Cisco 857W wireless clients dhcp issue after IOS upgrade

Unanswered Question
Jun 25th, 2010

I am having difficulty getting wireless clients to obtain an IP address from a Windows 2003 DHCP server.  The IOS bin was missing and I loaded the lasted IOS for this router.  Everything works except for wireless clients.  I have compared the old startup-config to the new startup-config and cannot figure this out.  I'm sure it's something simple and was hoping someone's eyes could see it.

Clients on the wired side are fine.  They get DHCP from the server and can get to the Internet.  The Guest wireless is fine as well, which uses DHCP on the router and not the Windows server.  The problem is only with DHCP on the private wireless.

Current configuration : 5530 bytes
!
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MyRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$xxxxxxxxxxxxxxxxxxxxxxxxor.
enable password 7 10xxxxxxxxxxxxxx02
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2540506638
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2540506638
revocation-check none
rsakeypair TP-self-signed-2540506638
!
!
crypto pki certificate chain TP-self-signed-2540506638
certificate self-signed 01
dot11 syslog
!
dot11 ssid MySSID
   vlan 1
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 144xxxxxxxxxxxxxxxx962
!
dot11 ssid MySSIDGuest
   vlan 20
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 1113xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx020517
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.254.1 192.168.254.9
!
ip dhcp pool VLAN20
   import all
   network 192.168.254.0 255.255.255.0
   default-router 192.168.254.1
   domain-name windows.local
   lease 4
!
!
ip cef
ip inspect name MYFW tcp
ip inspect name MYFW udp
ip inspect name MYFW ntp
ip inspect name MYFW ssh
no ip domain lookup
ip domain name windows.local
ip dhcp-server 192.168.1.2
!
vpdn enable
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no snmp trap link-status
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/35
  pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid MySSID
!
ssid MySSIDGuest
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip nat inside
ip virtual-reassembly
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN - routed WLAN
encapsulation dot1Q 20
ip address 192.168.254.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
no ip address
ip nat outside
ip virtual-reassembly
no cdp enable
!
interface Dialer1
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username [email protected] password 7 101xxxxxxxxxxxxxx113
ppp ipcp dns request
ppp ipcp address accept
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.2
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.2 9675 interface Dialer1 9675
!
ip access-list extended Guest-ACL
remark SDM_ACL Category=17
remark Auto generated by SDM for NTP (123) 128.105.39.11
permit udp host 128.105.39.11 eq ntp host 192.168.254.1 eq ntp
deny   ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
remark SDM_ACL Category=17
remark Auto generated by SDM for NTP (123) 128.105.39.11
permit udp host 128.105.39.11 eq ntp any eq ntp
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
permit tcp any host 192.168.1.2 eq 3389
permit tcp any host 192.168.1.2 eq 9675
permit ip any any
!
access-list 1 remark SDM_ACL Category=18
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.254.0 0.0.0.255
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 route ip
!
!
scheduler max-task-time 5000
end

Any help is greatly appreciated!


Thanks,

Jasen

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
belovell Tue, 06/29/2010 - 07:39

I see that you have a ip helper address on the BVI but it does not make any sense if the helper address is on the same subnet. ip helper is for off subnet.

Also I see the folowing commands on the dot1 radio interface

bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

Most of these commands are not expected on you average access point and could likely cause an issue. Unless you can articulate a good reason for using them they should be removed.

-Ben

jmmckenna Tue, 06/29/2010 - 08:10

I had removed the IP Helper Address as it was not working.  The additional bridge-group commands were in place prior to the IOS update and from my research, appears to be common practice? I have no issue removing them and will do so. 

I changed station-role root to station-role root access-point and have noticed a couple of wireless clients connected and obtained IP addresses.  Could this be the smoking gun? From what I read, it is supposed to use that role by default.

Thanks,

Jasen

jmmckenna Thu, 07/08/2010 - 20:33

belovell,

I'm still having the same problem.  I thought DHCP was working for my wireless clients, but turned out someone had a static IP address.  I tried to remove the extra bridge-group commands by placing a no in front of them on the do0.1 interface, but gives me an error.  When I say no bridge-group 1, they all go away.  When I say bridge-group 1, they all come back.

Any other suggestions?

Actions

This Discussion

Related Content