The Cisco Aironet AIR-AP1142N-E-K9 is a versatile, legacy dual-band access point that uses 802.11n (Wi-Fi 4) wireless technology. This access point supports both the 2.4 GHz and 5 GHz bands, providing users with flexibility in their wireless network setup.
While it does not match the speed of the newer 802.11ac (Wi-Fi 5) standard, the 1142N is still a reliable choice, particularly in environments with electromagnetic interference from devices like microwave ovens and cordless phones.
This guide will walk you through the configuration steps necessary to set up the Cisco Aironet AIR-AP1142N-E-K9 which is converted to Autonomous mode.
As shown in Figure 1, Cisco AP1142 is connected via its Gi0 interface to the Mikrotik router. The purpose of the Cisco AP is to extend the coverage of the wireless network configured on the Mikrotik router. The Cisco AP 1142 supports the 802.3af Power over Ethernet (PoE) standard. It has a distance limit of 100 meters for cable, which greatly extends the coverage of the Mikrotik wireless network.
The IP address of the Mikrotik router is 192.168.88.1. This is the default gateway address for the Cisco AP. We will later assign the IP address 192.168.88.150 to the Cisco AP.
Address plan:
- Cisco APv1142 BVI1: 192.168.88.150/24
- Mikrotik hAP ac3: 192.168.88.1/24
Picture 1 - Cisco Access Point 1142 Connected to Mikrotik Router
1. Checking Access Point Mode
If there is "LAP" or "CAP" in the part number, the AP is shipped in Lightweight mode. For instance, if your AP is labeled AIR-LAP1142N-E-K9, it is initially in Lightweight mode. You would need to convert it to Autonomous mode if desired.
To determine whether your AP is configured in Lightweight or Autonomous mode, display the information using the CLI command show version. Autonomous APs have "K9W7" in their image name, while Lightweight APs have "K9W8".
ap> show version | incl flash:/
System image file is "flash:/c1140-k9w7-mx.153-3.JD/c1140-k9w7-xx.153-3.JD"
In the example above, the system image file contains "k9w7", indicating that the AP is in Autonomous mode. If your AP is in Lightweight mode, you can convert it to Autonomous mode using the following guide.
2. Erasing NV Memory and IOS Environment Variables
Before starting the configuration, it is important to reset the access point to its default settings. This ensures that any previous configurations do not interfere with the new setup.
ap> enable
ap# delete nvram:startup-config
ap# reload
This sequence deletes the startup configuration, including any static IP addresses.
3. Configuring Management Interface
After rebooting, the access point receives an IP address from a DHCP server via the BVI interface. The Bridge Virtual Interface (BVI) is a virtual interface that acts like a normal router interface. The BVI1 bridges the Dot11Radio0, Dot11Radio1, and GigabitEthernet0 interfaces. This allows them to share an IP address from the same subnet (e.g. 192.168.88.0/24). It is achieved by the following default configuration:
interface BVI1
ip address dhcp client-id GigabitEthernet0
interface Dot11Radio0
no ip address
bridge-group 1
interface Dot11Radio1
no ip address
bridge-group 1
interface GigabitEthernet0
no ip address
bridge-group 1
Assign a static IP address to the interface BVI1. This IP address will be used for remote AP configuration, either using CLI or via the web interface:
ap> enable
ap# conf t
ap(config)# interface gigabitEthernet 0
ap(config-if)# ip address 192.168.88.150 255.255.255.0
ap(config-if)# no shutdown
Configure the default gateway IP address:
ap(config)# ip default-gateway 192.168.88.1
Note: If BVI1 is not present in the running-config, we need to create it by enabling integrated routing and bridging (IRB). This command enables the device to route between bridged interfaces.
ap(config)# bridge irb
After enabling IRB, specify the protocol IP to be routed within the bridge group.
ap(config)# bridge 1 route ip
Check if the GigabitEthernet interface is part of bridge group 1. If not, assign it to the bridge group.
ap(config)# interface GigabitEthernet0
ap(config-if)# bridge-group 1
4. Configuring SSH and User Authentication
Configure the enable secret password for access to the privileged EXEC mode:
ap(config)# enable secret cisco
Enable SSH for secure management access. Set the domain name, enable SSH version 2 and generate RSA keys for encryption:
ap(config)# ip domain-name home.local
ap(config)# ip ssh version 2
ap(config)# crypto key generate rsa encryption modulus 4096
Configure the virtual terminal (VTY) lines to use local login and accept SSH connections only:
ap(config)# line vty 0 15
ap(config-line)# login local
ap(config-line)# transport input ssh
ap(config-line)# exit
Create a user account with a secret password:
ap(config)# username admin secret cisco
Note: If you encounter the following error while connecting to the AP from a modern Linux distribution via SSH:
"Unable to negotiate with 192.168.88.150 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
You need to update the SSH configuration file on your Linux system. Add the following lines to /etc/ssh/ssh_config:
Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Restart the SSH daemon to apply the changes:
Linux# systemctl restart ssh
5. Wireless Network Configuration
Configure the 2.4 GHz and 5 GHz radios with their respective SSIDs. The interface Dot11Radio0 represents the 802.11N 2.4GHz radio, while Dot11Radio1 represents the 802.11N 5GHz radio. For easier identification, assign the SSID Cisco_AP1 to the 2.4GHz band and Cisco_AP2 to the 5GHz band.
Alternatively, it is also perfectly fine to use a single SSID for both radios. In such cases, clients will typically prefer to connect to the 5GHz band when it is available.
5.1 SSID Cisco_AP1 for 2.4GHZ Radio
ap(config-ssid)# dot11 ssid Cisco_AP1
ap(config-ssid)# authentication open
ap(config-ssid)# authentication key-management wpa version 2
ap(config-ssid)# wpa-psk ascii cisco123.
ap(config-ssid)# guest-mode # broadcast SSID
Assign the SSID Cisco_AP1 to the 2.4 GHz radio:
ap(config)# interface dot11Radio 0
ap(config-if)# channel least-congested 1 6 11
ap(config-if)# station-role root # AP is bridge
ap(config-if)# ssid Cisco_AP1
ap(config-if)# encryption mode ciphers aes-ccm
ap(config-if)# power local max # maximize transmit power of the AP
ap(config-if)# power client max # requested maximum tx power of clients
ap(config-ssid)# world-mode dot11d country-code SK indoor
ap(config-if)# no shutdown
Note: To avoid interference in the 2.4 GHz Wi-Fi band, Channels 1, 6, and 11 are preferred because they do not overlap in frequency (Figure 2). For this reason, we used the command channel least-congested 1 6 11 to allow the AP to choose the least congested channel while restricting it to the three non-overlapping channels: 1, 6, or 11,
Picture 2 - Non-overlapping channels in 2.4 GHz band
Note: When world mode is enabled, the access point broadcasts regulatory information in its beacon frames and probe responses. Wireless clients that support 802.11d adjust their settings (e.g., channel and power) to match the regulations of the country specified in the country code.
5.2 SSID Cisco_AP2 for 5GHz Radio
ap(config-ssid)# dot11 ssid Cisco_AP2
ap(config-ssid)# authentication open
ap(config-ssid)# authentication key-management wpa version 2
ap(config-ssid)# wpa-psk ascii cisco123.
ap(config-ssid)# guest-mode
Assign the SSID Cisco_AP2 to the 5Gz GHz radio:
ap(config)# interface dot11Radio 1
ap(config-if)# channel 36 # Channel 36 corresponds to 5180 MHz
ap(config-if)# no dfs band block # use channels that should have enabled DFS (channels with enabled radar detection)
ap(config-if)# station-role root
ap(config-if)# ssid Cisco_AP2
ap(config-if)# encryption mode ciphers aes-ccm
ap(config-if)# world-mode dot11d country-code sk
ap(config-if)# no shutdown
The Figure 3 illustrates three non-overlapping channels in the 5 GHz Wi-Fi band: Channel 36, Channel 40, and Channel 44. Each access point operates on a separate channel to minimize interference between overlapping coverage areas.
Picture 3 - Non-overlapping channels in 2.4 GHz band
Note: By default, some APs block the use of DFS channels to avoid the complexity of radar detection. Using no dfs band block enables the AP to use DFS channels, increasing the number of available 5 GHz channels and reducing congestion.
Note: Cisco IOS represents the channel in terms of its frequency. The channel number is determined using the formula:
Channel Frequency (MHz) = 5000 MHz + (Channel Number × 5 MHz)
For Channel Number = 36, substitute into the formula: 5000+(36×5)=5180 MHz . Thus, 5180 MHz corresponds to Channel 36.
6. Debugging
6.1 Checking Broadcasted SSIDs
The command bellow displays the Basic Service Set Identifier (BSSID) information for the configured wireless interfaces. The output shows the interfaces, their respective BSSIDs, and the SSIDs being broadcast.
ap# show dot11 bssid
Picture 5 - Checking Broadcasted SSID
In this example, Dot11Radio0 (2.4 GHz radio) is broadcasting the SSID "Cisco_AP1" with BSSID 00xx.xxxx.xxxx, and Dot11Radio1 (5 GHz radio) is broadcasting the SSID "Cisco_AP2" with BSSID 00xx.xxxx.xxx. Both SSIDs are configured as guest networks.
6.2 Checking Associated Clients
The command bellow provides detailed information about the 802.11 client stations associated with the access point on each radio interface. This includes the clients' MAC addresses and their assigned IP addresses.
ap# show dot11 associations
Figure 6 - Checking Clients Associations
- On Dot11Radio0 (2.4 GHz radio), the client with MAC address 9c28.f762.f0da is connected to SSID Cisco_AP1 and has been assigned the IP address 192.168.88.203.
- On Dot11Radio1 (5 GHz radio), the client with MAC address 7032.1745.8db9 is connected to SSID Cisco_AP2 and has been assigned the IP address 192.168.88.215.
- Both clients do not have an IPv6 address assigned, as indicated by the ::.
Conclusion
In conclusion, configuring the Cisco Aironet AIR-AP1142N-E-K9 involves several essential steps. Firstly, it is crucial to reset the device to its default settings. Subsequently, setting up the management interface is necessary, followed by configuring the wireless radios for both 2.4 GHz and 5 GHz bands.
The access point offers reliable connectivity and helps mitigate interference issues. It ensures secure and efficient wireless communication. By following this guide, you can optimize the performance of your access point, ensuring it is ready for effective use.