Solved: ASA5505-Catalyst3550-Wireless Access Point. Config Help

nathanmccoy · ‎11-15-2008

I have an ASA5505 connected to a Catalyst 3550.

I am trying to connect a wireless access point to the Catalyst interface FastEthernet0/2 and the ASA is not issuing DHCP addresses or access to the internet for my wireless clients, it does for the desktop. Before the ASA I was using a PIX501 and this setup worked fine but I'm missing something in one of my setups to allow the WAP to work with the ASA. Thanks in advance any help is appreciated. Below is my running config for both the ASA and the Catalyst.

----------------------------------------

ASA 5505: 10.19.77.1

Catalyst 3550: 10.19.77.16

WAP: 10.19.77.17

------------------------------------------

ASA Version 7.2(4)

!

hostname ciscoasa

domain-name default.domain.invalid

names

!

interface Vlan1

nameif inside

security-level 100

ip address 10.19.77.1 255.0.0.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

icmp deny any outside

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 10.19.77.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 10.19.77.2-10.19.77.33 inside

dhcpd enable inside

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

: end

ciscoasa#

--------Catalyst---------

hostname Catalyst

!

ip subnet-zero

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

description ASAconnection

switchport mode dynamic desirable

!

interface FastEthernet0/2

description WAP

switchport mode dynamic desirable

shutdown

!

interface FastEthernet0/3

description Desktop

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.19.77.16 255.0.0.0

!

ip default-gateway 10.19.77.1

ip classless

ip http server

!

end

glen.grant · ‎11-16-2008

Don't believe the wap will do dynamic trunking , you have to force on the trunk to the ap "switchport mode trunk" , if you plan on having mutliple vlans on the AP otherwise just make the port a "access" port in the vlan that the ap is to operate in . On the 3550 make sure it is a non routed port also with the "switchport" command on the ap port.

View solution in original post

Jon Marshall · ‎11-15-2008

Nathan

interface FastEthernet0/2

description WAP

switchport mode dynamic desirable

shutdown

should this interface be shutdown ?

Jon

nathanmccoy · ‎11-15-2008

Sorry about that. I had to edit the config I displayed in the post and I accidentally copied one of the ports that were shutdown.

interface FastEthernet0/2 is not shutdown.

Nathan

glen.grant · ‎11-16-2008

Don't believe the wap will do dynamic trunking , you have to force on the trunk to the ap "switchport mode trunk" , if you plan on having mutliple vlans on the AP otherwise just make the port a "access" port in the vlan that the ap is to operate in . On the 3550 make sure it is a non routed port also with the "switchport" command on the ap port.