Solved: Re: 3 x 1142 Wireless AP's Stand Alone Autonomous Mode - Advise

simon.duffey · ‎07-22-2013

Hi

I have an office supporting between 100 to 150 wireless users. I have 3 x Cisco 1142 Stand alone AP's setup in autonomous mode as root access points.

1x VLan (May introduce 2nd as a guest later down the line)

Security is WPA2 - AES CCMP

I have several issues.

1) Hand over between the AP's seems poor. Looking at setting up WDS to hand over between them but not sure if the is neccassarry or if their are any advantages when a radius server isn't involved. . 1 VLan for now, however may introduce a guest at a later stage.

2) 5Ghz radio channel often dies. The web console say hardware\software down but its enabled. This has happened a few times now on just one of the AP's, a reload used to fix it, but isn't doing the job anylonger.

Product/Model Number:	AIR-AP1142N-A-K9

System Software Filename:	c1140-k9w7-tar.124-21a.JA1
System Software Version:	12.4(21a)JA1
Bootloader Version:	12.4(23c)JA3

Advise please...

Regards and Thanks

Simon

Scott Fella · ‎07-23-2013

You have maybe too many clients per AP which can cause an issue. Also on the 5ghz, your a blocking all 4 DFS bands, which means that all four bands will be blocked when DFS is detected. That's why you see the radio down. Maybe add a couple more APs to help lower the load on each AP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎07-24-2013

Probably because you are broadcasting the SSID on the two and not on the one you posted the config on.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎07-24-2013

You need this

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

ssid Corporate

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎07-24-2013

Use the cli... Forget the GUI. mbssid and guest-mode is required to broadcast.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Stephen Rodriguez · ‎07-23-2013

For your first question, no WDS won't help as that is for 802.1x authentication and not PSK.

As for the second, it could be firmware or possibly config related. Can you share the config if the AP and tell us approximately how far apart they are?

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

simon.duffey · ‎07-23-2013

Thanks for your reply and help. They are roughly 40-60 Meters apart.

Do you want the out put of the running config? Or which cammand shall i use to get what you want?

simon.duffey · ‎07-23-2013

Building configuration...

Current configuration : 3517 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname wifi1
!
logging buffered 20000000 debugging
enable secret 5 $1$ZaRG$pyaWIaylE4rNCRW7vqkaD1
!
no aaa new-model
clock timezone -0800 -8
clock summer-time -0700 recurring
!
!
dot11 syslog
!
dot11 ssid Corporate
   vlan 1
   authentication open
   authentication key-management wpa version 2
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 072928424F071A0C161E2D5C162978
!
power inline negotiation prestandard source
!
!
username Admin password 7 07290748411D1A551A
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 666 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
packet retries 128 drop-packet
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.666
encapsulation dot1Q 666
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 666 mode ciphers aes-ccm
!

ssid Corporate

!

antenna gain 0

dfs band 1 2 3 4 block

mbssid

speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1

. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

channel dfs

station-role root access-point

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.666

encapsulation dot1Q 666

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

bridge-group 255 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.666

encapsulation dot1Q 666

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface BVI1

ip address 10.2.120.10 255.255.255.0

no ip route-cache

!

ip default-gateway 10.2.120.1

ip http server

no ip http secure-server

ip http help-path

http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

logging history size 500

bridge 1 route ip

!

line con 0

line vty 0 4

login local

!

sntp server 10.2.120.9

sntp broadcast client

end

Scott Fella · ‎07-23-2013

You have maybe too many clients per AP which can cause an issue. Also on the 5ghz, your a blocking all 4 DFS bands, which means that all four bands will be blocked when DFS is detected. That's why you see the radio down. Maybe add a couple more APs to help lower the load on each AP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

simon.duffey · ‎07-24-2013

Thanks for your help. The radio has come up after anlaysing what channels are in use and selecting one thats not in use. It's now set to a channel with DFS enable and romaing between the two is quick and seamless.

I have a third AP at the other end of the building, still with in range of the others. maybe another 50 Meters away.

It's setup and all radios are up, however, I can't roam to it. All SSID's and encryption are identical to the other above one.

I used a Wifi analyzer on my phone, where the other two AP's are grouped, this AP identified by its MAc address simply has a ? mark next to it rather than the SSID. Have you seen this before and any thoughts? Here is my output of the running config...

Building configuration...

Current configuration : 2407 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ussf-wifi3
!
enable secret 5 $1$X1VZ$iEvR88PKyq0kazkUqDS94.
!
no aaa new-model
clock timezone -0800 -8
clock summer-time -0700 recurring
!
!
dot11 syslog
dot11 vlan 1
!
dot11 ssid Corporate
vlan 1
!
dot11 network-map
!
!
username Cisco password 7 047802150C2E
username Admin privilege 15 password 7 0220225F04120C7141
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Corporate
!
antenna gain 0
dfs band 3 block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1
. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 5220
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

ssid Corporate

!

antenna gain 0

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.

0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.

m15.

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

ssid Corporate

!

antenna gain 0

dfs band 3 block

speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1

. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

channel 5220

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.2.120.30 255.255.255.0

no ip route-cache

!

ip default-gateway 10.2.120.1

ip http server

no ip http secure-server

ip http help-path

http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

line con 0

line vty 0 4

login local

!

sntp server 10.2.120.9

sntp broadcast client

end !
encryption vlan 1 mode ciphers aes-ccm
!
ssid Corporate
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.
0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.
m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Corporate
!
antenna gain 0
dfs band 3 block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1
. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 5220
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.2.120.30 255.255.255.0
no ip route-cache
!
ip default-gateway 10.2.120.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 10.2.120.9
sntp broadcast client
end

Scott Fella · ‎07-24-2013

Probably because you are broadcasting the SSID on the two and not on the one you posted the config on.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

simon.duffey · ‎07-24-2013

Thanks, seems you were right on the money again, and I think you are right, I've set to to broadcast and is displaying the correct SSID however as a seperate entry. This is because it's encryption is shown as {WEP}{ESS} and not {WPA2-CCMP}{ESS} even though I selected AES CCM in the web gui and when I go to Security it shows it there.

but now get...

ERROR:

VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN). ERROR:
VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN).

I go to Services > VLAN and its enabled.

It seems the Web front end is very buggy.

Any suggestions?

simon.duffey · ‎07-24-2013

So I disabled the 'Radio1-802.11N 5GHz' on Vlan 1 and now its part of the same group on my wifi analyzer for the 2.4Ghz

Now I have to get 'Radio1-802.11N 5GHz' on the vLan 1. any ideas.

simon.duffey · ‎07-24-2013

Even if I go through the process of unselecting the 5GHz radio from vlan. Save. Reboot. Re-enable on the VLan. Save. Enable the 5GHz Radio on SSID. I get error:

ERROR:

VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN)

ERROR:

VLAN '1' doesn't exist on 'Radio1-802.11N 5GHz' (see Services> VLAN)

I look back and Vlan and the Radio is enabled.

Scott Fella · ‎07-24-2013

You need this

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

ssid Corporate

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

simon.duffey · ‎07-24-2013

Looking better as the encryption is the same. but now only the 2GHz radio is broadcasting and not the 5GHz. It has the ? instead of SSID. and also no tick next to in the Securiyt page. Is there a way to make 5 GHz broadcast vic CLI?

Thanks again for your help.

Scott Fella · ‎07-24-2013

Use the cli... Forget the GUI. mbssid and guest-mode is required to broadcast.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎07-25-2013

Did any of my suggestions helped? Of so, can you mark which was helpful?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

3 x 1142 Wireless AP's Stand Alone Autonomous Mode - Advise please