11-21-2013 05:08 AM - edited 03-04-2019 09:38 PM
Hi,
I can't figure out why the wireless interface is not comming up, or the SSID can't be found.
The current config:
THE CONNECTION TO THE SWITCH
interface FastEthernet4
description secondary-TO_SW
no ip address
no ip route-cache
duplex auto
speed 100
no cdp enable
!
interface FastEthernet4.109
encapsulation dot1Q 109
ip address 192.168.71.4 255.255.255.0
no ip route-cache
!
THE INTERFACE
R#sh run int dot11Radio 0
Building configuration...
Current configuration : 299 bytes
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers tkip
!
broadcast-key vlan 10 change 45
!
!
ssid MY SSID
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
end
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers tkip
!
broadcast-key vlan 10 change 45
!
!
ssid MY SSID
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
What am I missing?
Thank you
11-21-2013 05:41 AM
Under your ssid config, you need to set it to guest-mode to broadcast.
Sent from Cisco Technical Support iPhone App
11-21-2013 05:51 AM
I need it to be secure, and I've read:
"The access point includes the guest SSID in its beacon.
However, if the network must be secure, do not create a guest mode SSID on the access point.
"
ref: Cisco doc
11-21-2013 06:33 AM
is there any other way to bring it up?
11-21-2013 06:36 AM
If you don't want to broadcast, that's fine but you'll need to manually create an profile for your laptop to connect to it.
Not broadcasting the ssid isn't a good security measure by the way. Anyone can still capture wireless packets of someone connected to your ssid via configured profile and still get the ssid in the handshake between another user and their connection.
Sent from Cisco Technical Support iPhone App
11-21-2013 07:14 AM
I missunderstood that then.
I want to broadcast it as it will be used for the office guests anyway, and will set a password/
11-21-2013 08:04 AM
ok,
I got this:
R(config)#dot11 ssid MY SSID
R(config-ssid)#guest-mode
R(config-ssid)#
*Mar 5 12:08:16.833: %DOT11-4-NO_SSID: No SSID configured. Dot11Radio0 not started.
R(config-ssid)#
But the SSID is configured:
-------------------------------------------------------
R#sh run ssid MY SSID
Building configuration...
Current configuration:
dot11 ssid
MY SSID
vlan 10
authentication open
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
end
R#
-------------------------------------------------------
R#sh run int dot11Radio 0
Building configuration...
Current configuration : 299 bytes
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers tkip
!
broadcast-key vlan 10 change 45
!
!
ssid MY SSID
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
end
-------------------------------------------------------
11-21-2013 08:36 AM
Please post the complete ssid config and dot11 interface configuration.
HTH,
John
*** Please rate all useful posts ***
11-21-2013 09:50 AM
R#sh run ssid MY SSID
Building configuration...
Current configuration:
dot11 ssid MY SSID
vlan 10
authentication open
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
end
R#sh run int dot11Radio 0
Building configuration...
Current configuration : 299 bytes
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers tkip
!
broadcast-key vlan 10 change 45
!
!
ssid MY SSID
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
end
= = =
I also added the following (in bold):
bridge irb
!
interface Vlan109 <----- The VLAN used on the F4 with the internet switch
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
no ip address
!
bridge 1 route ip
!
11-21-2013 11:12 AM
Okay, let's start from the top. Did you create vlan 10 on the router? To verify this, you should be able to do "show vlan-switch". I don't have an 870 handy to look at, so this is almost like the blind leading the blind. On a normal AP, you have to tie a subinterface to a vlan. When you start creating vlans outside of the native, you have to tell the AP what vlan to attach to with subinterfaces. You may have to do that with this as well.
Try this. Keep your current ssid on d0. Then add the following:
int d0.10
encaps dot1 10
bridge-group 10
int fa0.10
encaps dot1q 10
bridge-group 10
int bvi1
ip address
Try to bring up the interface and see if it works. Let me know the outcome. This config could change if you have an integrated wireless adapter in the router.
HTH,
John
*** Please rate all useful posts ***
11-21-2013 12:59 PM
yes, the vlan is created on the switch:
R#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0, Fa1, Fa2, Fa3
10 VLAN0010 active
109 VLAN0109 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
10 enet 100010 1500 - - - - - 0 0
109 enet 100109 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
R#
after issuing:
int d0.10
encaps dot1 10
bridge-group 10
the interface came up, yes!
The next command I don't get it:
int fa0.10 <------------- Which sub interface is that?
encaps dot1q 10
bridge-group 10
There are two main interfaces involved;
The F4 to the switch and the interface Dot11Radio0
, please correct me if Im wrong?
Right now I can see the SSID, but it says that is secured with 802.1x instead of WPA, but this its the SSID config:
dot11 ssid MY SSID
vlan 10
authentication open
authentication network-eap eap_methods
authentication key-management wpa < -------------------------------
guest-mode
and when trying to define the key it says:
R(config-ssid)#wpa-psk ascii ***********
Error: WPA-PSK not supported with EAP/LEAP, with WPA mandatory
11-21-2013 01:08 PM
Yes, you have it configured with eap authentication with your "authentication network-eap" line under the ssid. Remove that line and then add "wpa-psk ascii
For normal APs, you need the fa0.10 interface to bind to the d0 interface that attaches to the svi. You may not need it here though since you have the bvi interface and a vlan interface. Test without it first and see how it goes.
HTH,
John
*** Please rate all useful posts ***
11-21-2013 01:21 PM
ok,
its authenticating on the wifi client, but it get stuck on the "get ip", and the router cli shows:
*Mar 5 17:35:05.214: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station ac22.0b64.ca6c Reason: Sending station has left the BSS SSID[MY_SSID]
should add the DHCP pool, right?
something like:
ip dhcp pool WIRELESS
network 10.10.1.0 255.255.255.0
default-router 192.168.71.1 (the interface F4 default gateway, right?)
dns-server ***.***.***.*** ***.***.***.*** (the ones provided my provider?)
!
router has:
ip default-gateway 192.168.71.1
one other dumb question?
How does it associates the dhcp pool to the wireless interface?
11-21-2013 01:30 PM
No, this is where your bvi comes in at. You'd add a pool for wireless:
ip dhcp pool WIRELESS
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1 (the bvi interface)
dns-server ***.***.***.*** ***.***.***.*** (the ones provided my provider?)
Create that with:
int bvi1
ip address 10.10.1.1 255.255.255.0
Oh, it associates dhcp to the wireless by seeing what the ssid is bound to. Since you have the ssid on d0, d0.10 is bound to the bvi. Anything that attaches to the ssid will show that it's coming from 10.10.1.0/24 and will associate to the pool on the router.
HTH,
John
*** Please rate all useful posts ***
11-21-2013 01:56 PM
still getting the following on the CLI when the tablet tries to get an IP:
18:08:56.487: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ac22.0b64.ca6c Associated SSID[MY_SSID
] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
*Mar 5 18:09:27.131: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station ac22.0b64.ca6c Reason: Sending station has left the BSS SSID[MY_SSID]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide