Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Aironet 2600 connected to access point and internet but not to local resources

Hi,

I have problem with Cisco Aironet 2600 Access Point and just wander if somebody could point me how to troubleshoot issue like that. Basically 8 months ago some users sometimes started to have problems with connectivity to servers (couple of) located in the same network with firewall and access point (SMB, RDP, ICMP). However they are getting access to internet through ASA firewall and connection to Access Point is working fine. User had to disconnect and connect over cable to get it working. Only some users were affected and no pattern in this (one day particular users is fie, next not). There were many different network adapters and systems (Windows 7, Windows8, IOS). Eventually I replaced Access point to new one (same model) and everything have been working fine for 5 months and today the same problem againL

Cable connection works ok all the time. Any idea what it could be? No firewall or router between AP and the network.

Thank you.

Config below:

Building configuration...

 

Current configuration : 3776 bytes

!

! Last configuration change at 15:39:54 UTC Thu Apr 24 2014

! NVRAM config last updated at 15:14:53 UTC Thu Apr 24 2014

! NVRAM config last updated at 15:14:53 UTC Thu Apr 24 2014

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP

!

logging rate-limit console 9

enable secret 5 secret

!

no aaa new-model

no ip routing

ip domain name netwotk.local

!

!

dot11 syslog

!

dot11 ssid WiFi-Network

   authentication open

   authentication key-management wpa version 2

   guest-mode

   wpa-psk ascii 7 DHFDIS2323JFdF335353534

!

dot11 network-map

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-579476643

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-579476643

 revocation-check none

 rsakeypair TP-self-signed-579476643

!

!

crypto pki certificate chain TP-self-signed-579476643

 certificate self-signed 01

 

        quit

username user privilege 15 secret 5 $$J£KHSHFK£HK$H£KHFHEHFefef

!

!

bridge irb

!

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers aes-ccm tkip

 !

 ssid WiFi-Network

 !

 antenna gain 0

 stbc

 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

 channel 2462

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface Dot11Radio1

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip

 !

 ssid WiFi-Network

 !

 antenna gain 0

 no dfs band block

 stbc

 channel width 40-above

 channel 5240

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface GigabitEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

 bridge-group 1

 bridge-group 1 spanning-disabled

 no bridge-group 1 source-learning

!

interface BVI1

 ip address 192.168.1.240 255.255.255.0

 no ip route-cache

!

ip default-gateway 192.168.1.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

no cdp run

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

 login local

 transport input all

!

end

9 REPLIES
VIP Purple

Hi,I would do the config like

Hi,

I would do the config like below as WPA2 always go with AES & not TKIP. Also I would not set CH statically & let it be dynamic.

interface Dot11Radio0
 no encryption mode ciphers aes-ccm tkip
 encryption mode ciphers aes-ccm
 channel least-congested
!
interface Dot11Radio1
 no encryption mode ciphers tkip
 encryption mode ciphers aes-ccm
 channel dfs

Still problem persist, I would check the software version used in the previous 2600(may be old IOS, but could be stable). if it is different (like 12.x) I would go with that & see.

 

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Check your ARP entries on

Check your ARP entries on both your wireless client and on the server you can't connect to.

Do they exist and are they correct?

New Member

Andrew,Thank you for your

Andrew,

Thank you for your reply.

ARP entries don't exist (only for default gateway)

 

New Member

What version of code are you

What version of code are you running "sh ver".

How many clients are associated "show dot11 assoc".

What does the Ethernet interface look like - any errors: "show int gi0".

New Member

Hi Andrew,Thank you for your

Hi Andrew,

Thank you for your reply, please see below:

AP1#sh ver
Cisco IOS Software, C3600 Software (AP3G2-K9W7-M), Version 15.2(2)JA, RELEASE SO                                                                                                             FTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 23-Aug-12 02:59 by prod_rel_team

ROM: Bootstrap program is C3600 boot loader
BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SO                                                                                                             FTWARE (fc1)

AP1 uptime is 19 weeks, 3 days, 20 hours, 57 minutes
System returned to ROM by power-on
System restarted at 11:21:39 UTC Thu Dec 12 2013
System image file is "flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA"
Last reload reason:

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-SAP2602I-E-K9    (PowerPC) processor (revision A0) with 180214K/81920K                                                                                                              bytes of memory.
Processor board ID FCZ1743D00Z
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: E4:C7:22:8A:1C:A3
Part Number                          : 73-14588-02
PCA Assembly Number                  : 800-37899-01
PCA Revision Number                  : A0
PCB Serial Number                    : FOC17362Q7M
Top Assembly Part Number             : 800-38356-01
Top Assembly Serial Number           : FCZ1743D00Z
Top Revision Number                  : A0
Product/Model Number                 : AIR-SAP2602I-E-K9

 

Configuration register is 0xF

AP1#show dot11 assoc

802.11 Client Stations on Dot11Radio0:

SSID [Richmond-Network] :

MAC Address    IP address      Device        Name            Parent         Stat                                                                                                             e
0026.8290.e459 192.168.1.146   unknown       -               self           Asso                                                                                                             c
00db.df12.b29f 192.168.1.72    ccx-client    AP1     self           Asso                                                                                                             c
181e.b04d.f062 192.168.1.135   unknown       -               self           Asso                                                                                                             c
183d.a28f.02e8 192.168.1.142   ccx-client    AP1     self           Asso                                                                                                             c
400e.8534.9560 192.168.1.66    ccx-client    -               self           Asso                                                                                                             c
5472.4f4d.4e16 192.168.1.138   unknown       -               self           Asso                                                                                                             c
7018.8be2.60b0 192.168.1.140   ccx-client    -               self           Asso                                                                                                             c
7018.8be2.611f 192.168.1.68    ccx-client    -               self           Asso                                                                                                             c
a44e.31ae.8734 192.168.1.143   ccx-client    AP1     self           Asso                                                                                                             c
a888.0858.abba 192.168.1.71    unknown       -               self           Asso                                                                                                             c
b8f6.b1f2.18e4 192.168.1.145   unknown       -               self           Asso                                                                                                             c
c8f7.33ad.93cd 192.168.1.139   ccx-client    EMMA-TOSH       self           Asso                                                                                                             c
cc52.af5f.486a 192.168.1.70    unknown       -               self           Asso                                                                                                             c


802.11 Client Stations on Dot11Radio1:

SSID [Richmond-Network] :

MAC Address    IP address      Device        Name            Parent         Stat                                                                                                             e
3423.bada.be67 192.168.1.67    unknown       -               self           Asso                                                                                                             c
380f.4ac5.8ae8 192.168.1.151   unknown       -               self           Asso                                                                                                             c
54e4.3a89.2600 0.0.0.0         unknown       -               self           Asso                                                                                                             c

AP1#show int gi0
GigabitEthernet0 is up, line protocol is up
  Hardware is PowerPC Ethernet, address is e4c7.228a.1ca3 (bia e4c7.228a.1ca3)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 255/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is T
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 3/22852/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 75000 bits/sec, 10 packets/sec
  5 minute output rate 12000 bits/sec, 8 packets/sec
     458698827 packets input, 621337110 bytes, 0 no buffer
     Received 54198669 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     364073996 packets output, 3314222521 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

 

 

New Member

Hello

Hello

You could solve the problem ??

Regards.

New Member

Rasika, Thank you for your

Rasika,

 

Thank you for your reply. I've tested settings above and they haven't helped. Unfortunately I don't have old AP so can't compare ISO version and I don't have support contract so can't download new one:-(

Hall of Fame Super Silver

When you make these changes

When you make these changes the Rasika provided, you need to also make sure you delete the profile from the client and create it again.

Please rate helpful post and Cisco Support Community will donate to Kiva

Scotty

-Scott
*** Please rate helpful posts ***
New Member

Hi Scott,I'm not sure how to

Hi Scott,

I'm not sure how to rate this as helpful, I gave 5 stars, is it what Cisco is looking fore to donate?

1007
Views
5
Helpful
9
Replies
CreatePlease login to create content