Solved: Minimal functionality embedded access point

Antoni.Moreno · ‎08-24-2014

I would like to know why do my AP is so limited?

It looks like i can't do much with that... Info:

ap(config)#exit

ap#?

configure Configuration method

debug Debugging functions (see also 'undebug')

no Disable debugging functions

password New password (SPACE and TAB are not supported)

ping Send echo messages

show Show running system information

terminal Set terminal line parameters

undebug Disable debugging functions (see also 'debug')

ap#conf t

Enter configuration commands, one per line. End with CNTL/Z.

ap(config)#?

do To run exec commands in config mode

dot11 IEEE 802.11 config commands

end Exit from config mode

exit Exit from config mode

global-max-clients Global Max Clients

interface Select an interface to configure

ap(config)#int ?

BVI Bridge-Group Virtual Interface

Dot11Radio IEEE 802.11 WLAN Interface

ap(config)#int dot11 ?

<0-0> Dot11Radio interface number

ap(config)#int bvi ?

<1-1> BVI interface number

ap(config)#dot11 ?

guest-ssid Configure radio Guest service set parameters

ssid Configure radio Main service set parameters

ap(config)#

-----------------------------------------

Router

#sh ver

Cisco IOS Software, C860 Software (C860VAEW-ADVSECURITYK9-M), Version 15.3(3)M2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 30-Jan-14 02:21 by prod_rel_team

ROM: System Bootstrap, Version 15.3(3r)M, RELEASE SOFTWARE (fc1)

Router uptime is 1 day, 1 hour, 10 minutes

System returned to ROM by power-on

System image file is "flash:c860vaew-advsecurityk9-mz.SPA.153-3.M2.bin"

Last reload type: Normal Reload

Last reload reason: power-on

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco C866VAE-W-E-K9 (revision 1.0) with 385024K/32768K bytes of memory.

Processor board ID GMK1730008Z

1 DSL controller

1 Ethernet interface

3 FastEthernet interfaces

4 Gigabit Ethernet interfaces

1 ATM interface

1 terminal line

1 Virtual Private Network (VPN) Module

255K bytes of non-volatile configuration memory.

131072K bytes system flash allocated

Configuration register is 0x2102

Vinod Arya · ‎08-30-2014

While checking more details on this series of Router with embedded AP, it seems it is unlike the other models of 8xx series.

The C86xVAE-W router models (C866VAE-W-E-K9, C867VAE-W-E-K9, C867VAE-W-A-K9, C867VAE-POE-W-A-K9) contain an embedded AP called the AP860VAE. Unlike the AP801/AP802 in other 8xx routers, this AP does not run IOS, but is a Broadcom AP running Linux. It can only run in autonomous mode (does not support CAPWAP).

The AP comes out of the box configured with 4 SSIDs, Cisco860, Cisco860_Guest1, Cisco860_Guest2, Cisco860_Guest3, with the Cisco860 SSID enabled and open. A client can associate to the AP and will, by default, get an address from 10.10.10.0/29. The AP's address is, by default, 10.10.10.2.

You can telnet to the AP CLI. You can do this the same as you would with an AP801/AP802, i.e. reverse telnet out the router's line 2, i.e. telnet to the router's IP address, TCP port 2002. It does not appear that the AP860VAE supports telnet or ssh itself. It does have an HTTP GUI interface.

The default username/password on the AP860VAE is admin/admin. You will be forced to change the password when you first log in.

Unfortunately, there is no VLAN support for the AP860VAE. I.e. the Wlan-GigabitEthernet0 interface on the router must be an access port, and whatever VLAN that is in, that's what the AP860VAE - and all of its SSIDs - are in. CSCuo04717 Bug-Preview for CSCuo04717 has been filed as a doc bug, to reflect this clearly in documentation.

Ideally it is recommended to have most of the configuration using GUI which is much easier compared in CLI.

Configuring steps from GUI are present here, please check :

Configuring WLAN using web-based interface

-Thanks

Vinod

**Encourage Contributors. RATE Them.*

-Thanks Vinod **Rating Encourages contributors, and its really free. **

View solution in original post

Vinod Arya · ‎08-25-2014

I am sure the 800 router series embedded AP's have almost all the necessary configuration required for an AP to work properly.

Following is the guide for Basic Wireless Configuration for Cisco 800 Series ISR. You have to be specific, on if you think the AP is missing some features in it:

http://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide/SCG800_Guide_BookMap_chapter_01001.html#con_1059792

Please check and verify if you think there is something missing as compared to the Cisco Unified Wireless infrastructure AP's.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Antoni.Moreno · ‎08-30-2014

Hi, Vinod

Thanks for you reply.

It seems that all docs are referring more to 880 and 890 and since i have a 860vae-w-e-k9 the cli commands are mostly not fitting i'll explain:

First i do not have the interface Wlan-ap0, it's just does not exist.

service-module wlan-ap 0

Interface Wlan-ap0 not producing any result my assumption is that the 860vaew model doesn't even have this interface in the build.

May be that this is my Wlan-gigabitethernet0 who knows??

In addition when i try to configure a Vlan to SSID it's not possible.

Dot11radio is only from 0 to 0.

Please look at my configuration options there not so many.

Can be that i have the unified image loaded?? cause i use autonomous i don't have a WLC.

Going crazy have ben reading almost every 860 docs but it seems that it's all referring to 880 and 890 not 860.

Thanks

Vinod Arya · ‎08-30-2014

While checking more details on this series of Router with embedded AP, it seems it is unlike the other models of 8xx series.

The C86xVAE-W router models (C866VAE-W-E-K9, C867VAE-W-E-K9, C867VAE-W-A-K9, C867VAE-POE-W-A-K9) contain an embedded AP called the AP860VAE. Unlike the AP801/AP802 in other 8xx routers, this AP does not run IOS, but is a Broadcom AP running Linux. It can only run in autonomous mode (does not support CAPWAP).

The AP comes out of the box configured with 4 SSIDs, Cisco860, Cisco860_Guest1, Cisco860_Guest2, Cisco860_Guest3, with the Cisco860 SSID enabled and open. A client can associate to the AP and will, by default, get an address from 10.10.10.0/29. The AP's address is, by default, 10.10.10.2.

You can telnet to the AP CLI. You can do this the same as you would with an AP801/AP802, i.e. reverse telnet out the router's line 2, i.e. telnet to the router's IP address, TCP port 2002. It does not appear that the AP860VAE supports telnet or ssh itself. It does have an HTTP GUI interface.

The default username/password on the AP860VAE is admin/admin. You will be forced to change the password when you first log in.

Unfortunately, there is no VLAN support for the AP860VAE. I.e. the Wlan-GigabitEthernet0 interface on the router must be an access port, and whatever VLAN that is in, that's what the AP860VAE - and all of its SSIDs - are in. CSCuo04717 Bug-Preview for CSCuo04717 has been filed as a doc bug, to reflect this clearly in documentation.

Ideally it is recommended to have most of the configuration using GUI which is much easier compared in CLI.

Configuring steps from GUI are present here, please check :

Configuring WLAN using web-based interface

-Thanks

Vinod

**Encourage Contributors. RATE Them.*

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Antoni.Moreno · ‎08-31-2014

Vinod, Thanks for the quick reply.

I did all of the above written before but didn't get confirmation for the true capabilities of the router until now.

So it seems that my biggest fear was to find out that the router is low end product.

I wouldn't call it junk but in terms of access point i'm afraid that's true.

I got all running but now it's all clear.

What i was trying to do is to isolate the guest SSID from the main SSID (ssid isolation doesn't work).

In addition web access doesn't work for me.

interface BVI 1

ip address 10.10.10.2 255.255.255.0

no shutdown

Router#sh int vlan 1

Vlan1 is up, line protocol is up

Hardware is EtherSVI, address is xxxxxxxxxxx)

Description: $FW_INSIDE$

Internet address is 172.16.0.2/24

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not supported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:08, output hang never

Last clearing of "show interface" counters never

Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 2

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 2000 bits/sec, 2 packets/sec

5 minute output rate 1000 bits/sec, 2 packets/sec

1610777 packets input, 246605928 bytes, 0 no buffer

Received 7479 broadcasts (7642 IP multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

2203367 packets output, 2602583339 bytes, 0 underruns

0 output errors, 1 interface resets

7612 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

Router#ping 10.10.10.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Router#trace ip 10.10.10.2

Type escape sequence to abort.

Tracing the route to 10.10.10.2

VRF info: (vrf in name/id, vrf out name/id)

1 DSL modem (192.168.0.2) 4 msec 4 msec 0 msec

2 * * *

3 * * *

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

access-list 1 permit 10.10.10.0 0.0.0.255

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport trunk allowed vlan 1-3,1002-1005

switchport mode trunk

no ip address

What is wrong here?

Thanks

Vinod Arya · ‎08-31-2014

8xx series was intended as a router with AP capabilities. This one is unfortunately have very basic wireless functions.

The default ip address to access the GUI ( via the BVI interface ip address) is 10.10.10.2. Default username/password is admin/admin. Upon initial login, user will be prompted to change the default username/password.

As mentioned, there is no VLAN support for the AP860VAE. I.e. the Wlan-GigabitEthernet0 interface on the router must be an access port, and whatever VLAN that is in.

Though it mostly seems to be on the routing configuration for reachability, you can try to configure another IP on the BVI interface to see it works properly.

You can later check with show interfaces BVI 1 command for more statistics on this interface, if any drops etc.

-Thanks

Vinod

**Encourage Contributors. RATE Them.*

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Jimdotcom · ‎09-17-2014

Vinod, can you confirm whether it's possible to disable the web GUI for the AP?

I would prefer for this to be disabled, and it doesn't look like the use of the no ip http server command is valid here.