5
cisco air 1240ag
802.11 G läuft einwandfrei, aber bei 802.11a ist der status immer auf down.
was mache ich falsch, normaler weise müssten dieser ap beide zeitgleich unterstützten.
was mache ich falsch, normaler weise müssten dieser ap beide zeitgleich unterstützten.
Auf Facebook teilen
Auf X (Twitter) teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 78617
Url: https://administrator.de/forum/cisco-air-1240ag-78617.html
Ausgedruckt am: 23.04.2025 um 08:04 Uhr
5 Kommentare
Neuester Kommentar
Poste doch mal deine Config!
Wird wohl ein Fehler drin sein.
show run
Schau mer mal, dann sehn wir schon.
Wird wohl ein Fehler drin sein.
show run
Schau mer mal, dann sehn wir schon.
danke das werde ich machen, kann aber erst am we!!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
!
hostname esc-ap
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.10.200 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone +0100 1
ip name-server 192.168.10.200
ip name-server 195.58.160.194
ip name-server 195.58.161.122
!
!
!
dot11 ssid esc
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
power inline negotiation prestandard source
!
!
username admin password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid esc
!
antenna gain 2
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.10.253 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
nas 192.168.10.200 key 7 02160B49180507241C16584C5445415F59527D737D
user akocsar nthash 7 10192B3C2031365D2A217E0E767A6B6107405247522275000A00042D51494E087E
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.10.200 auth-port 1645 acct-port 1646 key 7 12090A05010804017A73757D62677147524054590F
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
sntp server 192.168.10.200
sntp broadcast client
end
no service pad
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
!
hostname esc-ap
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.10.200 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone +0100 1
ip name-server 192.168.10.200
ip name-server 195.58.160.194
ip name-server 195.58.161.122
!
!
!
dot11 ssid esc
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
power inline negotiation prestandard source
!
!
username admin password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid esc
!
antenna gain 2
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.10.253 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
nas 192.168.10.200 key 7 02160B49180507241C16584C5445415F59527D737D
user akocsar nthash 7 10192B3C2031365D2A217E0E767A6B6107405247522275000A00042D51494E087E
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.10.200 auth-port 1645 acct-port 1646 key 7 12090A05010804017A73757D62677147524054590F
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
sntp server 192.168.10.200
sntp broadcast client
end
Hier meine Config eines Cisco AP 1232.
Da geht 802.1a als auch b und g.
Wir benutzen fuers Management ein zweites VLAN (600).
Die Subinterfaces haben wir nach den VLANs benannt, also z. B. 0.666 und 0.600.
Bei dem AP ist jedoch noch kein 802.1X konfiguriert (eap usw).
Ich denke fuer dein dot11radio1 fehlt die SSID in deiner config?
Ausserdem mal die bridgroup configuration vergleichen.
version 12.3
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname autobahn
!
enable secret 5 xxxx
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip domain name lol.blah.de
ip name-server x.x.x.x
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local none
aaa session-id common
!
dot11 ssid Autobahn
vlan 666
authentication open
guest-mode
!
!
crypto pki trustpoint TP-self-signed-3122603782
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3122603782
revocation-check none
rsakeypair TP-self-signed-3122603782
!
!
crypto ca certificate chain TP-self-signed-3122603782
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313232 36303337 3832301E 170D3036 30393036 30383433
33335A17 0D323030 313sssss0 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31323236
30333738 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB53 F5C8D4F6 05E5FED8 48E5D2F4 75775BEC 9A23527C 7C53BCAA 4F532FC4
B5AB12DC BFC7166D BB9094A1 DA8A3DF7 C7763C32 3339EB21 CFDB5223 1B3476E8
FE87AD4B FF474B51 sssssss sssss sss sssFA67855D 9A168C90 786055EE 612FBB61
6946BF52 A42242E2 4433CF3E 60ED5EC3 EECB8154 19DAD777 4F47EBB8 079EFAFD
02F90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14F496CA D3D68864 A8A01780 4F71DEE9 42C32D79 C7301D06
03551D0E 04160414 F496CAD3 D68864A8 A017804F 71DEE942 C32D79C7 300D0609
2A864886 F70D0101 04050003 ssssssssssA C5C9C3CE 9302481C 2C29D7CE 1D554333
0D6DFEDA 2A40E212 A4AC5EAB 32423415 AE7A9B22 8BF7E526 82725E0C D1C51A92
7063B874 sssssssss E4912856 64071184 545A2A47 EEF1685A 02D284D9 555DCB58
1FC8DCFB C9940C71 D6F3A8D5 DDE23B42 CC9290E4 FFDD446E 053CA347 5E26224E
A5702527 sssssssss 11DAF8C6 5C154D
quit
username localadmin privilege 15 secret 5 xxxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid Autobahn
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2457
station-role root
rts threshold 2312
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.666
description VLAN fuer Autobahn
encapsulation dot1Q 666
no ip route-cache
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Autobahn
!
no dfs band block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.666
description VLAN fuer SSID Autobahn
encapsulation dot1Q 666
no ip route-cache
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0.666
description VLAN fuer SSID Autobahn
encapsulation dot1Q 666
no ip route-cache
no cdp enable
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface FastEthernet0.600
description Management VLAN
encapsulation dot1Q 600
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address xxx
no ip route-cache
!
ip default-gateway xxx
no ip http server
ip http access-class 1
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
logging facility local4
logging xxx
access-list 1 permit xxx
access-list 11 permit xxx 0.0.0.255
snmp-server engineID local 0000000902000006D78E02C0
snmp-server community xxx
snmp-server community xxx
snmp-server location xxx
snmp-server contact hr. mayer
snmp-server enable traps tty
snmp-server enable traps rogue-ap
snmp-server host xxx xxx
snmp-server host xxx xxx
snmp-server host xxx xxx
tacacs-server host xxx
tacacs-server directed-request
tacacs-server key 7 xxxxx
!
control-plane
!
bridge 1 route ip
!
!
alias exec c conf t
alias exec copytftp copy run tftp://xxx/cisco/xxx
!
line con 0
line vty 0 4
access-class 1 in
transport input ssh
line vty 5 15
access-class 1 in
transport input ssh
!
sntp server xxx
end
Da geht 802.1a als auch b und g.
Wir benutzen fuers Management ein zweites VLAN (600).
Die Subinterfaces haben wir nach den VLANs benannt, also z. B. 0.666 und 0.600.
Bei dem AP ist jedoch noch kein 802.1X konfiguriert (eap usw).
Ich denke fuer dein dot11radio1 fehlt die SSID in deiner config?
Ausserdem mal die bridgroup configuration vergleichen.
version 12.3
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname autobahn
!
enable secret 5 xxxx
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip domain name lol.blah.de
ip name-server x.x.x.x
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local none
aaa session-id common
!
dot11 ssid Autobahn
vlan 666
authentication open
guest-mode
!
!
crypto pki trustpoint TP-self-signed-3122603782
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3122603782
revocation-check none
rsakeypair TP-self-signed-3122603782
!
!
crypto ca certificate chain TP-self-signed-3122603782
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313232 36303337 3832301E 170D3036 30393036 30383433
33335A17 0D323030 313sssss0 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31323236
30333738 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB53 F5C8D4F6 05E5FED8 48E5D2F4 75775BEC 9A23527C 7C53BCAA 4F532FC4
B5AB12DC BFC7166D BB9094A1 DA8A3DF7 C7763C32 3339EB21 CFDB5223 1B3476E8
FE87AD4B FF474B51 sssssss sssss sss sssFA67855D 9A168C90 786055EE 612FBB61
6946BF52 A42242E2 4433CF3E 60ED5EC3 EECB8154 19DAD777 4F47EBB8 079EFAFD
02F90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14F496CA D3D68864 A8A01780 4F71DEE9 42C32D79 C7301D06
03551D0E 04160414 F496CAD3 D68864A8 A017804F 71DEE942 C32D79C7 300D0609
2A864886 F70D0101 04050003 ssssssssssA C5C9C3CE 9302481C 2C29D7CE 1D554333
0D6DFEDA 2A40E212 A4AC5EAB 32423415 AE7A9B22 8BF7E526 82725E0C D1C51A92
7063B874 sssssssss E4912856 64071184 545A2A47 EEF1685A 02D284D9 555DCB58
1FC8DCFB C9940C71 D6F3A8D5 DDE23B42 CC9290E4 FFDD446E 053CA347 5E26224E
A5702527 sssssssss 11DAF8C6 5C154D
quit
username localadmin privilege 15 secret 5 xxxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid Autobahn
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2457
station-role root
rts threshold 2312
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.666
description VLAN fuer Autobahn
encapsulation dot1Q 666
no ip route-cache
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid Autobahn
!
no dfs band block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.666
description VLAN fuer SSID Autobahn
encapsulation dot1Q 666
no ip route-cache
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0.666
description VLAN fuer SSID Autobahn
encapsulation dot1Q 666
no ip route-cache
no cdp enable
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface FastEthernet0.600
description Management VLAN
encapsulation dot1Q 600
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address xxx
no ip route-cache
!
ip default-gateway xxx
no ip http server
ip http access-class 1
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
logging facility local4
logging xxx
access-list 1 permit xxx
access-list 11 permit xxx 0.0.0.255
snmp-server engineID local 0000000902000006D78E02C0
snmp-server community xxx
snmp-server community xxx
snmp-server location xxx
snmp-server contact hr. mayer
snmp-server enable traps tty
snmp-server enable traps rogue-ap
snmp-server host xxx xxx
snmp-server host xxx xxx
snmp-server host xxx xxx
tacacs-server host xxx
tacacs-server directed-request
tacacs-server key 7 xxxxx
!
control-plane
!
bridge 1 route ip
!
!
alias exec c conf t
alias exec copytftp copy run tftp://xxx/cisco/xxx
!
line con 0
line vty 0 4
access-class 1 in
transport input ssh
line vty 5 15
access-class 1 in
transport input ssh
!
sntp server xxx
end
danke, funktioniert gut!!!
habe jetzt nur mehr ein problem mit der reichweite!!! welche antennen haben eine gute leistung???
habe jetzt nur mehr ein problem mit der reichweite!!! welche antennen haben eine gute leistung???
