Clicky

I have an office space using two Cisco Aironet 1140 AP's. The SSID's / encryption / cipher are all identical on both AP's however it's as if they're not working together. I see 2 separate SSID's and clients tend to drop when walking from one side of the space to the other.

Both AP's are on the same LAN and can ping each other. When I look for CDP neighbors I don't get any results. The building isn't that big, so I know it's not a space issue. If I were to unplug one AP, all of the clients would jump to the other AP but simply have a weak signal.  

Am I missing a command somewhere to let the AP's know about the other?

asked 08/30/2011 08:49

prlit's gravatar image

prlit ♦♦


11 Answers:
Do you have the AP on separate channels? They need to be, such as one one 6 and the other on 11.
link
Soulja's gravatar image

Soulja

I think they're on the Cisco option of "Use least congested channel".

Should I change that to static?
link
prlit's gravatar image

prlit

I would set them to static channels.
link
Soulja's gravatar image

Soulja

If your clients can see more than one SSID the security configurations on the APs are NOT the same.

Can you post the complete configs from both APs?
link
craigbeck's gravatar image

craigbeck

There's craigbeck! There another thread you should look at too. It's called wireless for large home.
link
Soulja's gravatar image

Soulja

lol @Soulja!  How you doin buddy?

I'll take a look ;-)
link
craigbeck's gravatar image

craigbeck

AP1:

show run
Building configuration...

Current configuration : 1475 bytes
!
! Last configuration change at 08:40:24 UTC Tue Aug 30 2011 by Cisco
! NVRAM config last updated at 08:40:24 UTC Tue Aug 30 2011 by Cisco
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
enable secret 5 $1$Uqns$j67yIFn1IbU0mzrh3Vfgk.
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid FCMG
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 12485047455A5C557A7A74
!
dot11 network-map
!
!
username Cisco password 7 14341B180F0B
username prl-it privilege 15 password 7 044F0E0507015C5C05
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm tkip
 !
 ssid FCMG
 !
 antenna gain 0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.14.15 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.14.10
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end
#


AP2:


Current configuration : 1419 bytes
!
! Last configuration change at 08:39:57 UTC Tue Aug 30 2011 by Cisco
! NVRAM config last updated at 08:39:57 UTC Tue Aug 30 2011 by Cisco
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
enable secret 5 $1$v0Au$XkohEo7pimoi4LMT99jTR.
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid FCMG
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 014253540C5A565E711D1E
!
dot11 network-map
!
!
username Cisco password 7 02250D480809
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm tkip
 !
 ssid FCMG
 !
 antenna gain 0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.14.16 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.14.10
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end



link
prlit's gravatar image

prlit

Hmmm, I apologise - the security configs are identical.
However, I don't understand how you can see the SSID's on your clients when they're not broadcasting the SSID!

Can you change the following on each AP, then delete the wireless profile for the FCMG WLAN on your clients and try again...

conf t
dot11 ssid FCMG
 guest-mode
end
link
craigbeck's gravatar image

craigbeck

No apologies necessary!!! I appreciate the help.

What does that command do?
link
prlit's gravatar image

prlit

That command broadcasts the SSID, so when you delete the existing WLAN profile on your client it will automatically configure a new WLAN profile with the correct SSID and security parameters.  If you see two identical SSID's I'd guess that the APs are advertising both WPA/TKIP and WPA/AES.

If I am correct, you can disable either TKIP or AES to test, as follows...

conf t
int dot0
 encryption mode ciphers tkip   (to disable AES)
end

or

conf t
int dot0
 encryption mode ciphers aes    (to disable TKIP)
end
link
craigbeck's gravatar image

craigbeck

thanks
link
prlit's gravatar image

prlit

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×4
×85
×50

Asked: 08/30/2011 08:49

Seen: 525 times

Last updated: 09/14/2011 08:06