Routing problems on a 4402

Unanswered Question
Nov 5th, 2008

I currently have a WLC 4402 connected via a trunk to a Cisco 3750 (GigaBit1/0/1). All AP's are connected into this switch and can contact the WLC.

The 3750 is then connected to a 2750 (FE0/2) via a trunk and this is connected to a 7204 Router for external internet access.This has a public ip address in the following range of 194.x.x.x

So far:

I have Created VLAN 10 for Guest Access:

WLC Controller Interface 10.0.0.10

Created a sub-interface on the External Router:

10.0.0.50

The WLC is handling the DHCP with a range of 10.0.0.100 -> 10.0.0.150

Clients are assigned an Ip address in the 10.0.0.100 range successfully.

I can ping the external router Gateway ip from the 10.0.0.100 range.

My problem is - the clients cannot connect to the Internet. I think It may have something to do with the routing on the router.

Any help would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
dennischolmes Wed, 11/05/2008 - 07:01

Do you have a firewall in place as well? You would have to permit the traffic.

g.roselt Wed, 11/05/2008 - 07:04

No firewall. Its just straight internet connectivity via the router to the internet.

dennischolmes Wed, 11/05/2008 - 07:06

Sounds like you have a ACL issue on the router then. Try to ping a client device from a pc on a different vlan.

g.roselt Wed, 11/05/2008 - 07:10

There are no ACL issues - its a basic router config. But I can ping the 10.0.0.101 address which has been assigned to my laptop over the wrieless network.

Would it help if I sent you an amended copy of my router config?

mark.cronin Wed, 11/05/2008 - 07:25

What device is handling NAT translation so that you can access the internet?

g.roselt Wed, 11/05/2008 - 07:29

That could be the problem. there is no device handling any NAT translations.

Any suggestions on what I could use and where in the link it would fit?

mark.cronin Wed, 11/05/2008 - 07:49

ip nat pool mypool 194.x.x.x 192.x.x.x prefix 30

!

access-list 1 permit 10.0.0.0 0.0.0.255

Could try it on your internet facing router

!

ip nat inside source list 1 pool mypool overload

!

interface ethernet 0

ip nat inside

!

interface serial 0

ip nat outside

mark.cronin Wed, 11/05/2008 - 07:50

Try this on your interent facing router

ip nat pool mypool 194.x.x.x 194.x.x.x prefix 30

!

access-list 1 permit 10.0.0.0 0.0.0.255

!

ip nat inside source list 1 pool mypool overload

!

interface ethernet 0

ip nat inside

!

interface serial 0

ip nat outside

mark.cronin Wed, 11/05/2008 - 07:57

Also within your DHCP scope you will

need to provide a internet DNS Server

g.roselt Wed, 11/05/2008 - 08:04

Hi Mark,

Thanks for your response. I have just been on the CCNA course, so trying to remember all the commands.

The command: ip nat pool mypool 194.x.x.x 194.x.x.x prefix 30

Would that be the ip address of the External Router?

mark.cronin Wed, 11/05/2008 - 08:11

From your original post

"connected to a 7204 Router for external internet access.This has a public ip address in the following range of 194.x.x.x"

You need to select an IP address from the 194.x.x.x subnet that the 7204 router.

All of your guest wireless clients will then use this address to access the internet.

Can you post the config of the router -

delete any security info

Mark

g.roselt Wed, 11/05/2008 - 08:17

version 12.2

!

no logging buffered

!

ip subnet-zero

ip cef

!

ip name-server 192.12.72.109

ip name-server 128.86.8.25

ip name-server 138.38.32.3

ip name-server 138.38.146.21

ip name-server 141.163.1.250

!

no call rsvp-sync

!

interface FastEthernet0/0

description Link to External Switch

ip address 194.80.x.x 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/0.1

description Guest_Access VLAN

encapsulation dot1Q 10

ip address 20.0.0.50 255.0.0.0

!

interface FastEthernet0/1

description Link to ISP

ip address 194.82.x.x4 255.255.255.252

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 194.82.x.x3

ip http server

ip http authentication local

!

ntp clock-period 17179766

ntp server 194.82.125.73

mark.cronin Wed, 11/05/2008 - 08:26

is the guest access vlan the one that hosts the WLC?

I think this is what you need -

ip nat pool mypool 194.82.x.4 194.82.x.4 prefix 30

!

access-list 1 permit 20.0.0.0 0.0.0.255

!

ip nat inside source list 1 pool mypool overload

!

interface FastEthernet0/0.1

description Guest_Access VLAN

encapsulation dot1Q 10

ip address 20.0.0.50 255.0.0.0

ip nat inside

!

interface FastEthernet0/1

description Link to ISP

ip address 194.82.x.x4 255.255.255.252

ip nat outside

!

!

ip route 0.0.0.0 0.0.0.0 194.82.x.x3

!

!

mark.cronin Wed, 11/05/2008 - 08:27

is the guest access vlan the one that hosts the WLC?

I think this is what you need -

ip nat pool mypool 194.82.x.4 194.82.x.4 prefix 30

!

access-list 1 permit 20.0.0.0 0.0.0.255

!

ip nat inside source list 1 pool mypool overload

!

interface FastEthernet0/0.1

description Guest_Access VLAN

encapsulation dot1Q 10

ip address 20.0.0.50 255.0.0.0

ip nat inside

!

interface FastEthernet0/1

description Link to ISP

ip address 194.82.x.x4 255.255.255.252

ip nat outside

!

!

ip route 0.0.0.0 0.0.0.0 194.82.x.x3

!

!

mark.cronin Wed, 11/05/2008 - 08:27

is the guest access vlan the one that hosts the WLC?

I think this is what you need -

ip nat pool mypool 194.82.x.4 194.82.x.4 prefix 30

!

access-list 1 permit 20.0.0.0 0.0.0.255

!

ip nat inside source list 1 pool mypool overload

!

interface FastEthernet0/0.1

description Guest_Access VLAN

encapsulation dot1Q 10

ip address 20.0.0.50 255.0.0.0

ip nat inside

!

interface FastEthernet0/1

description Link to ISP

ip address 194.82.x.x4 255.255.255.252

ip nat outside

!

!

ip route 0.0.0.0 0.0.0.0 194.82.x.x3

!

!

ccolom Wed, 12/10/2008 - 11:33

Are the 10.0.0.100 -> 10.0.0.150 IPs going through a FW? An ASA or PIX?

cc

Actions

This Discussion