The Cisco Aironet AIR-AP1142N-E-K9 is a versatile, legacy dual-band access point that uses 802.11n (Wi-Fi 4) wireless technology. This access point supports both the 2.4 GHz and 5 GHz bands, providing users with flexibility in their wireless network setup.
While it does not match the speed of the newer 802.11ac (Wi-Fi 5) standard, the 1142N is still a reliable choice, particularly in environments with electromagnetic interference from devices like microwave ovens and cordless phones.
This guide will walk you through the configuration steps necessary to set up the Cisco Aironet AIR-AP1142N-E-K9 which is converted to Autonomous mode.
As shown in Figure 1, Cisco AP1142 is connected via its Gi0 interface to the Mikrotik router. The purpose of the Cisco AP is to extend the coverage of the wireless network configured on the Mikrotik router. The Cisco AP 1142 supports the 802.3af Power over Ethernet (PoE) standard. It has a distance limit of 100 meters for cable, which greatly extends the coverage of the Mikrotik wireless network.
The IP address of the Mikrotik router is 192.168.88.1. This is the default gateway address for the Cisco AP. We will later assign the IP address 192.168.88.150 to the Cisco AP.
Address plan:
- Cisco APv1142 BVI1: 192.168.88.150/24
- Mikrotik hAP ac3: 192.168.88.1/24
Picture 1 - Cisco Access Point 1142 Connected to Mikrotik Router
1. Checking Access Point Mode
If there is "LAP" or "CAP" in the part number, the AP is shipped in Lightweight mode. For instance, if your AP is labeled AIR-LAP1142N-E-K9, it is initially in Lightweight mode. You would need to convert it to Autonomous mode if desired.
To determine whether your AP is configured in Lightweight or Autonomous mode, display the information using the CLI command show version. Autonomous APs have "K9W7" in their image name, while Lightweight APs have "K9W8".
ap> show version | incl flash:/
System image file is "flash:/c1140-k9w7-mx.153-3.JD/c1140-k9w7-xx.153-3.JD"
In the example above, the system image file contains "k9w7", indicating that the AP is in Autonomous mode. If your AP is in Lightweight mode, you can convert it to Autonomous mode using the following guide.
2. Erasing NV Memory and IOS Environment Variables
Before starting the configuration, it is important to reset the access point to its default settings. This ensures that any previous configurations do not interfere with the new setup.
ap> enable
ap# default-config
ap# reload
This sequence deletes the startup configuration, including any static IP addresses.
3. Configuring Management Interface
After rebooting, the access point receives an IP address from a DHCP server via the BVI1 interface. The BVI1 bridges the Dot11Radio0, Dot11Radio1, and GigabitEthernet0 interfaces. This allows them to share an IP address from the same subnet (192.168.88.0/24). It is achieved by the following default configuration:
interface BVI1
ip address dhcp client-id GigabitEthernet0
interface Dot11Radio0
no ip address
bridge-group 1
interface Dot11Radio1
no ip address
bridge-group 1
interface GigabitEthernet0
no ip address
bridge-group 1
Assign a static IP address to the interface BVI1. This IP address will be used for remote AP configuration, either using CLI or via the web interface:
ap> enable
ap# conf t
ap(config)# interface gigabitEthernet 0
ap(config-if)# ip address 192.168.88.150 255.255.255.0
ap(config-if)# no shutdown
Set the default gateway:
ap(config)# ip default-gateway 102.168.88.1
4. Configuring SSH and User Authentication
Configure the enable secret password for access to the privileged EXEC mode:
ap(config)# enable secret cisco
Enable SSH for secure management access. Set the domain name, enable SSH version 2 and generate RSA keys for encryption:
ap(config)# ip domain-name home.local
ap(config)# ip ssh version 2
ap(config)# crypto key generate rsa encryption modulus 4096
Configure the virtual terminal (VTY) lines to use local login and accept SSH connections only:
ap(config)# line vty 0 15
ap(config-line)# login local
ap(config-line)# transport input ssh
ap(config-line)# exit
Create a user account with a secret password:
ap(config)# username admin secret cisco
Note: If you encounter the following error while connecting to the AP from a modern Linux distribution via SSH:
"Unable to negotiate with 192.168.88.150 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
You need to update the SSH configuration file on your Linux system. Add the following lines to /etc/ssh/ssh_config:
Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Restart the SSH daemon to apply the changes:
Linux# systemctl restart ssh
5. Wireless Network Configuration
Configure the 2.4 GHz and 5 GHz radios with respective SSIDs. The interface Dot11Radio0 is the 802.11N 2.4GHz radio, and Dot11Radio1 is the 802.11N 5GHz radio. The Cisco_AP1 will be the SSID for the 2.4GHz band, and Cisco_AP2 will be the SSID for the 5GHz band.
5.1 SSID Cisco_AP1 for 2.4GHZ Radio
ap(config-ssid)# dot11 ssid Cisco_AP1
ap(config-ssid)# authentication open
ap(config-ssid)# authentication key-management wpa version 2
ap(config-ssid)# wpa-psk ascii cisco123.
ap(config-ssid)# guest-mode # broadcast SSID
Assign the SSID to the 2.4 GHz radio:
ap(config)# interface dot11Radio 0
ap(config-if)# #channel least-congested 1 6 11 # allow AP to choose the best channel to use and restrict it to the 3 non-overlapping channels of 1 6 or 11
ap(config-if)# ssid Cisco_AP1
ap(config-if)# encryption mode ciphers aes
ap(config-if)# power local max # maximize transmit power of the AP
ap(config-if)# power client max # requested maximum tx power of clients
ap(config-if)# no shutdown
5.2 SSID Cisco_AP2 for 5GHz Radio
ap(config-ssid)# dot11 ssid Cisco_AP2
ap(config-ssid)# authentication open
ap(config-ssid)# authentication key-management wpa version 2
ap(config-ssid)# wpa-psk ascii cisco123.
ap(config-ssid)# guest-mode
Assign the SSID to the 5Gz GHz radio:
ap(config)# interface dot11Radio 1
ap(config-if)# channel 5180
ap(config-if)# ssid Cisco_AP2
ap(config-if)# encryption mode ciphers aes
ap(config-if)# no shutdown
6. Debugging
6.1 Checking Broadcasted SSIDs
The command bellow displays the Basic Service Set Identifier (BSSID) information for the configured wireless interfaces. The output shows the interfaces, their respective BSSIDs, and the SSIDs being broadcast.
ap# show dot11 bssid
Figure 2 - Checking Broadcasted SSID
In this example, Dot11Radio0 (2.4 GHz radio) is broadcasting the SSID "Cisco_AP1" with BSSID 00xx.xxxx.xxxx, and Dot11Radio1 (5 GHz radio) is broadcasting the SSID "Cisco_AP2" with BSSID 00xx.xxxx.xxx. Both SSIDs are configured as guest networks.
6.2 Checking Associated Clients
The command bellow provides detailed information about the 802.11 client stations associated with the access point on each radio interface. This includes the clients' MAC addresses and their assigned IP addresses.
ap# show dot11 associations
Figure 3 - Checking Clients Associations
- On Dot11Radio0 (2.4 GHz radio), the client with MAC address 9c28.f762.f0da is connected to SSID Cisco_AP1 and has been assigned the IP address 192.168.88.203.
- On Dot11Radio1 (5 GHz radio), the client with MAC address 7032.1745.8db9 is connected to SSID Cisco_AP2 and has been assigned the IP address 192.168.88.215.
- Both clients do not have an IPv6 address assigned, as indicated by the ::.
Conclusion
In conclusion, configuring the Cisco Aironet AIR-AP1142N-E-K9 involves several essential steps. Firstly, it is crucial to reset the device to its default settings. Subsequently, setting up the management interface is necessary, followed by configuring the wireless radios for both 2.4 GHz and 5 GHz bands.
The access point offers reliable connectivity and helps mitigate interference issues. It ensures secure and efficient wireless communication. By following this guide, you can optimize the performance of your access point, ensuring it is ready for effective use.