Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Automomous AP not broadcasting SSID and can I get it to support both WPA and WPA2?

Ok, I am playing around with a 3702i that has been converted to Autonomous running ap3g2-k9w7-mx.153-3.JAB

I have 2 issues I have not been able to solve yet.   I have basically set it up using the web interface....

First, I can't get the SSID to broadcast -- the SSID is active, because I can type it in manually.

Second, I have an HP 8600 Pro All-in-One printer that I normally connect over WiFi.  Basically, it does not seem to support WPA2...I spent most of yesterday pouring through HP forums and WPA2 support seems to be a issue.  My old Linksys router had a setting that supported WPA/WPA2...does anyone know how or if I can support WPA / WPA2 simultaneously on this Autonomous AP?

Here is my config:

Thanks....

Cisco3702#sh run br
Building configuration...

Current configuration : 3867 bytes
!
! Last configuration change at 12:44:59 -0500 Tue Mar 9 1993
! NVRAM config last updated at 11:29:23 -0400 Sat Oct 18 2014
! NVRAM config last updated at 11:29:23 -0400 Sat Oct 18 2014
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco3702
!
!
logging rate-limit console 9
no logging console
enable secret 5 XXXXXXXXXXXX.
!
no aaa new-model
clock timezone -0500 -5 0
clock summer-time -0400 recurring
no ip source-route
no ip cef
ip domain name mydomain.com
ip name-server 192.168.6.254
!
!
!
!
dot11 syslog
dot11 activity-timeout unknown default 300
dot11 activity-timeout client default 300
!
dot11 ssid MYSSID
   band-select
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 XXXXXXXXXXXX
!
!
dot11 network-map
dot11 arp-cache optional
!
!
crypto pki trustpoint TP-self-signed-2632604960
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2632604960
 revocation-check none
 rsakeypair TP-self-signed-2632604960
!
!
crypto pki certificate chain TP-self-signed-2632604960
 certificate self-signed 01
username CISCO password 7 XXXXXXXX
username ADMIN privilege 15 secret 5 XXXXXXXXXXXX
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid MYSSID
 !
 antenna gain 0
 stbc
 speed  basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 channel 2412
 station-role root access-point
 dot11 qos class video local
    admission-control
    admit-traffic signaling infinite
 !
 dot11 qos class voice local
    admission-control
    admit-traffic narrowband max-channel 75 roam-channel 6
 !
 dot11 qos class video cell
    admission-control
 !
 dot11 qos class voice cell
    admission-control
 !
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !       
 encryption mode ciphers aes-ccm
 !
 ssid MYSSID
 !
 antenna gain 0
 peakdetect
 dfs band 3 block
 stbc
 speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. a1ss7 a2ss7 a3ss7
 channel dfs
 station-role root access-point
 dot11 qos class video local
    admission-control
    admit-traffic signaling infinite
 !
 dot11 qos class voice local
    admission-control
    admit-traffic narrowband max-channel 75 roam-channel 6
 !
 dot11 qos class video cell
    admission-control
 !
 dot11 qos class voice cell
    admission-control
 !
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address 58f3.9cea.5d20
 ip address 192.168.6.253 255.255.255.0
 ipv6 enable
!
ip forward-protocol nd
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
snmp-server view dot11view ieee802dot11 included
snmp-server community public view dot11view RO
snmp-server location Home
snmp-server chassis-id Cisco3702i
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
sntp server 173.255.227.205
sntp broadcast client
end

 . 

 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

 HiYou have to add "guest

 

Hi

You have to add "guest mode" command to broadcast your SSID. Also if you need WPA/TKIP support then remove version 2 keyword under SSID & add TKIP option under radio interface encryption config. Also get rid of "infrastructure SSID" command under SSID config.

dot11 ssid MYSSID
   band-select
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 XXXXXXXXXXXX

  guest mode

interface Dot11Radio1
 encryption mode ciphers aes-ccm tkip

Pls do not forget to rate all useful responses 

HTH

Rasika

 

 

5 REPLIES
VIP Purple

 HiYou have to add "guest

 

Hi

You have to add "guest mode" command to broadcast your SSID. Also if you need WPA/TKIP support then remove version 2 keyword under SSID & add TKIP option under radio interface encryption config. Also get rid of "infrastructure SSID" command under SSID config.

dot11 ssid MYSSID
   band-select
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 7 XXXXXXXXXXXX

  guest mode

interface Dot11Radio1
 encryption mode ciphers aes-ccm tkip

Pls do not forget to rate all useful responses 

HTH

Rasika

 

 

New Member

I had a feeling I needed to

I had a feeling I needed to use that "guest mode" -- the term is confusing as I don't want a "guest" network. 

I am still a little confused over the WPA / WPA2 answer.   I want to keep WPA2/AES - PSK as all of my devices, except this HP 8600 printer, are connected using this method.  Won't removing "version 2" break WPA2? 

 

Thx

Perry 

VIP Purple

Hi Perry,No, by removing

Hi Perry,

No, by removing version 2 keyword you simply allow both WPA & WPA2 & that should not break WPA2.

Test & let us know. If all works you can mark this as answered.

 

HTH

Rasika

 

New Member

Thanks.... It did not break

Thanks.... It did not break WPA2 -- which this laptop is using.   I had to add the TKIP option on to Dot11Radio 0 as you also stated.   The HP 8600 would not join the Wireless until I added TKIP even though it has doc that says it supports AES (it is supposed to support WPA2 as well - but it must have some issues.

Thanks again for the quick answers...

Perry

VIP Purple

Great to hear that.Glad to

Great to hear that.

Glad to help you today.. have a nice day

Rasika

660
Views
4
Helpful
5
Replies
CreatePlease to create content