Optimizing Aironet 1142

Answered Question
Jul 31st, 2012

Hello there,

As of today we moved 2 Aironet access points in our business to empower wireless clients like macbooks, iphones and other devices. I have setup both access points the same way (though they are about 400meters apart from eachother) and configured them through the web interface.

The basics are

- 1 SSID name for both RADIOS (2.4/5)

- Authentication is set to AES/TKIP / Mandatory Enable WPA V2

- Least-Congested Frequency

- 20Mhz for 2.4 since 40mhz doesnt seem possible there

- 40Mhz above on 5ghz

All the other options i left to default.

Let me be clear that no other wifi signals are in the way, the clients im testing are about 5 meters away from the access point and that nothing else is really in the way aswell. The firmware seems to be c1140-k9w7-tar.124-21a.JA1

Now the thing is that it seems to work well, however, 2 problems:

1) every xx minutes clients seem to be dropped, this is what i see:

Interface Dot11Radio0, Deauthenticating Station f0cb.a188.3742 Reason: Sending station has left the BSS

Interface Dot11Radio0, Station   f0cb.a188.3742 Associated KEY_MGMT[WPAv2 PSK]

Interface Dot11Radio0, Deauthenticating Station f0cb.a180.f6d3 Reason: Previous authentication no longer valid

Interface Dot11Radio0, Station   b88d.1204.c2bc Reassociated KEY_MGMT[WPAv2 PSK]

2) The speed (the macbook air from 2011 doesnt seem to connect at 5ghz), stays around Transmit Rate: 104

So my questions are,

1) what can be causing the drop of a client like that?

2) Is it wise to have the same name for both radios?

3) Did i miss anything to speed up the rate?

Thank you for any help,

Michiel

I have this problem too.
0 votes
Correct Answer by Scott Fella about 1 year 8 months ago

Well you should only run either wpa2/aes or WPA/Tkip. Don't setup your ssid for wpa2/aes or Tkip..

Sent from Cisco Technical Support iPad App

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (4 ratings)
Correct Answer
Scott Fella Tue, 07/31/2012 - 12:26

Well you should only run either wpa2/aes or WPA/Tkip. Don't setup your ssid for wpa2/aes or Tkip..

Sent from Cisco Technical Support iPad App

Michiel Tue, 07/31/2012 - 12:27

I tried only AES and the combination of AES + TKIP and both give the same result.

And i accidently clicked on solution button My bad! cant seem to take that back.

Scott Fella Tue, 07/31/2012 - 12:29

Can you provide the configurations for use to review. You should just set the channel also. No need to have it set itself if there are no other wireless.

Sent from Cisco Technical Support iPad App

Michiel Tue, 07/31/2012 - 12:32

Can you tell me how to get that? since im only familiar with the web interface atm.

Stephen Rodriguez Tue, 07/31/2012 - 12:30

First yes, you want the radios to have the same SSID.  That way your client can connect to the 2.4 or 5G as it wishes.

To achieve the 'N' rates, you need to have WPA2/AES only, and WMM enabled, which it is by default.

The error you are seeing is the AP saying that it can no longer hear the client.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

Michiel Tue, 07/31/2012 - 12:32

WPA2/AES is enabled and i dont see an option for WMM anywhere so no idea if that is on.

Michiel Tue, 07/31/2012 - 12:38

I just changed encryption to be AES CCMP only for both radios, instead of AES CCMP + TKIP.

WPA is set to WPA2.

No difference so far, still about 70-104 rate and drops every xx minutes. (i think it mostly happens when client doesnt sent/receive for a few mins).

Scott Fella Tue, 07/31/2012 - 13:03

Many of the configurations are easier from the command line or CLI. You can telnet or ssh to the AP and then issue a show run to output the running config.

Sent from Cisco Technical Support iPad App

Michiel Tue, 07/31/2012 - 13:34

Here you go:

Current configuration : 2037 bytes

!

! Last configuration change at 21:37:42 CEST Tue Jul 31 2012 by cisco

! NVRAM config last updated at 21:37:42 CEST Tue Jul 31 2012 by cisco

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap.huis

!

enable secret 5 $1$8S0P$YoN0SNuBTVTlKPLI0V8kN.

!

no aaa new-model

clock timezone CEST 2

!

!

dot11 syslog

!

dot11 ssid Mnet

   authentication open

   authentication key-management wpa version 2

   guest-mode

   wpa-psk ascii 7 021207491E0A0A321D

!

!

!

username Cisco privilege 15 secret 5 $1$o8S8$E5ANXqczLfGtxPYZAEyU/0

username admin privilege 15 secret 5 $1$SOlW$eCcNzSwjziO4cR0jps7aH1

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid Mnet

!

antenna gain 0

packet retries 128

station-role root

rts retries 128

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid Mnet

!

antenna gain 0

no dfs band block

packet retries 128

channel width 40-above

channel dfs

station-role root

rts retries 128

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 62.133.214.117 255.255.255.128

no ip route-cache

!

ip default-gateway 62.133.214.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

sntp server 62.133.192.10

end    

Scott Fella Tue, 07/31/2012 - 13:40

Are you having issue or is the output causing concerns? Is the device going to sleep or power save? If the client is functioning fine, then I wouldn't worry about what the logs show.

Sent from Cisco Technical Support iPad App

Michiel Tue, 07/31/2012 - 13:47

No, Im not having any concerns, but your saying this config is perfect? If so, Ill definitely leave it and test a bit more.

Scott Fella Tue, 07/31/2012 - 14:06

The only thing I would do is hard set the channels. On the 2.4ghz use 1, 6, or 11. On the 5ghz I would use a channel in the uni 2 or uni 3 band like 149. The data rates can be tweaked but it depends how much coverage you have currently.

Sent from Cisco Technical Support iPhone App

Michiel Tue, 07/31/2012 - 14:10

Well, it seems the channels stay the same even when rebooting anyway so that is the good part

The coverage is amazingly good so far! I was just checking if the config was correct and if there is a way to get better speeds.

Scott Fella Tue, 07/31/2012 - 14:16

Only on the 5ghz will you see up to 300mbps connection on the client. The most you will see on the 2.4ghz is 144mbps.

Sent from Cisco Technical Support iPhone App

Michiel Thu, 08/02/2012 - 09:36

I still have the connection dropping sometimes when working on the laptop, its random, sometimes after 45 minutes of working, other times after 15 minutes. I have no clue why it's dropping the connection over and over, I  didnt have this problem when using a cheap linksys router before.

Scott Fella Thu, 08/02/2012 - 11:06

Is any other device having the same issue? Do you have a lot of saved wireless profiles on your mac?

Sent from Cisco Technical Support iPhone App

Michiel Tue, 07/31/2012 - 14:53

The only small problem that stays is that when i open a macbook air (after it has been in suspend) it reconnects to wifi then i start browsing and about 20 seconds it drops the connection (macbook saying the wifi network is gone, and 5 secs later it shows up again). Then, when it reconnects, it stays fine for at least 15 minutes.

chan Thu, 08/02/2012 - 12:24

The only thing I would do from your current config is removing 'guest mode' under dot11.  Guest mode will enable passive scan and I don't know how well it works with WPA2.

Michiel Thu, 08/02/2012 - 12:33

Can you tell me how i can remove a line (what commands to type) to remove that part?

The only thing i know is how to open it up on telnet and login

chan Thu, 08/02/2012 - 12:40

config t

dot11

no guest-mode

exit

wr

This should do.

chan Thu, 08/02/2012 - 12:42

Sorry.

'dot11' must change to;

dot11 ssid Mnet

Michiel Thu, 08/02/2012 - 12:52

Done Thank you, ive changed it and the line is gone in show conf now.

The rest is all fine right, also for best speed and range combination?

Michiel Thu, 08/02/2012 - 13:05

Actually it has not been fixed, now the iPhones do not see the wifi network at all anymore it just wont show up!

I guess they need this guest mode stuff? Or is it because TKIP is not enabled next to AES?

Scott Fella Thu, 08/02/2012 - 13:07

Well that is because you now neeed to manually add that profile.  Many devices when the ssid is broadcasted, sets the profile as the ssid being broadcasted.  So now that you disabled the ssid from being broadcasted, you need to forget the network and manually add it.

Michiel Thu, 08/02/2012 - 13:09

Well that's not what i want It should auto show up as it always did. so im gonna change that back then.

Michiel Thu, 08/02/2012 - 13:19

Does Cisco not support the WPA/WPA2 combination like Linksys also does for backwards compatibility? as far as i can see i can only select WPA, WPA1 OR WPA2 in the GUI.

Scott Fella Thu, 08/02/2012 - 13:26

That is true... what you need to understand is you can choose either one, one being wpa/tkip and the other wpa2/aes.  So take a look at what your clients support and if one doesn't support wpa2, then configure that ssid for wpa/tkip.  If you want to get into different encryption, then take a look at this guide.

https://supportforums.cisco.com/docs/DOC-14496

Michiel Mon, 08/06/2012 - 05:11

Yep, I know that and it's set to WPAV2 + AES. And 8 out of 10 times it works fine but sometimes we keep getting disconnects out of nowhere then need to wait a little and can reconnect. The channel stays 12 all the time of the xs point.

Scott Fella Mon, 08/06/2012 - 05:18

Well your channel should be either 1, 6, or 11.

Sent from Cisco Technical Support iPad App

Scott Fella Mon, 08/06/2012 - 05:49

It's best practice to use either 1, 6, or 11.

Sent from Cisco Technical Support iPhone App

chan Mon, 08/06/2012 - 08:44

Technically, it works fine with no issue.  However, the channels assigned to North America is up to 11, so using channel 12 violates FCC rule unless you are in Asia or other continent under different rules.

Michiel Mon, 08/06/2012 - 05:59

Is it also best practice to put 5Ghz and 2.4Ghz bands on same SSID name?

Scott Fella Mon, 08/06/2012 - 06:01

That is the usual deployment method, not really defined as a best practice or not best practice.

Sent from Cisco Technical Support iPhone App

chan Mon, 08/06/2012 - 08:42

In most cases, 5GHz is preferred and 2.4GHz is accepted, so having same SSID on both spectrum ranges is beneficial.  The RF footprint of 2.4 is significantly larger than 5 at the same output power level, so you have to reduce the power level of 2.4 so that wi-fi devices with dual band radios will automatically connect to 5GHz radio.  The RF environment of 2.4 is too crowded.  In some cases, you may want to dedicate one band over another.  For example, we have our guest network only on 2.4 as I want to segregate 5GHz radio for business only.  That way, I can ensure that I get predictable results for business wireless connections.

Michiel Fri, 08/10/2012 - 12:33

Is it possible on the 1142 to create a separate GUEST SSID where guests can not connect to any LAN devices, but can connect to the internet? If so, can someone explain how to separate that and set it up next to the network i already have? Purely 2.4ghz is fine for this, and it would be awesome if i could also limit  the bandwidth on the guest ssid.

Ideal would be:

- Mnet as main SSID (which i have now)

- Mnet Guests without a password for guests (upto 25 users max, max bandwidth and only internet, not lan)

Actions

Login or Register to take actions

This Discussion

Posted July 31, 2012 at 12:22 PM
Stats:
Replies:36 Avg. Rating:5
Views:5049 Votes:0
Shares:0

Related Content

Discussions Leaderboard