Solved: Cant connect to Cisco AIR-AP1041N-A-K9

mR_Slug · ‎11-10-2023

OK I have a Cisco AIR-AP1041N-A-K9 Aironet Autonomous Access Point. Basically however i configure it i cant connect to it. I've been following this guide: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/67134-wpa2-config.html

It seems if I try to setup the local radius server with a username/pass and try to use EAP etc. it wont allow clients to connect. If I set it to use wpa personal with a single pass, it wont allow clients to connect. I tried using the EasySetup with a basic WEP and open schemes, still cant connect. I can view the set SSID, try to connect, but there is always a failure. What is going on?

tried to connect from win7 and android. Any ideas? Being powered from a Catalyst 3750 Switch.

This is it in personal single key mode, static IP 192.168.1.252, it was previously in the radius setup. :

Building configuration...

Current configuration : 2380 bytes
!
! Last configuration change at 03:58:32 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAP
!
!
logging rate-limit console 9
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.1.252 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
ip cef
!
!
!
dot11 syslog
!
dot11 ssid open
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 070A2F584B1B170A00425A
!
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 XXXXXXXXXXXXXXXXXXXXXX
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid open
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
no keepalive
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.252 255.255.255.0
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip radius source-interface BVI1
!
radius-server local
no authentication eapfast
no authentication mac
nas 192.168.1.252 key 7 07072058
user andrew nthash 7 XXXXXXXXXXXXXXX
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.252 auth-port 1812 acct-port 1813 key 7 060E0E35
radius-server vsa send accounting
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end

Rich R · ‎11-12-2023

https://en.wikipedia.org/wiki/IEEE_802.11n-2009
"It seems that you can do n on 2.4GHz only?" - correct
g was the generation before n when data rates went up to 54Mbps (b was up to 11Mbps)
a and ac are 5GHz, ax is both bands + 6GHz
That link above has a table summarising them all.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

marce1000 · ‎11-11-2023

>... try to connect, but there is always a failure. What is going on?
- What is the failure ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

mR_Slug · ‎11-11-2023

- What is the failure ?

I don't know. windows or android don't really give much feedback. I tried to attempt a connection from win7 cli, with this:

netsh wlan set hostednetwork mode=allow ssid="open" key="XXX"

it claims success, but does nothing. (Admin cli). Either way not much useful info. The GUI just says "can't connect to open", "open" being the name of the ap. Is there a way to get some more info from win7? Android just says "Connecting..." then gives up and goes back to my old ap.

Event Log on ap does not mention any connections. Anywhere else i can check?

marce1000 · ‎11-11-2023

- Hm, in general this AP is a also very old model , consider using modern wireless infrastructure ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

mR_Slug · ‎11-11-2023

Well i guess it is old, but reliable apparently. Thats why i went with it. New ones are too expensive, and surplus to my requirements. Turns out it was in root-bridge mode instead of ap mode. One guide told me to use root-bridge. Whats the difference?

marce1000 · ‎11-11-2023

- It's not that important , bridging mode(s) only refer to wireless infrastructure using cascade to provide networking

>...it is old, but reliable apparently.
- I beg to differ on that ; the problem with very old APs that it can lead to connectivity issues with clients following more modern wireless standards ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

mR_Slug · ‎11-11-2023

Thanks, I've solved that issue though. Problem now is i cant enable the 5ghz radio. In network > NETWORK INTERFACE > Radio0-802.11n 5G.Hz > settings, i cant enable or disable it. Clicking apply does nothing. Same with easysetup. is there a cli example for 5ghz?

Rich R · ‎11-12-2023

@mR_Slug the 1041 is a SINGLE band 2.4GHz AP.
Radio0 is the 2.4GHz radio.
If it had a 5 GHZ radio that would be Radio1.
That is why you can't configure 5GHz - because it's not supported on that AP!
The product went End of Support 5 years ago so Cisco have removed all documentation relating to the product.
https://www.scansource.com/~/media/catalyst-us/brands/cisco/training/media/pdf/aironet1040
- AIR-AP1041N-x-K9: Single-band Standalone 802.11g/n

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

mR_Slug · ‎11-12-2023

Many thanks for clarifying that.

- AIR-AP1041N-x-K9: Single-band Standalone 802.11g/n

Whats confusing me is that it says g/n. I thought if it supports n it must do 5GHz? No?? It seems that you can do n on 2.4GHz only? I'm not disputing you, i was about to post that i cant find radio 1 in the cli. So this explains alot.

Rich R · ‎11-12-2023

https://en.wikipedia.org/wiki/IEEE_802.11n-2009
"It seems that you can do n on 2.4GHz only?" - correct
g was the generation before n when data rates went up to 54Mbps (b was up to 11Mbps)
a and ac are 5GHz, ax is both bands + 6GHz
That link above has a table summarising them all.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390