Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1142 Wireless access point intermittently will not authenticate

Hi all,

We have a Cisco 1142 standalone access point, and from time to time I will come into the office and it will not authenticate any users to either our guest or corporate networks. I then have to go in and reboot the access point. After that, it begins to work. Any advice? Here's my configuration below:

 

Current configuration : 6450 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco-chiap01
!
logging monitor errors
enable secret 5 $1$fsD8$CU42/3/Up5AAlL4hQWvvg0
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 172.17.16.12 auth-port 1645 acct-port 1646
 server 172.17.21.10 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
 server 172.17.21.10 auth-port 1812 acct-port 1813
!
aaa group server radius rad_eap2
 server 172.17.16.12 auth-port 1645 acct-port 1646
 server 172.17.21.10 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
login on-failure log
login on-success log
dot11 syslog
dot11 vlan-name Admin vlan 100
dot11 vlan-name DevNetwork vlan 20
dot11 vlan-name Guest vlan 150
dot11 vlan-name Network vlan 16
!
dot11 ssid DevNetwork
   vlan 20
   authentication open eap eap_methods2 
   authentication network-eap eap_methods2 
   authentication key-management wpa version 2
!
dot11 ssid Guest
   vlan 150
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 142407060101380B013A3A2670435642
   information-element ssidl advertisement
!
dot11 ssid Network
   vlan 16
   authentication open eap eap_methods2 
   authentication network-eap eap_methods2 
   authentication key-management wpa version 2
!
!
!
username monkeyman privilege 15 secret 5 $1$ZZ7C$rqimu2FNONdfeacMNGAD/.
!
!         
bridge irb
!
!
interface Dot11Radio0
 no ip address
 ip helper-address 172.17.19.10
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 !
 encryption vlan 16 mode ciphers aes-ccm 
 !
 encryption vlan 150 mode ciphers aes-ccm 
 !
 encryption vlan 20 mode ciphers aes-ccm 
 !
 ssid DevNetwork
 !
 ssid Guest
 !
 ssid Network
 !
 antenna gain 0
 parent timeout 120
 speed  5.5 11.0 basic-6.0 9.0 12.0 36.0 48.0 54.0
 packet retries 128 drop-packet
 channel 2462
 station-role root
 rts threshold 512
 rts retries 128
!
interface Dot11Radio0.11
 encapsulation dot1Q 11
 no ip route-cache
!
interface Dot11Radio0.16
 encapsulation dot1Q 16 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 bridge-group 20 subscriber-loop-control
 bridge-group 20 block-unknown-source
 no bridge-group 20 source-learning
 no bridge-group 20 unicast-flooding
 bridge-group 20 spanning-disabled
!
interface Dot11Radio0.150
 encapsulation dot1Q 150
 no ip route-cache
 bridge-group 150
 bridge-group 150 subscriber-loop-control
 bridge-group 150 block-unknown-source
 no bridge-group 150 source-learning
 no bridge-group 150 unicast-flooding
 bridge-group 150 spanning-disabled
!
interface Dot11Radio1
 no ip address
 ip helper-address 172.17.19.10
 no ip route-cache
 !
 encryption vlan 16 mode ciphers aes-ccm 
 !
 encryption vlan 150 mode ciphers aes-ccm 
 !
 encryption vlan 20 mode ciphers aes-ccm 
 !
 ssid DevNetwork
 !
 ssid Guest
 !        
 ssid Network
 !
 antenna gain 0
 traffic-metrics aggregate-report
 dfs band 3 block
 mbssid
 parent timeout 120
 speed  6.0 12.0 basic-24.0 36.0 48.0 54.0
 channel width 40-above
 channel dfs
 station-role root access-point
!
interface Dot11Radio1.11
 encapsulation dot1Q 11
 no ip route-cache
!
interface Dot11Radio1.16
 encapsulation dot1Q 16 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 bridge-group 20 subscriber-loop-control
 bridge-group 20 block-unknown-source
 no bridge-group 20 source-learning
 no bridge-group 20 unicast-flooding
 bridge-group 20 spanning-disabled
!
interface Dot11Radio1.150
 encapsulation dot1Q 150
 no ip route-cache
 bridge-group 150
 bridge-group 150 subscriber-loop-control
 bridge-group 150 block-unknown-source
 no bridge-group 150 source-learning
 no bridge-group 150 unicast-flooding
 bridge-group 150 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0.11
 encapsulation dot1Q 11
 no ip route-cache
!
interface GigabitEthernet0.16
 encapsulation dot1Q 16 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 no bridge-group 20 source-learning
 bridge-group 20 spanning-disabled
!
interface GigabitEthernet0.100
 encapsulation dot1Q 100
 ip address 192.168.100.3 255.255.255.0
 no ip route-cache
 bridge-group 100
 no bridge-group 100 source-learning
 bridge-group 100 spanning-disabled
!
interface GigabitEthernet0.150
 encapsulation dot1Q 150
 no ip route-cache
 bridge-group 150
 no bridge-group 150 source-learning
 bridge-group 150 spanning-disabled
!
interface BVI1
 ip address 172.17.16.251 255.255.255.0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface GigabitEthernet0 
access-list 1 permit 172.17.16.1
access-list 1 remark Admin network access
access-list 1 permit 192.168.100.0 0.0.0.255
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.17.21.10 auth-port 1812 acct-port 1813 key 7 047958071C3561410D4A44
radius-server host 172.17.16.12 auth-port 1645 acct-port 1646 key 7 08045E471A48574446
radius-server host 172.17.21.10 auth-port 1645 acct-port 1646 key 7 1320051B185D56797F
radius-server timeout 15
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 access-class 1 in
!
end
6 REPLIES
VIP Purple

When the issue occurs does

When the issue occurs does that affect both 2.4GHz & 5GHz devices ? I would see which band operating devices affected.

I noticed you have set CH11 under Radio 0 statically.  I would prefer to configure it as below so AP can change the channel depend on the environment.

int d0

channel least-congested

 

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Thanks for the input.To

Thanks for the input.

To answer your question, yes it does happen on both 2.4GHz and 5GHz devices.

For the static channel, I did that for our old building because we were having channel interference in our last office suite and statically setting it made it much more predictable. We've moved since then, so I can definitely change it back.

 

VIP Purple

If that is the case I would

If that is the case I would check the IOS upgrade option as well.

What version of 12.4.(x) is running on your 1142 ?

HTH

Rasika

*** Pls rate all useful responses ****

New Member

Version 12.4(23c)JA6Michael

Version 12.4(23c)JA6

Michael

VIP Purple

I do not have these

I do not have these autonomous AP in my production. But I have used below code for my lab environment & did not come across any issues.

So if possible move to that & see if any improvement

c1140-k9w7-tar.124-25d.JA.tar

 

HTH

Rasika

 

New Member

I will take your suggestions

I will take your suggestions and give any updates. Thank you very much for all your help!

68
Views
5
Helpful
6
Replies
CreatePlease login to create content