) and I've included my running config below
Current configuration : 2092 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname ap!enable secret 5 [omitted]!no aaa new-model!!dot11 syslog!dot11 ssid MetroC authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 [omitted]!!!username Cisco password 7 [omitted]!!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid MetroC ! antenna gain 0 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid MetroC ! antenna gain 0 no dfs band block speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. channel width 40-above channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto no keepalive bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.1.3 255.255.255.0 no ip route-cache!ip http serverno ip http secure-serverip http help-path [URL]
View 9 Replies
View Related
Dec 16, 2012
We have 6 aironet 1140's throughout the office I have them all configed as one ssid but I would like the DHCP to come from our Windows server. Right now I have set them up with ip dhcp pools. So what is the secret to get them to send dhcp requests to the Windows server?
View 3 Replies
View Related
Dec 10, 2012
If I do a speed test (bandwidthplace.com) while connected to a remote locations 1140 standalone access point, the download/upload speeds are roughly 100kbps. There are no other devices connected to the access point at the time. Wired PCs on the LAN that the access point is connected to are not having a problem.Pings from the laptop, through the access point, to our central WAN router are at <10ms.The WAN circuit (remote location to headquarters) is 5Mbps. No congestion.Circuit out from headquarters to I'net is 50Mbps. No congestion.Access point and router interfaces show no errors or collisions, etc. The configuration is the same as 28 other standalone access points in 28 different LANs on the WAN. They have no problems.
View 5 Replies
View Related
Aug 8, 2012
I have an Aironet 1140 AP that will not connect to the network when on PoE (either using a Cisco PoE injector) or a Avocent Switch that provides PoE.
The AP will boot up and and devices will connect to it (the LED changes to blue) but none of the devices can get access to the corporate network or internet. When the AP is powered by the standard power supply, it operates normally, i.e. devices can access the network. Are there settings that can be changed to get the AP to work correctly on PoE?
View 4 Replies
View Related
Nov 18, 2012
I am using a Aironet 1100 series access point (AIR-AP1142N-N-K9) with IOS version c1140-k9w7-tar.124-21a.JA1. I want to create two seperate SSID's on the access point with WEP encryption. There is no VLAN configured and i want it to be like it. Also I need to broadcast both the SSID's at the same time, so the some of my users need to login with the first SSID and the others to login through the other.
View 2 Replies
View Related
Jun 4, 2012
I have recently setup one stand alone aironet 1140 with mostly default settings with WPA key. but, it seems sometimes it's dropping the connections. hardly 15 users are connecting to aironet at the moment.
View 2 Replies
View Related
Oct 31, 2012
Just a few days ago, one of my coworkers computer was unable to see any of our wireless access points - all aironet 1140. He is one of two using a Win 7 machine, everybody else uses Mac with either Lion or Mountain Lion. The Macs can "see" and connect to our wireless AP's just fine.
The odd thing is that is his computer can pick up our neighbors wireless access points, but can't "see" ours. Also, a few peoples phones can no longer detect them either - both iphone 4's (ios 5.1.1 and 6) and androids (2.3 and 4)
No changes were made to our AP's, then people started having wifi issues.
View 10 Replies
View Related
Nov 6, 2012
The command that is given returns an error at the letter a in archive. The command I used was: archive download-sw /overwrite /reload tftp:// obviously with my tftp server info and file name at the end. I logged in with privileged EXEC mode as directed, but archive is not listed when I type ? to get a list of commands. I need to have this AP up and running by Monday.
View 3 Replies
View Related
Dec 28, 2011
For some time now I have been looking for a good business class wireless AP. I've narrowed it down to the Cisco Aironet 1140 standalone (no controller). I'm no stranger to Cisco products. I've worked with their routers, switches and Pix/ASA firewalls. However, I've not had the opportunity to work with their wireless AP's. Anyone using these AP's (more specifically the 1140 standalone), can provide information on the reliability and security of these devices. Some of the features I would like to have like Radio Mgmt. and Rogue AP Detection I see are only available on the controller based units. Does not having these features on the standalone unit reduce its reliability and security? This is for a small business and the budget does not allow to drop for a controller at this time.
View 7 Replies
View Related
Apr 26, 2013
I wanted to know if anyone can say with certainty how many clients can stay connected 'Aironet 1140 series. I state that I should connect WiFi in about 350 clients.
View 6 Replies
View Related
Mar 25, 2013
I am having an issue with my Android Tablet running 4.1 (Jelly Bean). It is able to the SSID, but when I try to connect - it stays connecting and then says saved, and never connects, as it does not pick up an IP address. I updated the firmware on the Aironet 1140 due to my Windows 8 pc's not connecting as well, it solved my Windows 8 problem, just not my Android Tablet problem. My Ipads do work. Just any android device I connect.
View 1 Replies
View Related
Nov 26, 2012
I've got an AIR-AP1142N-E-K9 access point, i've got the Radio0-802.11n(2.4ghz) enabled and the 5.0ghz disabled.
i've got my client real close to the AP and i only get a connection speed of 72Mbs.
Shouldn't i get 150mbs? Maybe some wrong configuration?
View 14 Replies
View Related
Sep 17, 2012
I recently changed the configuration of my Aironet 1140 from WEP to WAP2-Enterprise to make it more secure. I am using the WAP as the radius server. After making the change I connected my Blackberry to the wap as well as a Samsung Chromebook. However when I tried to connect my HP laptop it is unable to connect. Watching from the Aironet's console I see that it is processing the association and windows ask me to enter my uid and password. When I do this I get an authentication error. I have tried several times adjusting parameters on windows but it always fails. Here is the configuration of the WAP:
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
[Code]....
View 2 Replies
View Related
Jan 10, 2012
I am in the process of installing an Aironet 1140 standalone AP. I have not worked with these AP's before. I will be connecting it to one of the PoE ports on the existing ASA 5505. My goal is to have 2 SSID's, one for internal network and one for guest internet only, no access to internal LAN. I want to have the internal wifi clients and the guest clients on seperate IP networks. The internal clients obtain DHCP from the existing server and use the ASA DHCP server for the guest clients. And of course, I would like the ability to manage the AP from the internal network. I am providing copies of my current configs for both the ASA and Aironet.
View 4 Replies
View Related
Nov 30, 2011
Users are facing issue since a long time now . Whenever user connected to wireless is idle say 10 -20 seconds he gets disconnected This happens for all the users and even Mac/Win 7 I changed Activity Timeout on AP and even rebooted but still when I do show dot11 associations all-client I see activity-timeout
Users don't get disconnected when there is continous flow of data its only when user is idle
When user disconnects and hit refersh it starts working again
View 1 Replies
View Related
May 28, 2013
I'm installing the first out of 10 Aironet AP's with an inline injector. The lights on the Aironet and alernating blue, green, red. I know the error code is for DHCP, but when I plug it in I see the AP on my DHCP server and it does pull an IP address. I can ping the ip address, but I cannot access it through my browser.
I have tried deleting the entry out of the DHCP and power it back on again. I have also tried another unit with the same results. I don't have a RJ-45 to serial cable.
View 10 Replies
View Related
Mar 27, 2013
I just installed 2 new units and neither will connect to a new HP gigabit switch - no link light, other devices can connect to the switch OK. Their gigabit ethernet settings are set to auto for duplex and speed. I also tried forcing one of them to full duplex and 1000 Mbps which didn't work either. They're both powered by POE injectors. If I connect them to a 10/100 switch they work fine.
View 8 Replies
View Related
Feb 13, 2012
Our office has 4 Cisco Aironet 1140 access points mounted on the ceiling. They are all powered via PoE. Every few days 3 of the 4 access points hang and have to be rebooted. When they hang I am not able to connect to their web interface to check the logs. The fourth, for some reason, always seems to stay alive.
I checked the configuration for all AP's and "Hot Standby" is disabled They are all using static IP addresses. I've tried 2 different banks of static IP addresses and 3 of 4 still hange so I don't think this is an IP conflict. I have saved the configurations and compared them and they are all identical, where possible.
They all have software version: 12.4(21a)JA1
They all have bootloader version: 12.4(23c)JA1
I have tried to download the latest software/firmware, but unfortunately I do not have a valid service contract in place with Cisco and therefore can't download the latest version. All of our CISCO hardware was purchased from Amazon resellers but no luck. I have also tried to contact Cisco and they can't seem to assist either. How I can get a valid service contract that information would also be very useful!!!
why 3 of our 4 access points would hang? When they hang, I can't login to the web interface and the logs seem to reset when I reset each access point. I have also set up an rsyslog server and I don't see a log entry that would indicate a problem.
View 2 Replies
View Related
Apr 11, 2011
In our project we are building a smartphone application dat determines the locations of persons in a building, using Wifi access points.Using 3 accespoint we are calculating the overlap of 3 circles.Today we measured the signal strength and found out that it changes around alot.So we dont really know if our measurements are right.
We would like to know what the RSSI strengths are of the following access point per meter.Cisco Aironet 1140 2.4 ghz
View 1 Replies
View Related
Oct 12, 2012
We have been successfully using our Aironet 1140 AP in standalone mode with mainly Windows pcs & laptop users, and now, iPads and iPhones. All seem to connect happily through the 1140.
Recently we have a requirent to be able to use Apple's Airplay. Basically, it is not working through the 1140, it works ok via wired ethernet. Can the 1140 support Airplay? - If yes, what precisely must be enabled/configured?
We have a single Class C network without any Vlans. I understand multicast must be enabled, I can't see where to enable this. How to get this working if it is at all possible.
View 3 Replies
View Related
Mar 26, 2012
I have some aironet 1200 AP's. I want to use this with a windows 2008 radius server. I followed the guide on [URL]. Unfortunately I can not get this working. In the securtiy log of the event viewer there is always the message "authenication was not succesful because an unknown username or incorrect password".
- Is it possible to get this working?
- If yes, is there a manual how to configure the AP's and the radius server, or are there any hints?
- Is this the best way to setup a wireless network or is there a better way?
I saw there is also a local radius server inside the 1200. Can all the 1200's work together? I suppose that if I use the built-in radius server than I can't make a connection to my AD database, correct?
View 3 Replies
View Related
Jul 4, 2012
how to setup ACS 5.3 to authenticate wireless users over radius? I currently have the SSID pointing to a Microsoft IAS server and would like to move the authentication to be done via ACS.
View 1 Replies
View Related
Sep 3, 2011
I have a Cisco C1140 Ap. I have cnfigured the device. Initially for testing i used WPA and authenticated locally. I have now setup a radius server and added my AP in as a client etc. I have changed my SSID's to authenticate with the radius server and i am having issues authenticating.I can connect via a PC and an iphone. They say that i am connected but i get no ip address and the debugs.
View 1 Replies
View Related
Mar 18, 2013
I'm working on a project where a wi-fi client is tracked and located using RADIUS authentication requests. The problem I'm running into is that the WLC (5508) sends an RADIUS authentication request to my freeradiusd, which is ok so far, but if the client roams to another accesspoint (3602AG, 1131AG, 1252AG), the WLC does not send a further RADIUS auth. request - and the client is allowed to connect to the next ap.Is there an option like RADIUS-cache which I can disable, so that the WLC sends everytime an authentication request when a client tries to connect to an ap or roams from one ap to another one?
View 4 Replies
View Related
Jun 20, 2012
I configured the 2504 with 2 SSIDs for staffs and guests.I also configured the Lobby admin with web auth. But if a guest wants to connect our wireless he/she has to enter the PSK key and then only they are able to connect with the user id and password given by Lobby admin. Can we avoid this key and let the guests connect straightaway with the web auth?I’m planning to configure 802.1x & Radius dual authentication for staffs SSID..
View 5 Replies
View Related
Feb 16, 2012
I am setting up a WIFI network with a Cisco 5508 controller. I want to configure a first WIFI network (WIFI1) that will authenticate my business laptop based on the AD computer accounts and will access my corporate network.I want to setup a second WIFI network (WIFI2) that will authenticate my phones and tablets devices with AD user accounts and will be on a separate vlan with only access to the Internet.I created 2 policies on the Radius server : one that authenticate computers coming from wireless and a second one authenticating users coming from wireless.
if a user manually creates the WIFI1 network on his phone and enter his AD username, he is going to have access to the corporate network. I would like to be able to say that when a request is coming from WIFI1, only the policy for authenticating wireless devices with computer accounts will apply and the second policy authenticating user wouldn't apply.
View 1 Replies
View Related
Apr 30, 2012
Below is he output from debug radius authentication from my AP.
I can see request is forwarding from AP to radius but Radius is not sending any response.Not sure why its not responding.
I also did not under stand few out outputs also
no sg in radius-timers and
RADIUS/DECODE: parse response no app start; FAIL
what does it mean.
I restarted radius server , changed secret key but no luck.
019639: May 1 16:15:08.727: RADIUS: User-Name [1] 32 "host/3KYGRH1.idcap.intdata.com"
019640: May 1 16:15:08.727: RADIUS: Framed-MTU [12] 6 1400
019641: May 1 16:15:08.727: RADIUS: Called-Station-Id [30] 16 "0012.01d6.f691"
[Code]...
View 4 Replies
View Related
Jan 9, 2013
i am trying to connect clients to my AP1231 which is running C1200 Software (C1200-K9W7-M), Version 12.3(8)JED. Client authentication is against RADIUS server. [code]
View 3 Replies
View Related
Nov 1, 2012
Would like to check out some client side setting on Wireless 802.1x authenticaiton.
Network setup is using
- Cisco WLC 7.2 and AP3500,
- ACS 5.3
- Microsoft Windows server 2008 hosting AD and CA services (same machine)
- Client OS is Microsoft Window 7.
Authentication mehtod would use PEAP-MSChap V2 Combo.
My question :
01. In AD environment, should ACS 5.3 be part of the domain computer?
02. To have secure connectivity, IF the security policy force client to check "Validate server certificate", which certificate it is look for? Is it ACS's identity certifate, that require CA server to sign on the CSR?
03. Back to client side, should the client also need to import this certificate in trusted root certification authorities?
Or the client will trust ACS identity certificate against the root CA certificate store at client's trusted root certification authorities, where they have the identical issuer?
04. Extra question: If no CA environment, would it be sufficient simply export ACS self-signed certificate and import to client computer, and it's trusted?
View 3 Replies
View Related