Table of Contents
Upgrade for LAP1260N-E-K9 Access point and config
Not much done on this for various reasons, I have upgraded to a Ruckus 7363 Access Point instead for now.
Introduction
Cisco's 1260 wireless access point can be run in two modes, the most common seems to be in LAP or lightweight mode, this requires a wireless controller to function, or the other mode is Autonomous which means it runs as a stand alone Access point without any dependancy on other devices.
The LAP can be converted to Autonomous mode by reflashing IOS with a different image.
This page covers upgrading a Lightweight (LAP) 1260 Access point to autonomous mode. This means it will function independent of any Wireless Controller.
It will also cover setting up multiple SSIDs with a trunk uplink to the switch.
This link from Cisco covers config for Personal and Enterprise use:- https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/67134-wpa2-config.html
Diagram
Hint:- Use https://www.draw.io/. for block diagram of ios and bridge groups
Config
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap1262n
!
logging rate-limit console 9
enable secret 5 $reallysecret
!
no aaa new-model
no ip routing
ip domain name yourdomain.co.uk
ip name-server 192.168.123.123
!
!
dot11 syslog
dot11 vlan-name Green vlan 1
dot11 vlan-name Guest vlan 4
dot11 vlan-name Voip vlan 7
!
dot11 ssid rb-ap2a
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 013152xxxxxxxxxx
!
dot11 ssid rb-ap2a24-voip
vlan 7
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 1435xxxxxxxxxxxx
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3051419841
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3051419841
revocation-check none
rsakeypair TP-self-signed-3051419841
!
!
crypto pki certificate chain TP-self-signed-3051419841
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
..... edited .........
A1DA81A8 2B2E471E 8BE42DD1 20DDD3
quit
username Cisco password 7 somewhatsecret
username admin privilege 15 password 7 anothersecret
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
encryption vlan 7 mode ciphers aes-ccm
!
ssid rb-ap2a
!
ssid rb-ap2a24-voip
!
antenna gain 0
mbssid
station-role root
no dot11 extension aironet
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 spanning-disabled
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
!
interface Dot11Radio0.7
encapsulation dot1Q 7
no ip route-cache
bridge-group 7
bridge-group 7 subscriber-loop-control
bridge-group 7 spanning-disabled
bridge-group 7 block-unknown-source
no bridge-group 7 source-learning
no bridge-group 7 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 7 mode ciphers aes-ccm
antenna gain 0
no dfs band block
channel dfs
station-role root
no dot11 extension aironet
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio1.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio1.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 spanning-disabled
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
!
interface Dot11Radio1.7
encapsulation dot1Q 7
no ip route-cache
bridge-group 7
bridge-group 7 subscriber-loop-control
bridge-group 7 spanning-disabled
bridge-group 7 block-unknown-source
no bridge-group 7 source-learning
no bridge-group 7 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
no bridge-group 3 source-learning
!
interface GigabitEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 spanning-disabled
no bridge-group 4 source-learning
!
interface GigabitEthernet0.7
encapsulation dot1Q 7
no ip route-cache
bridge-group 7
bridge-group 7 spanning-disabled
no bridge-group 7 source-learning
!
interface BVI1
ip address 192.168.1.113 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.123.1
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
snmp-server community mycomm RO
snmp-server location Pantry
snmp-server contact support@yourdomain.co.uk
snmp-server chassis-id ap1260n
bridge 1 route ip
!
!
!
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
password 7 anothersecret
login local
transport input ssh
line vty 5 15
access-class 111 in
password 7 anothersecret
login local
transport input ssh
!
sntp broadcast client
end
This page has been accessed:-
Today: 1
Yesterday: 2
Until now: 129