Flashing a Cisco 1130AG WAP to Autonomous Mode

The Cisco 1130AG can ship as a lightweight WAP, designed to connect to a Wireless LAN Controller for its configuration and setup. However, sometimes you just want it to act like a basic WAP – this is how you reflash the device as such.

  1. Probably the most annoying/difficult step – download the firmware from cisco.com for your specific model.
  2. Download and install a TFTP Server. I use 3CDaemon, but it appears discontinued. You might try this TFTP Server.
  3. You’ll want to connect a laptop or desktop to the same L2 Collision Domain (same VLAN, etc) as the WAP(s). On that NIC, configure an IP address of 10.0.0.2 (or .3->.30), /24.
  4. Start your TFTP Server. Place the firmware you downloaded in whatever root folder is used by the TFTP software and rename it c1130-k9w7-tar.default (different models will have different file names).
  5. Unplug the device, and then plug it back in while holding the Mode button down. Wait 20 seconds until the R light turns solid red. At this point:
    1. The WAP will assume an IP Address of 10.0.0.1;
    2. It will attempt to download the above filename using TFTP from 10.0.0.2
    3. If it does not connect or see that file, it will repeat for 10.0.0.3 through 10.0.0.30.
    4. Once the file is downloaded, it will flash and reboot to factory defaults.
  6. Check your DHCP Server for a lease matching the device’s MAC address (mine began with 68:EF:BD) and telnet to the device’s IP.
  7. Log in with Username = Cisco, Password = Cisco.
  8. Copy your favorite config file over.

Here’s what the Cisco 1130AG looks like:
Cisco_1130AP

Speaking of which, a typical configuration might look like this:

!
! Last configuration change at 18:15:28 UTC Thu May 14 2015 by Cisco
! NVRAM config last updated at 18:15:31 UTC Thu May 14 2015 by Cisco
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wap-hostname-here
!
logging rate-limit console 9
enable secret 5 <Redacted>
!
no aaa new-model
ip domain name your-domain.local
ip name-server 192.168.1.10
ip name-server 192.168.1.11
!
!
dot11 syslog
!
dot11 ssid YOUR-SSID-HERE
 authentication open 
 authentication key-management wpa version 2
 guest-mode
 wpa-psk ascii 7 <Redacted>
!
!
!
username Cisco privilege 15 password 7 <Redacted>
username second-admin privilege 15 password 7 <Redacted>
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm tkip 
 !
 ssid YOUR-SSID-HERE
 !
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1 (Management Address)
 ip address 192.168.1.12 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging 192.168.1.254 (Syslog Server)
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
sntp server 192.168.1.10
sntp server 192.168.1.11
end