cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

432
Views
0
Helpful
20
Replies
VIP Mentor

Re: Converted AP to autonomous can telnet but no longer login to web page with credentials

If that is the case, simple config like below should work. Once configured, you should be able to ping 141.1 IP from your AP IP address.

I expect you connect this AP to a switch port that is configured for vlan 141

conf t
hostname <AP_NAME>
username <ADMIN_USER> privilege 15 secret <ADMIN_PASSWORD>
!
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio1
channel width 40-above
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!
interface BVI1
ip address 192.168.141.x 255.255.255.0
!
ip default-gateway 192.168.141.1
end
write memory

 

HTH

Rasika

*** Pls rate all useful responses ***

Beginner

Re: Converted AP to autonomous can telnet but no longer login to web page with credentials

Hello,

 

I appear to of confused myself with this and can't figure it out, maybe I've over complicated it.  I have the AP in my switch, the switch port is a trunk port.

 

On the AP I want 3 SSIDs:

 

SSID1 - MyNet-2.4Ghza (VLAN 140) - IP 192.168.140.x/24 gateway 192.168.140.1

SSID2 - MyNet-5Ghza    (VLAN 140) - IP 192.168.140.x/24 GW 192.168.140.1

SSID1 - MyNet-Guest     (VLAN 142) - IP 10.1.1.x/24 gateway 10.1.1.1

 

I've set up the above VLANs (gateways) on my firewall and I can ping them fine.  I'm not sure if I can have the My-Net SSIDs on the same VLAN?  If not I will put one on 140 and the other on 141.

 

This is my config which doesn't work.  If I set the trunk port to just an access port for VLAN 254 I can ping the APs IP of 192.168.254.8, if I set to a trunk I can't:

 

This config doesn't have the guest network I want on 10.1.1.x as I want to get the first 2 working.

 

Are you able to provide a config I can try?  Thanks again!

 

hostname Cisco-AP2
!
dot11 ssid MyNet-2.4Ghza
   vlan 141
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid MyNet-5Ghza
   vlan 140
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxx
!
!
dot11 ids mfp detector
!
power inline negotiation prestandard source
no ipv6 cef
!
bridge irb
!!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 141 mode ciphers aes-ccm
 !
 ssid MyNet-2.4Ghza
 !
 antenna gain 0
 stbc
 mbssid
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 station-role root
!
interface Dot11Radio0.141
 encapsulation dot1Q 141
 bridge-group 141
 bridge-group 141 subscriber-loop-control
 bridge-group 141 spanning-disabled
 bridge-group 141 block-unknown-source
 no bridge-group 141 source-learning
 no bridge-group 141 unicast-flooding
!
interface Dot11Radio0.254
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption vlan 141 mode ciphers aes-ccm
 !
 ssid MyNet-5Ghza
 !
 antenna gain 0
 peakdetect
 no dfs band block
 stbc
 mbssid
 channel width 40-below
 channel dfs
 station-role root
!
interface Dot11Radio1.140
 encapsulation dot1Q 140
 bridge-group 140
 bridge-group 140 subscriber-loop-control
 bridge-group 140 spanning-disabled
 bridge-group 140 block-unknown-source
 no bridge-group 140 source-learning
 no bridge-group 140 unicast-flooding
!
interface Dot11Radio1.254
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address 80e0.1dc6.508c
 ip address 192.168.254.8 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 192.168.254.1
ip forward-protocol nd
ip http server
ip http secure-server
!
access-list 111 permit tcp any any neq telnet
bridge 1 route ip

 

Hall of Fame Master

Re: Converted AP to autonomous can telnet but no longer login to web page with credentials

Make sure that the vlan for the ap management is configured as the native vlan. The ap doesn’t like tagged vlans for management.

-Scott
*** Please rate helpful posts ***
Beginner

Re: Converted AP to autonomous can telnet but no longer login to web page with credentials

Thanks this, certainly helped, but I can't see the SSIDs broadcasting from any device.

I can log on to the AP via the management IP now (thanks) and I can ping the gateways for these new SSIDs (VLAN 140 and 141 etc).

 

I take it I can't have 2 SSIDs on one VLAN so ssid MyNet-2.4Ghza & ssid MyNet-5Ghza?

 

Latest config

hostname Cisco-AP2
!
!
logging rate-limit console 9
enable secret 5 $1$mJLV$wojoqyj3lxHF23F82UwUD/
!
no aaa new-model
no ip source-route
no ip cef
ip domain name home.andy-white.co.uk
!
!
!
!
dot11 pause-time 100
dot11 syslog
!
dot11 ssid MyNet-2.4Ghza
   vlan 141
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 xxx
!
dot11 ssid MyNet-5Ghza
   vlan 140
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 xxx
!
!
dot11 ids mfp detector
!
power inline negotiation prestandard source
no ipv6 cef
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 141 mode ciphers aes-ccm
 !
 ssid MyNet-2.4Ghza
 !
 antenna gain 0
 stbc
 mbssid
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 station-role root
!
interface Dot11Radio0.141
 encapsulation dot1Q 141
 bridge-group 141
 bridge-group 141 subscriber-loop-control
 bridge-group 141 spanning-disabled
 bridge-group 141 block-unknown-source
 no bridge-group 141 source-learning
 no bridge-group 141 unicast-flooding
!
interface Dot11Radio0.254
 encapsulation dot1Q 254 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption vlan 141 mode ciphers aes-ccm
 !
 ssid MyNet-5Ghza
 !
 antenna gain 0
 peakdetect
 no dfs band block
 stbc
 mbssid
 channel width 40-below
 channel dfs
 station-role root
!
interface Dot11Radio1.140
 encapsulation dot1Q 140
 bridge-group 140
 bridge-group 140 subscriber-loop-control
 bridge-group 140 spanning-disabled
 bridge-group 140 block-unknown-source
 no bridge-group 140 source-learning
 no bridge-group 140 unicast-flooding
!
interface Dot11Radio1.254
 encapsulation dot1Q 254 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address 80e0.1dc6.508c
 ip address 192.168.254.8 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 192.168.254.1
ip forward-protocol nd
ip http server
ip http secure-server
!
snmp-server community m0n1t0r RO
access-list 111 permit tcp any any neq telnet
bridge 1 route ip

 

EDIT/UPDATE:  I removed "mbssid" and they now show up, but I don't get a password prompt.

 

Thanks

Hall of Fame Master

Re: Converted AP to autonomous can telnet but no longer login to web page with credentials

That is correct. You should just have the SSID broadcast on both bands. To broadcast the SSID you need to enter guest-mode.

https://www.cisco.com/c/en/us/support/docs/interfaces-modules/security-modules-routers-switches/116586-config-ap-00.html
-Scott
*** Please rate helpful posts ***
Highlighted
Hall of Fame Master

Re: Converted AP to autonomous can telnet but no longer login to web page with credentials

I’m on my mobile and your config doesn’t show up properly. Take a look at this config example:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116599-config-wpa-psk-00.html
-Scott
*** Please rate helpful posts ***
CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards