07-22-2013 10:46 PM - edited 07-04-2021 12:29 AM
Hi
I have an office supporting between 100 to 150 wireless users. I have 3 x Cisco 1142 Stand alone AP's setup in autonomous mode as root access points.
1x VLan (May introduce 2nd as a guest later down the line)
Security is WPA2 - AES CCMP
I have several issues.
1) Hand over between the AP's seems poor. Looking at setting up WDS to hand over between them but not sure if the is neccassarry or if their are any advantages when a radius server isn't involved. . 1 VLan for now, however may introduce a guest at a later stage.
2) 5Ghz radio channel often dies. The web console say hardware\software down but its enabled. This has happened a few times now on just one of the AP's, a reload used to fix it, but isn't doing the job anylonger.
Product/Model Number: | AIR-AP1142N-A-K9 |
System Software Filename: | c1140-k9w7-tar.124-21a.JA1 |
System Software Version: | 12.4(21a)JA1 |
Bootloader Version: | 12.4(23c)JA3 |
Advise please...
Regards and Thanks
Simon
Solved! Go to Solution.
07-23-2013 08:00 PM
You have maybe too many clients per AP which can cause an issue. Also on the 5ghz, your a blocking all 4 DFS bands, which means that all four bands will be blocked when DFS is detected. That's why you see the radio down. Maybe add a couple more APs to help lower the load on each AP.
Sent from Cisco Technical Support iPhone App
07-24-2013 05:51 PM
Probably because you are broadcasting the SSID on the two and not on the one you posted the config on.
Sent from Cisco Technical Support iPhone App
07-24-2013 06:36 PM
You need this
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-24-2013 06:58 PM
Use the cli... Forget the GUI. mbssid and guest-mode is required to broadcast.
Sent from Cisco Technical Support iPhone App
07-23-2013 03:30 AM
For your first question, no WDS won't help as that is for 802.1x authentication and not PSK.
As for the second, it could be firmware or possibly config related. Can you share the config if the AP and tell us approximately how far apart they are?
Steve
Sent from Cisco Technical Support iPhone App
07-23-2013 07:15 PM
Thanks for your reply and help. They are roughly 40-60 Meters apart.
Do you want the out put of the running config? Or which cammand shall i use to get what you want?
07-23-2013 07:20 PM
Building configuration...
Current configuration : 3517 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname wifi1
!
logging buffered 20000000 debugging
enable secret 5 $1$ZaRG$pyaWIaylE4rNCRW7vqkaD1
!
no aaa new-model
clock timezone -0800 -8
clock summer-time -0700 recurring
!
!
dot11 syslog
!
dot11 ssid Corporate
vlan 1
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 7 072928424F071A0C161E2D5C162978
!
power inline negotiation prestandard source
!
!
username Admin password 7 07290748411D1A551A
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 666 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
packet retries 128 drop-packet
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.666
encapsulation dot1Q 666
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 666 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
dfs band 1 2 3 4 block
mbssid
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1
. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root access-point
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.666
encapsulation dot1Q 666
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.666
encapsulation dot1Q 666
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface BVI1
ip address 10.2.120.10 255.255.255.0
no ip route-cache
!
ip default-gateway 10.2.120.1
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging history size 500
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 10.2.120.9
sntp broadcast client
end
07-23-2013 08:00 PM
You have maybe too many clients per AP which can cause an issue. Also on the 5ghz, your a blocking all 4 DFS bands, which means that all four bands will be blocked when DFS is detected. That's why you see the radio down. Maybe add a couple more APs to help lower the load on each AP.
Sent from Cisco Technical Support iPhone App
07-24-2013 05:47 PM
Thanks for your help. The radio has come up after anlaysing what channels are in use and selecting one thats not in use. It's now set to a channel with DFS enable and romaing between the two is quick and seamless.
I have a third AP at the other end of the building, still with in range of the others. maybe another 50 Meters away.
It's setup and all radios are up, however, I can't roam to it. All SSID's and encryption are identical to the other above one.
I used a Wifi analyzer on my phone, where the other two AP's are grouped, this AP identified by its MAc address simply has a ? mark next to it rather than the SSID. Have you seen this before and any thoughts? Here is my output of the running config...
Building configuration...
Current configuration : 2407 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ussf-wifi3
!
enable secret 5 $1$X1VZ$iEvR88PKyq0kazkUqDS94.
!
no aaa new-model
clock timezone -0800 -8
clock summer-time -0700 recurring
!
!
dot11 syslog
dot11 vlan 1
!
dot11 ssid Corporate
vlan 1
!
dot11 network-map
!
!
username Cisco password 7 047802150C2E
username Admin privilege 15 password 7 0220225F04120C7141
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Corporate
!
antenna gain 0
dfs band 3 block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1
. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 5220
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Corporate
!
antenna gain 0
dfs band 3 block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1
. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 5220
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.2.120.30 255.255.255.0
no ip route-cache
!
ip default-gateway 10.2.120.1
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 10.2.120.9
sntp broadcast client
end !
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Corporate
!
antenna gain 0
dfs band 3 block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1
. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 5220
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.2.120.30 255.255.255.0
no ip route-cache
!
ip default-gateway 10.2.120.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 10.2.120.9
sntp broadcast client
end
07-24-2013 05:51 PM
Probably because you are broadcasting the SSID on the two and not on the one you posted the config on.
Sent from Cisco Technical Support iPhone App
07-24-2013 06:15 PM
Thanks, seems you were right on the money again, and I think you are right, I've set to to broadcast and is displaying the correct SSID however as a seperate entry. This is because it's encryption is shown as {WEP}{ESS} and not {WPA2-CCMP}{ESS} even though I selected AES CCM in the web gui and when I go to Security it shows it there.
but now get...
ERROR:
VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN). ERROR:
VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN).
I go to Services > VLAN and its enabled.
It seems the Web front end is very buggy.
Any suggestions?
07-24-2013 06:23 PM
So I disabled the 'Radio1-802.11N 5GHz' on Vlan 1 and now its part of the same group on my wifi analyzer for the 2.4Ghz
Now I have to get 'Radio1-802.11N 5GHz' on the vLan 1. any ideas.
07-24-2013 06:30 PM
Even if I go through the process of unselecting the 5GHz radio from vlan. Save. Reboot. Re-enable on the VLan. Save. Enable the 5GHz Radio on SSID. I get error:
ERROR:
VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN)
ERROR:
VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN)
I look back and Vlan and the Radio is enabled.
07-24-2013 06:36 PM
You need this
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-24-2013 06:49 PM
Looking better as the encryption is the same. but now only the 2GHz radio is broadcasting and not the 5GHz. It has the ? instead of SSID. and also no tick next to in the Securiyt page. Is there a way to make 5 GHz broadcast vic CLI?
Thanks again for your help.
07-24-2013 06:58 PM
Use the cli... Forget the GUI. mbssid and guest-mode is required to broadcast.
Sent from Cisco Technical Support iPhone App
07-25-2013 03:52 AM
Did any of my suggestions helped? Of so, can you mark which was helpful?
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide