Consulting Services Engineer with over 18 years working with wireless technologies mainly on Cisco products with a few years experience in Aruba and Meraki technology. Focus on indoor wireless, outdoor bridge and mesh technology, routing and switching and wireless security which includes knowledge of various radius servers (Microsoft IAS & NPS, Cisco ACS and Cisco ISE.
• Cisco NetPro Designated VIP 2011, 2012, 2013, 2014, 2015
• Cisco Certified Network Associate (CCNA)
• Cisco Certified Design Associate (CCDA)
• Wireless LAN for System Engineer
• Wireless LAN for Field Engineers
• Advanced Wireless for System Engineers (AWLANSE)
• Advanced Wireless for Field Engineers (AWLANFE)
• Cisco Lifecycle Services Advanced Wireless
• Aruba Certified Mobility Professional, 2012
• CCIE Wireless Written
Consulting Services Engineer with over 18 years working with wireless technologies mainly on Cisco products with a few years experience in Aruba and Meraki technology. Focus on indoor wireless, outdoor bridge and mesh technology, routing and switching and wireless security which includes knowledge of various radius servers (Microsoft IAS & NPS, Cisco ACS and Cis
Please help how to Factory reset this AP ? 1: After active user mode button pressed for 22 seconds process_config_recovery: set IP address and config to default 10.0.0.1 process_config_recovery: image recovery ap: ap: erase startup_config Unknown cmd: erase ap: 2: Show version but i forgot my password APVNMP24>show version Cisco IOS Software, C1240 Software (C1240-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Mon 17-Jul-06 11:44 by alnguyen ROM: Bootstrap program is C1240 boot loader BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2) APVNMP24 uptime is 9 hours, 3 minutes System returned to ROM by power-on System image file is "flash:/c1240-rcvk9w8-mx/c1240-rcvk9w8-mx" cisco AIR-AP1242AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory. Processor board ID FCW1247U0AW PowerPCElvis CPU at 266Mhz, revision number 0x0950 Last reset from power-on LWAPP image version 126.96.36.199 1 FastEthernet interface 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:22:90:1C:AA:1E Part Number : 73-10256-07 PCA Assembly Number : 800-26918-06 PCA Revision Number : A0 PCB Serial Number : FOC12433QLQ Top Assembly Part Number : 800-29233-02 Top Assembly Serial Number : FCW1247U0AW Top Revision Number : A0 Product/Model Number : AIR-AP1242AG-E-K9 Configuration register is 0xF
... View more
Hi Experts If I wish to wire only 1 AP so that this is the consentor and another access point hangs from it, since for reasons of distance it does not reach a cabinet, I was seeing the design guides and I saw Flex + Mesh. it would be this mode of configuration that I should use We are using AP 1562E + WLC version 8.5.131 I will appreciate your comments Regards Carlos P.
... View more
The set up in our office is we have Cisco AP with 8 SSID. Then the set up needed user will authenticate with Radius server NAP and Certificates based on Groupings on Active Directory. The per department access is working now. For example, Finance Staffs can connect to Finance_WIFI and so on.. My main problem is there are users that needed to access 2 or more SSID. For example one user from Marketing department need to access to MalaysiaIP_WIFI and IndonesiaIP_WIFI. Is there any way it could work that way?
... View more
FYI, We're facing the exact same problem here as well. WLC code version: 8.5.151. As of now, only seen on the 3702i Access Points. In our case, clients either, take a ridiculously long time to associate, associate but unable to forward traffic (EAP authentication wasn't able to start; stuck at EAPOL Start stage as per packet capture), or associate and able to forward traffic, then dropout out of nowhere. This was all observed 5m line of sight of the Access Point in free space, so coverage isn't an issue here. DTXPOISON seen in AP logs, radios resetting themselves frequently for no reason.... unable to monitor it from central syslog servers as this is not considered as 'Error' level. TAC has been engaged.
... View more
Building configuration... Current configuration : 5386 bytes ! version 15.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname hotname <- cahnge the name of the Wifi ! ! logging rate-limit console 100 ! aaa new-model ! ! aaa group server radius rad_eap server name WDS-Radius server name Local-Radius ! aaa group server radius Infrastructure server name Local-Radius ! aaa group server radius rad_mac server name WDS-Radius server name Local-Radius ! aaa group server radius rad_acct server name WDS-Radius server name Local-Radius ! aaa group server radius rad_admin server name WDS-Radius server name Local-Radius ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login method_Infrastructure group Infrastructure aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct ! ! ! ! ! aaa session-id common clock timezone -0700 -7 0 no ip source-route no ip cef ip domain name DNSname <-change ip name-server 192.168.2.1 <- change DNS ip ! ! ! ! dot11 syslog ! dot11 ssid NAME <- change SSID you want vlan 1 authentication open authentication key-management wpa version 2 accounting acct_methods dot1x credentials APmainfloorTV dot1x eap profile WDS-AP guest-mode infrastructure-ssid mobility network-id 1 wpa-psk ascii 7 08731B165F40514240 <paswword wifi 27869452 information-element ssidl wps ! ! dot11 network-map dot11 arp-cache optional ! eap profile WDS-AP method leap ! ! ! dot1x credentials APmainfloorTV <-the main dns name for the 1st ap username APmainfloorTV <-the main dns name for the 1st ap password 7 045802150C2E1D1C5A <password cisco123 anonymous-id APmainfloorTV <-the main dns name for the 1st ap pki-trustpoint APmainfloorTV <-the main dns name for the 1st ap ! username CISCO password 7 username MY3602 privilege 15 password 7 045802150C2E1D1C5A = cisco123 username MY2602 privilege 15 password 7 045802150C2E1D1C5A = cisco123 ! ! bridge irb ! ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! encryption vlan 1 mode ciphers aes-ccm ! ssid SSID <-change to your SSID ! antenna gain 0 stbc speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. station-role root dot11 dot11r pre-authentication over-ds ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! encryption vlan 1 mode ciphers aes-ccm ! ssid SSID <change to your SSD ! antenna gain 0 traffic-metrics aggregate-report peakdetect dfs band 3 block stbc speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. a1ss7 a2ss7 a3ssnone channel dfs station-role root dot11 dot11r pre-authentication over-ds ! interface Dot11Radio1.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto dot1x credentials APmainfloorTV <-change to main WIFI NAme ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface GigabitEthernet1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet1.1 encapsulation dot1Q 1 native bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 mac-address 286f.7f64.be50 <- change to your mac if you dont know del the line ip address 192.168.2.215 255.255.255.0 <-chance to the ip you want for that wifi no ip route-cache ipv6 address dhcp ipv6 address autoconfig ipv6 enable ! ip default-gateway 192.168.2.1 <-change to your getway ip forward-protocol nd ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! ! snmp-server view dot11view ieee802dot11 included snmp-server community <removed> view dot11view RO radius-server local nas 192.168.2.215 key 7 045802150C2E1D1C5A <-cahnge ip to 2nd wifi password cisco123 nas 192.168.2.214 key 7 045802150C2E1D1C5A <- change to main wifi ip password cisco123 group Infrastructure vlan 1 ssid SSID <-change to your SSID block count 4294967295 time 1 reauthentication time 4294967295 ! user WDSClient1 nthash 7 143644292A227E73060E6363044754372656707B0103072D264F34090872767307 group Infrastructure <password = maithri1234! ! radius-server attribute 32 include-in-access-req format %h ! radius server WDS-Radius address ipv4 192.168.2.214 auth-port 1812 acct-port 1813 <-change to main wifi IP key 7 045802150C2E1D1C5A <-password cisco123 ! radius server Local-Radius address ipv4 192.168.2.215 auth-port 1812 acct-port 1813 <-change to 2nd wifi ip key 7 045802150C2E1D1C5A <-password cisco123 ! bridge 1 route ip ! ! wlccp ap username WDSClient1 password 7 070C285F4D06485744 <-password cisco123 wlccp ap wds ip address 192.168.2.214 <-change to main wifi ip wlccp ap eap profile WDS-AP wlccp authentication-server infrastructure method_Infrastructure wlccp authentication-server client mac mac_methods wlccp wds priority 253 interface BVI1 <- the higer the # the main is it ! line con 0 line vty 0 4 transport input all ! sntp broadcast client end
... View more
So you are using a Cisco anchor/foreign guest solution, right? We did not see any issues with guests dropping if you change only the guest anchor WLC first. After all everything guest is being sourced from the WLC in your DMZ. Not sure the 188.8.131.52 on the foreign is even a factor. It's been a while since we did this but if you can do it, you might want to change the DMZ anchor late in the evening or weekend and perform your own tests from a foreign location to see if the foreign needs to be changed in synchronization with the anchor.
... View more
Hi Scott Many thanks for your reply. I have managed to get the iPSK working with mobility anchor. An initial schoolboy error from me in that I was pointed the RADIUS traffic at the wrong ISE box... After rectifying that I was still facing issues, my SSID wasn't anchoring, despite the tunnel being up and testing it successfully without the MAC filtering, checking all settings matched etc... after thinking it just wasn't going to work I bounced the tunnel and it sprang into life. My iPSK SSID is now working and I'm also dynamically assigning the VLAN which is also working, which is also good news as it means I don't have to re-think my design... In an anchor setup the L2 auth is coming from the foreign controller. Next step is introducing an N+1 anchor.... Thanks again Mark
... View more
Any AP can connect to any wlc as long as it has connectivity to join that wlc. So yes you can connect any AP via Ethernet as long as you meet those requirements. For MESH, you would need line of sight and be able to negotiate a link.
... View more
Agree, I has a similar issue recently, the native supplicant shows full bar but anyconnect shows only 2 bar. I did some over the air local download tests and both performed almost similar.
... View more