Cisco 1252 won't connect motorola MC9090

[insureme]

I am at a loss on this. I've got 18 CAPWAP AP's at one facility running wpa PSK with TKIP encryption. these MC9090 handheld units can connect with no problem. recently we setup a remote office, also using Cisco 1252 AP's running in Autonomouse mode. the handhelds will not connect to the remote site wireless no matter what I do. I can use the wireless in that building without any problems from my laptop, or smartphone, but these guns just won't link up. The only message in the guns log is that it found the SSID, tried to connect, and then timed out. If anyone's got any suggestions i'd be happy to hear them. below is my Autonamouse units configs. they are meant to look just like the other infrastructure devices

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap1
!
enable secret
!
aaa new-model
!
!
aaa group server radius rad_eap
server x.x.x.x auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius local_rad
server x.x.x.x auth-port 1812 acct-port 1813
!
aaa authentication login default group tacacs+ local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login wds-server group local_rad
aaa authorization exec default group tacacs+ local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone CST -6
clock summer-time DST recurring
no ip domain lookup
ip domain name ...
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
dot11 vlan-name DATA vlan 40
dot11 vlan-name SERVERS vlan 4
!
dot11 ssid ...
vlan 40
authentication open
authentication key-management wpa
wpa-psk ascii
!
!
!
username ... privilege 15
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
encryption vlan 40 mode ciphers tkip
!
ssid ...
!
antenna receive middle
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2.
m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
power client local
station-role root access-point
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
encryption vlan 40 mode ciphers tkip
!
ssid ...
!
dfs band 3 block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6.
m7. m8. m9. m10. m11. m12. m13. m14. m15.
power client local
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
no bridge-group 40 source-learning
bridge-group 40 spanning-disabled
!
interface BVI1
ip address x.x.x.x y.y.y.y
no ip route-cache
!
ip default-gateway x.x.x.x
ip http server
ip http authentication aaa login-authentication default
no ip http secure-server
ip http help-path

http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1
logging x.x.x.x
snmp-server community ...
snmp-server location ...
snmp-server contact IT Dept.
snmp-server enable traps tty
tacacs-server host ... key
tacacs-server directed-request
radius-server local
no authentication eapfast
no authentication mac
nas ... key
user ap2 nthash
user ap3 nthash
!
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key
02
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp ap eap profile rad_eap
wlccp authentication-server infrastructure wds-server
wlccp wds priority 245 interface BVI1
!
line con 0
line vty 5 15
!
sntp server x.x.x.x
sntp broadcast client
end

 

[richdf]

Hi insureme,

Is this problem ongoing?

"The only message in the guns log is that it found the SSID, tried to connect, and then timed out." - For connection time-outs, it may be worth increasing the WPA timeout on the AP, as Cisco IOS 12.4 default timeout is 100ms, but can be changed up to 2000ms here.

Otherwise, it may be worth checking the power settings on the MC9090s & changing from PSP to CAM (may affect battery performance tho).

HTH,

Rich

 

[insureme]

Thank you for the response. we did figure it out though. as it ends up the gun has a settings foe the regulatory domain using 801.11d. by disabling support for this protocol on the guns wireless configuration we were able to connect without issue. I'm assuming there is somewhere in the AP config you can turn this on, but as we would never use it, disabling the option to use 802.11d was a viable option for us.