====== Upgrade for LAP1260N-E-K9 Access point and config ====== Not much done on this for various reasons, I have upgraded to a [[ruckus7363accesspoint|Ruckus 7363 Access Point]] instead for now. ===== Introduction ===== Cisco's 1260 wireless access point can be run in two modes, the most common seems to be in LAP or lightweight mode, this requires a wireless controller to function, or the other mode is Autonomous which means it runs as a stand alone Access point without any dependancy on other devices. The LAP can be converted to Autonomous mode by reflashing IOS with a different image. This page covers upgrading a Lightweight (LAP) 1260 Access point to autonomous mode. This means it will function independent of any Wireless Controller. It will also cover setting up multiple SSIDs with a trunk uplink to the switch. {{networking:cisco-air-lap1262n-a-k9-aironet-1262n-80211n-wireless-access.jpg?200 |}} {{networking:cisco-air-cap2602i-e-k9-v02-80211n-poe-wi-fi-access-point.jpg?200 |}} ---- This link from Cisco covers config for Personal and Enterprise use:- [[https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/67134-wpa2-config.html]] [[https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/69773-vlan-ap-config.html]] ===== Diagram ===== Hint:- Use https://www.draw.io/. for block diagram of ios and bridge groups ===== Config ===== ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ap1262n ! logging rate-limit console 9 enable secret 5 $reallysecret ! no aaa new-model no ip routing ip domain name yourdomain.co.uk ip name-server 192.168.123.123 ! ! dot11 syslog dot11 vlan-name Green vlan 1 dot11 vlan-name Guest vlan 4 dot11 vlan-name Voip vlan 7 ! dot11 ssid rb-ap2a vlan 1 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 013152xxxxxxxxxx ! dot11 ssid rb-ap2a24-voip vlan 7 authentication open authentication key-management wpa version 2 wpa-psk ascii 7 1435xxxxxxxxxxxx ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-3051419841 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3051419841 revocation-check none rsakeypair TP-self-signed-3051419841 ! ! crypto pki certificate chain TP-self-signed-3051419841 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 ..... edited ......... A1DA81A8 2B2E471E 8BE42DD1 20DDD3 quit username Cisco password 7 somewhatsecret username admin privilege 15 password 7 anothersecret ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm tkip ! encryption vlan 2 mode ciphers aes-ccm ! encryption vlan 1 mode ciphers aes-ccm ! encryption vlan 3 mode ciphers aes-ccm ! encryption vlan 7 mode ciphers aes-ccm ! ssid rb-ap2a ! ssid rb-ap2a24-voip ! antenna gain 0 mbssid station-role root no dot11 extension aironet ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding ! interface Dot11Radio0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 bridge-group 3 subscriber-loop-control bridge-group 3 spanning-disabled bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding ! interface Dot11Radio0.4 encapsulation dot1Q 4 no ip route-cache bridge-group 4 bridge-group 4 subscriber-loop-control bridge-group 4 spanning-disabled bridge-group 4 block-unknown-source no bridge-group 4 source-learning no bridge-group 4 unicast-flooding ! interface Dot11Radio0.7 encapsulation dot1Q 7 no ip route-cache bridge-group 7 bridge-group 7 subscriber-loop-control bridge-group 7 spanning-disabled bridge-group 7 block-unknown-source no bridge-group 7 source-learning no bridge-group 7 unicast-flooding ! interface Dot11Radio1 no ip address no ip route-cache ! encryption vlan 1 mode ciphers aes-ccm ! encryption vlan 3 mode ciphers aes-ccm ! encryption vlan 2 mode ciphers aes-ccm ! encryption vlan 7 mode ciphers aes-ccm antenna gain 0 no dfs band block channel dfs station-role root no dot11 extension aironet ! interface Dot11Radio1.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding ! interface Dot11Radio1.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 bridge-group 3 subscriber-loop-control bridge-group 3 spanning-disabled bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding ! interface Dot11Radio1.4 encapsulation dot1Q 4 no ip route-cache bridge-group 4 bridge-group 4 subscriber-loop-control bridge-group 4 spanning-disabled bridge-group 4 block-unknown-source no bridge-group 4 source-learning no bridge-group 4 unicast-flooding ! interface Dot11Radio1.7 encapsulation dot1Q 7 no ip route-cache bridge-group 7 bridge-group 7 subscriber-loop-control bridge-group 7 spanning-disabled bridge-group 7 block-unknown-source no bridge-group 7 source-learning no bridge-group 7 unicast-flooding ! interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto no keepalive ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface GigabitEthernet0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 bridge-group 2 spanning-disabled no bridge-group 2 source-learning ! interface GigabitEthernet0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 bridge-group 3 spanning-disabled no bridge-group 3 source-learning ! interface GigabitEthernet0.4 encapsulation dot1Q 4 no ip route-cache bridge-group 4 bridge-group 4 spanning-disabled no bridge-group 4 source-learning ! interface GigabitEthernet0.7 encapsulation dot1Q 7 no ip route-cache bridge-group 7 bridge-group 7 spanning-disabled no bridge-group 7 source-learning ! interface BVI1 ip address 192.168.1.113 255.255.255.0 no ip route-cache ! ip default-gateway 192.168.123.1 ip http server ip http authentication local ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag access-list 111 permit tcp any any neq telnet snmp-server community mycomm RO snmp-server location Pantry snmp-server contact support@yourdomain.co.uk snmp-server chassis-id ap1260n bridge 1 route ip ! ! ! line con 0 access-class 111 in line vty 0 4 access-class 111 in password 7 anothersecret login local transport input ssh line vty 5 15 access-class 111 in password 7 anothersecret login local transport input ssh ! sntp broadcast client end ---- This page has been accessed:- \\ Today: {{counter|today}} \\ Yesterday: {{counter|yesterday}} \\ Until now: {{counter|total}} \\