We have a pfSense server, with several VLAN's configured on it and this pfSense is direcftly connected to several Cisco AP's. Cisco AP configuration is basically an SSID and a VLAN number.
I recently upgraded all APs due to the KRACK vulnerability.
AP001 works fine. I have exported running-config to a configfile. AP002 is completely reset/cleared and configured from the same configfile (copy tftp: running-config).
Result: AP001 works fine. AP002 does not work at all. Same goes for any other AP. It kinda drives me crazy.
Any suggestions why this is no longer working. Should I be looking at pfSense or the APs? There is nothing specific configured for any AP in pfSense.
<code> ^ version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP001
!
!
logging rate-limit console 9
enable secret 5 xxxxxxxxxx
!
no aaa new-model
no ip source-route
no ip cef
!
!
!
!
dot11 pause-time 100
dot11 syslog
!
dot11 ssid MY-SSID-1
vlan 2 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxx information-element ssidl advertisement
!
dot11 ssid MY-SSID-2
vlan 9 authentication open mbssid guest-mode information-element ssidl
!
!
!
no ipv6 cef
!
!
username Cisco privilege 15 password 7 xxxxxxxxxxxx
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
ssid MY-SSID-1
!
ssid MY-SSID-2
!
antenna gain 0
mbssid
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.9
encapsulation dot1Q 9
no ip route-cache
bridge-group 9
bridge-group 9 subscriber-loop-control
bridge-group 9 spanning-disabled
bridge-group 9 block-unknown-source
no bridge-group 9 source-learning
no bridge-group 9 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
!
interface GigabitEthernet0.9
encapsulation dot1Q 9
no ip route-cache
bridge-group 9
bridge-group 9 spanning-disabled
no bridge-group 9 source-learning
!
interface BVI1
mac-address xxxxxxxxxxxx
ip address dhcp client-id GigabitEthernet0
no ip route-cache
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://ift.tt/1M5jmKo
!
!
snmp-server community public RO
bridge 1 route ip
!
!
!
line con 0
password 7 xxxxxxxxxxxx
line vty 0 4
password 7 xxxxxxxxxxxx
login local
transport input all
!
end</code>
No comments:
Post a Comment