cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
0
Helpful
3
Replies
Highlighted
Beginner

AP is up but new clients cannot connect - exiting clients gets no internet connection...

Hi there,

new here - on far from expert on Cisco AP's.

Have a strange issue that I cannot figure out why happens - nor how to avoid.

I have 2 AP's with the same configuration. They work fine for some days - but out of nowhere I get 2 issues:

1: Existing connected clients get no access to the VLAN nor to the internet. So they are connected but gets nowhere... Reconnecting gets you nowhere as well.

2: If a new client tries to connect it cannot.

I first thought it might be the router that somehow cut the connection or DHCP service failed on. Now I have replaced the router - and problem persists. So I am confident that the AP's are causing the issue.

One AP is an Air Lap 1142 and the other is 3520.

 

Below is the configuration. Hope someone can help me locate what I have done wrong... Any help is greatly appreciated

 

!
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Redahama1142
!
!
logging rate-limit console 9
enable secret 5 #removed#
!
no aaa new-model
no ip source-route
no ip igmp snooping
no ip cef
no ip domain lookup
!
!
!
!
dot11 mbssid
dot11 pause-time 100
no dot11 igmp snooping-helper
dot11 syslog
!
dot11 ssid WiFi
   vlan 1
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 #removed#
!
dot11 ssid WiFi2
   vlan 1
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 #removed#
!
!
!
no ipv6 cef
!
crypto pki trustpoint TP-self-signed-1205840335
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1205840335
 revocation-check none
 rsakeypair TP-self-signed-1205840335
!
!
crypto pki certificate chain TP-self-signed-1205840335
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
username Cisco password 7 #removed#
username ADMIN privilege 15 secret 5 #removed#
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 1 change 500
 !
 !
 ssid WiFi2
 !
 antenna gain 0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
 no ip route-cache
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 1 change 500
 !
 !
 ssid WiFi
 !
 antenna gain 0
 peakdetect
 dfs band 3 block
 channel 5320
 station-role root
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.2
 no ip route-cache
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address #removed#
 ip address dhcp
 no ip route-cache
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end
3 REPLIES 3
Highlighted
VIP Mentor

Does these AP connect to a cisco switch ? what is the switchport configuration looks like ? (show run interface gx/x output)

 

Can you ping AP management IP address from your network ?

 

If you do not need multiple vlans, I would try this simple configuration on one of your AP.  With this configuration you can connect to your AP on any switch-port that enable for DHCP (irrespective of managed switches vs unmanaged switch)

 

conf t
hostname <AP_HOSTNAME>
!
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!
interface Dot11Radio1
channel width 40-above
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!
interface BVI1
ip address dhcp
!
end
write memory
!

 

HTH

Rasika

*** Pls rate all useful responses ***

Highlighted

The LAP 1142 by default requires a WLC and once it links you can't console into it and do much anymore.

The 3520?  how about a CAP3502?  that also requires a WLC..

Once the AP receives its IP, it reaches out to the WLC, establishes a DTLS tunnel that terminates in the WLC.

It be the WLC that passes traffic to the target interface (vlan) assigned to a SSID.

Now if these have been converted to autonomous..  then yes you COULD configure via CLI but most of us do it via the AP's GUI..  it does such nice magic..

Highlighted

Thanks for the test config - I will give it a go.

The APs used to be connected to an ASA5505 but for the sake of troubleshooting I have replaced it with a simple NetGear router I had laying around. Problem persisted when using the APs. I have then put in an old Linksys WAP300N I had and that has been working flawlessly since I started it.

So I am confident that there is something in the config of the APs that is invalid.

 

Cheers

Content for Community-Ad