Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
952
Views
0
Helpful
2
Replies

how to configure WPA-PSK [TKIP] aironet 2700

kenier
Level 1
Level 1

‎04-30-2015 07:59 AM - edited ‎07-05-2021 03:07 AM

We have a AP 2700 and we are using wpa2-psk (AES) but must of the client are having disconnection problems.

And we would like to test WPA-PSK [TKIP] . Here is he current config.

 

version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Office
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone -0500 -5 0
clock summer-time -0400 recurring
no ip source-route
no ip cef
ip domain name naranjo.com
ip name-server 8.8.8.8
ip name-server 4.2.2.2
!
!
!
!
dot11 syslog
!
dot11 ssid CIP2.4Ghz
   vlan 1
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 132348071F0409232A292164657243
!
dot11 ssid CIP5.0Ghz
   vlan 1
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 10AC460C333F1F020D09237C747863
!
!
!
!
!
username 
!
!
ip ssh authentication-retries 5
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 ssid CIP2.4Ghz
 !
 antenna gain 0
 stbc
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 ssid CIP5.0Ghz
 !
 antenna gain 0
 peakdetect
 dfs band 3 block
 stbc
 speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. a1ss7 a2ss7 a3ss7
 channel dfs
 station-role root
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address f07f.062f.e124
 ip address 192.168.1.10 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
snmp-server community defaultCommunity RW
!
access-list 111 permit tcp any any neq telnet
bridge 1 route ip
!
!
!
line con 0
 access-class 111 in
line vty 0 4
 access-class 111 in
 length 0
 transport input all
!
sntp server us.pool.ntp.org
sntp broadcast client
end

_________________________________________________

 

thanks in advance.

 

 

Labels:
0 Helpful
2 Replies 2

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎04-30-2015 10:18 AM

honestly, if the clients connect in the first place, I wouldn't think it was an encryption issue, more of a coverage issue.

And I wouldn't do a separate SSID for 2.4 and 5GHz, you should just have SSID for both radios.

You could be having an issue of the client being on 5GHz and having it's signal be too low, and it attempts to move to 2.4GHz but the client has to switch SSID which can cause you some weird issues.

 

So first thing I would try is consolidating to one SSID, and checking the signal of the 5GHz radio in your areas.

 

HTH,
Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

kenier
Level 1
Level 1
In response to Stephen Rodriguez

‎04-30-2015 05:57 PM

Here is the log with some errors. The distance between the farthest room is less than 25. It only have one door in the middle.

 

 

ndex Time Severity Description
1 Apr 30 17:17:36.844 Information Interface Dot11Radio1, Deauthenticating Station 4c8d.79d5.fe78 Reason: Class 2 frame received from nonauthenticated station
2 Apr 30 17:15:45.963 Information Interface Dot11Radio1, Station 20c9.d0b5.f9a7 Reassociated KEY_MGMT[WPAv2 PSK]
3 Apr 30 17:15:45.951 Information Interface Dot11Radio1, Deauthenticating Station 20c9.d0b5.f9a7 Reason: Sending station has left the BSS
4 Apr 30 17:15:43.832 Notification Line protocol on Interface Dot11Radio1, changed state to up
5 Apr 30 17:15:42.832 Information Interface Dot11Radio1, changed state to up
6 Apr 30 17:15:37.655 Notification Line protocol on Interface Dot11Radio1, changed state to down
7 Apr 30 17:15:36.315 Notification Interface Dot11Radio1, changed state to resetPCI reset port 1
8 Apr 30 17:15:36.291 Information Error on Dot11Radio1 -
9 Apr 30 17:13:27.295 Information Interface Dot11Radio1, Station 4c8d.79d5.fe78 Reassociated KEY_MGMT[WPAv2 PSK]
10 Apr 30 17:13:27.283 Information Interface Dot11Radio1, Deauthenticating Station 4c8d.79d5.fe78 Reason: Sending station has left the BSS
11 Apr 30 17:13:25.271 Notification Line protocol on Interface Dot11Radio1, changed state to up
12 Apr 30 17:13:24.315 Information Interface Dot11Radio1, Station 20c9.d0b5.f9a7 Reassociated KEY_MGMT[WPAv2 PSK]
13 Apr 30 17:13:24.303 Information Interface Dot11Radio1, Deauthenticating Station 20c9.d0b5.f9a7 Reason: Sending station has left the BSS
14 Apr 30 17:13:24.271 Information Interface Dot11Radio1, changed state to up
15 Apr 30 17:13:20.007 Notification Line protocol on Interface Dot11Radio1, changed state to down
16 Apr 30 17:13:18.667 Notification Interface Dot11Radio1, changed state to resetPCI reset port 1
17 Apr 30 17:13:18.643 Information Error on Dot11Radio1 -
18 Apr 30 17:10:16.549 Information Interface Dot11Radio1, Station 4c8d.79d5.fe78 Reassociated KEY_MGMT[WPAv2 PSK]
19 Apr 30 17:10:10.396 Information Interface Dot11Radio1, Deauthenticating Station 4c8d.79d5.fe78 Reason: Class 2 frame received from nonauthenticated station
20 Apr 30 17:09:05.864 Information Interface Dot11Radio1, Station 20c9.d0b5.f9a7 Reassociated KEY_MGMT[WPAv2 PSK]
21 Apr 30 17:09:05.852 Information Interface Dot11Radio1, Deauthenticating Station 20c9.d0b5.f9a7 Reason: Sending station has left the BSS
22 Apr 30 17:09:03.645 Notification Line protocol on Interface Dot11Radio1, changed state to up
23 Apr 30 17:09:02.645 Information Interface Dot11Radio1, changed state to up
24 Apr 30 17:08:57.525 Notification Line protocol on Interface Dot11Radio1, changed state to down
25 Apr 30 17:08:56.185 Notification Interface Dot11Radio1, changed state to resetPCI reset port 1
26 Apr 30 17:08:56.161 Information Error on Dot11Radio1 -
27 Apr 30 17:07:21.307 Information Interface Dot11Radio1, Station 20c9.d0b5.f9a7 Reassociated KEY_MGMT[WPAv2 PSK]
28 Apr 30 17:07:21.295 Information Interface Dot11Radio1, Deauthenticating Station 20c9.d0b5.f9a7 Reason: Sending station has left the BSS
29 Apr 30 17:07:19.159 Notification Line protocol on Interface Dot11Radio1, changed state to up
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card