10-05-2019 01:10 PM - edited 07-05-2021 11:05 AM
Hello,
I have converted an AP to autonomous for a small office, it rebooted and I could get onto the webpage fine until I changed the username and password, now it doesn't accept anything.
What is strange I can access it via telnet and I've added a priv 15 account and still can't access the web page, it does prompt though. It seems only http is available and not https.
Any ideas?
Thanks
10-24-2019 03:03 PM - edited 10-24-2019 03:04 PM
If that is the case, simple config like below should work. Once configured, you should be able to ping 141.1 IP from your AP IP address.
I expect you connect this AP to a switch port that is configured for vlan 141
conf t
hostname <AP_NAME>
username <ADMIN_USER> privilege 15 secret <ADMIN_PASSWORD>
!
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio1
channel width 40-above
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!
interface BVI1
ip address 192.168.141.x 255.255.255.0
!
ip default-gateway 192.168.141.1
end
write memory
HTH
Rasika
*** Pls rate all useful responses ***
11-10-2019 07:00 AM
Hello,
I appear to of confused myself with this and can't figure it out, maybe I've over complicated it. I have the AP in my switch, the switch port is a trunk port.
On the AP I want 3 SSIDs:
SSID1 - MyNet-2.4Ghza (VLAN 140) - IP 192.168.140.x/24 gateway 192.168.140.1
SSID2 - MyNet-5Ghza (VLAN 140) - IP 192.168.140.x/24 GW 192.168.140.1
SSID1 - MyNet-Guest (VLAN 142) - IP 10.1.1.x/24 gateway 10.1.1.1
I've set up the above VLANs (gateways) on my firewall and I can ping them fine. I'm not sure if I can have the My-Net SSIDs on the same VLAN? If not I will put one on 140 and the other on 141.
This is my config which doesn't work. If I set the trunk port to just an access port for VLAN 254 I can ping the APs IP of 192.168.254.8, if I set to a trunk I can't:
This config doesn't have the guest network I want on 10.1.1.x as I want to get the first 2 working.
Are you able to provide a config I can try? Thanks again!
hostname Cisco-AP2 ! dot11 ssid MyNet-2.4Ghza vlan 141 authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxx ! dot11 ssid MyNet-5Ghza vlan 140 authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxx ! ! dot11 ids mfp detector ! power inline negotiation prestandard source no ipv6 cef ! bridge irb !! interface Dot11Radio0 no ip address ! encryption vlan 141 mode ciphers aes-ccm ! ssid MyNet-2.4Ghza ! antenna gain 0 stbc mbssid speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. station-role root ! interface Dot11Radio0.141 encapsulation dot1Q 141 bridge-group 141 bridge-group 141 subscriber-loop-control bridge-group 141 spanning-disabled bridge-group 141 block-unknown-source no bridge-group 141 source-learning no bridge-group 141 unicast-flooding ! interface Dot11Radio0.254 encapsulation dot1Q 1 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1 no ip address ! encryption vlan 141 mode ciphers aes-ccm ! ssid MyNet-5Ghza ! antenna gain 0 peakdetect no dfs band block stbc mbssid channel width 40-below channel dfs station-role root ! interface Dot11Radio1.140 encapsulation dot1Q 140 bridge-group 140 bridge-group 140 subscriber-loop-control bridge-group 140 spanning-disabled bridge-group 140 block-unknown-source no bridge-group 140 source-learning no bridge-group 140 unicast-flooding ! interface Dot11Radio1.254 encapsulation dot1Q 1 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface GigabitEthernet0 no ip address duplex auto speed auto bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface BVI1 mac-address 80e0.1dc6.508c ip address 192.168.254.8 255.255.255.0 ipv6 address dhcp ipv6 address autoconfig ipv6 enable ! ip default-gateway 192.168.254.1 ip forward-protocol nd ip http server ip http secure-server ! access-list 111 permit tcp any any neq telnet bridge 1 route ip
11-10-2019 08:35 AM - edited 11-10-2019 09:16 AM
Make sure that the vlan for the ap management is configured as the native vlan. The ap doesn’t like tagged vlans for management.
11-10-2019 12:42 PM - edited 11-10-2019 02:00 PM
Thanks this, certainly helped, but I can't see the SSIDs broadcasting from any device.
I can log on to the AP via the management IP now (thanks) and I can ping the gateways for these new SSIDs (VLAN 140 and 141 etc).
I take it I can't have 2 SSIDs on one VLAN so ssid MyNet-2.4Ghza & ssid MyNet-5Ghza?
Latest config
hostname Cisco-AP2 ! ! logging rate-limit console 9 enable secret 5 $1$mJLV$wojoqyj3lxHF23F82UwUD/ ! no aaa new-model no ip source-route no ip cef ip domain name home.andy-white.co.uk ! ! ! ! dot11 pause-time 100 dot11 syslog ! dot11 ssid MyNet-2.4Ghza vlan 141 authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 xxx ! dot11 ssid MyNet-5Ghza vlan 140 authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 xxx ! ! dot11 ids mfp detector ! power inline negotiation prestandard source no ipv6 cef ! bridge irb ! ! ! interface Dot11Radio0 no ip address ! encryption vlan 141 mode ciphers aes-ccm ! ssid MyNet-2.4Ghza ! antenna gain 0 stbc mbssid speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. station-role root ! interface Dot11Radio0.141 encapsulation dot1Q 141 bridge-group 141 bridge-group 141 subscriber-loop-control bridge-group 141 spanning-disabled bridge-group 141 block-unknown-source no bridge-group 141 source-learning no bridge-group 141 unicast-flooding ! interface Dot11Radio0.254 encapsulation dot1Q 254 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1 no ip address ! encryption vlan 141 mode ciphers aes-ccm ! ssid MyNet-5Ghza ! antenna gain 0 peakdetect no dfs band block stbc mbssid channel width 40-below channel dfs station-role root ! interface Dot11Radio1.140 encapsulation dot1Q 140 bridge-group 140 bridge-group 140 subscriber-loop-control bridge-group 140 spanning-disabled bridge-group 140 block-unknown-source no bridge-group 140 source-learning no bridge-group 140 unicast-flooding ! interface Dot11Radio1.254 encapsulation dot1Q 254 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface GigabitEthernet0 no ip address duplex auto speed auto bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface BVI1 mac-address 80e0.1dc6.508c ip address 192.168.254.8 255.255.255.0 ipv6 address dhcp ipv6 address autoconfig ipv6 enable ! ip default-gateway 192.168.254.1 ip forward-protocol nd ip http server ip http secure-server ! snmp-server community m0n1t0r RO access-list 111 permit tcp any any neq telnet bridge 1 route ip
EDIT/UPDATE: I removed "mbssid" and they now show up, but I don't get a password prompt.
Thanks
11-10-2019 02:09 PM
11-10-2019 03:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide