Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

problem with aironet 1240

I have an network with aironet 1240, I can't connect to wifi with my mobiles devices

it is a local network of more mobile devices (do not support networks secured wpa, wep etc ...) that connects to a local server, all machine have IP Addresses 10.10.2.x ,I want that the access point accepts only machine that have 10.10.2.x Address 

event log  :
1 March 1 03:24:14.066 Information Interface Dot11Radio0 , Station 0010.3900.0ae7 Associated KEY_MGMT [ NONE ]
2 March 1 03:24:13.833 Warning Packet to customer 0010.3900.0ae7 Reached max retries , Removing the customer
3 March 1 03:24:13.829 Information Interface Dot11Radio0 , Deauthenticating Station 0010.3900.0ae7 Reason : Previous authentication no valid along
4 March 1 03:24:13.828 Warning Packet to customer 0010.3900.0ae7 Reached max retries , Removing the customer
in association the IP address is 0.0.0.0 but my devices  have a fixed IP address 10.10.2.24


my config is:

!
! Last configuration change at 2:45:41 UTC Mon March 1, 1993
Version 15.2
no service pad
the service timestamps debug datetime msec
the service timestamps log datetime msec
the service password-encryption
!
hostname ap
!
!
logging rate -limit console 9
enable secret $ 5 $ 1 $ mJy0 vOeSPnGp6i1qle.aON.2r .
!
no aaa new -model
ip cef
!
!
!
dot11 syslog
dot11 vlan -name vlan 1 bechbech
!
dot11 ssid bechir
   vlan 1
   open authentication
   guest- fashion
   infrastructure - ssid optional
   ip redirection host 10.10.2.5
!
!
dot11 network -map
dot11 arp cache optional
dot11 priority -map AVVID
crypto pki token default removal timeout 0
!
!
Cisco username password 7 062506324F41
!
!
bridge irb
!
!
!
Dot11Radio0 interface
 no ip address
 !
 ssid bechir
 !
 antenna gain 0
 speed basic -1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0 . m1 . m2 . m3 . m4 . m5 . m6 . m7 . m8 . m9 . m10 . m11 . m12 . m13 . m14 . m15 .
 power local client
 channel 2437
 station -role root
 dot11 dot11r pre -authentication over- air
 no dot11 extension aironet
 infrastructure -client
!
Dot11Radio0.1 interface
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber -loop -control
 bridge-group 1 spanning- disabled
 bridge-group 1-port - protected
 bridge-group 1 block -unknown- source
 no bridge-group 1 source -learning
 no bridge-group 1 unicast - flooding
!
GigabitEthernet0 interface
 no ip address
 half duplex
 auto speed
 no keepalive
!
GigabitEthernet0.1 interface
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning- disabled
 no bridge-group 1 source -learning
!
BVI1 interface
 ip address 10.10.2.5 255.255.255.0
!
ip forward -protocol nd
ip http server
no ip http secure-server
ip http help- path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
ip access- list extended bbb
 permit ip any any
 permit ip any 0.0.0.5 255.255.255.0
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 local login
 transport input all
!
end

I think my problem is related to the decryption

client status below:

 

what I need to change? it's urgent please

thank you in advance

 

3 REPLIES
Hall of Fame Super Silver

Well... when I looked at the

Well... when I looked at the software available for the 1240's, I don't see v15.2 which it shows you are running?

!
! Last configuration change at 2:45:41 UTC Mon March 1, 1993
Version 15.2

-Scott
*** Please rate helpful posts ***
New Member

excuse me this is not 1240,

excuse me this is not 1240, the exact reference is: AIR-AP1041N-E-K9 
regarding the date and time that is good, I correct it but the same problem 
and here is the current config, I had to change several things:

 

!
! No configuration change since last restart
! NVRAM config last updated at 18:30:28 UTC Fri May 16 2014
! NVRAM config last updated at 18:30:28 UTC Fri May 16 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
!
logging rate-limit console 9
enable secret 5 $1$mJy0$vOeSPnGp6i1qle.aON.2r.
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
ip cef
!
!
!
dot11 syslog
dot11 activity-timeout client maximum 100
dot11 vlan-name bechbech vlan 1
dot11 vlan-name vlan2 vlan 2
!
dot11 ssid bechir
   vlan 1
   band-select
   authentication open 
   guest-mode
   infrastructure-ssid optional
   no ids mfp client
!
!
dot11 ids mfp distributor
dot11 network-map
dot11 arp-cache optional
dot11 priority-map avvid
eap profile 1
!
eap profile 2
!
eap profile 4
!
eap profile 5
!
eap profile 6
!
eap profile 7
!
eap profile 8
!
crypto pki token default removal timeout 0
!
!
dot1x timeout reauth-period server
username Cisco password 7 062506324F41
username 001039000ae7 password 7 08711C1F594A5C47425B0D017D
username 001039000ae7 autocommand exit
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 ssid bechir
 !
 antenna gain 0
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 power client local
 channel 2437
 station-role root access-point
 payload-encapsulation dot1h
 dot11 dot11r pre-authentication over-air
 world-mode legacy
 infrastructure-client
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex full
 speed auto
 dot1x supplicant eap profile 8
 no keepalive
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
 encapsulation dot1Q 2
 bridge-group 2
 bridge-group 2 spanning-disabled
 no bridge-group 2 source-learning
!
interface BVI1
 ip address 192.168.1.5 255.255.255.0
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
!
ip access-list extended bbb
 permit ip any any
 permit ip any 0.0.0.5 255.255.255.0
ip access-list extended frwooo
 permit ip 0.0.0.1 255.255.255.0 0.0.0.1 255.255.255.0
 permit ip any any
 permit tcp any any established
 permit tcp any any eq 1
 permit 0 any any
 permit udp any any eq snmp
 permit udp any any eq 1
 deny   ip any any
!
access-list 200 permit 0x0000 0x0000
access-list 200 permit 0x0000 0xFFFF
access-list 700 permit 0000.0000.0000   0010.3900.0ae7
access-list 700 permit 0000.0000.0000   ffff.ffff.ffff
radius-server local
  no authentication eapfast
  no authentication leap
  no authentication mac
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
sntp broadcast client
end

 

thank you in advance 

New Member

hi Scott you can help me?

hi Scott you can help me? please it's urgent 

156
Views
0
Helpful
3
Replies
CreatePlease to create content