Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

881W wireless configuration help

Trying to configure this spare 881W but running into difficulties.. I've worked with some of the other Wireless ISR but this one looks way different. even where the interface Dot11Radio0 is access to be configured. I don't have Smartnet on this guy to reach out to TAC.

Then LAN side seems to work. I can plug a pc into port 3 and and an IP address and browse. Port FA4 to my ISP is working..

I really just want 2 vlan. Vlan 1 to be LAN , Vlan 2 to be for wireless and attached to one SSID. What do you  do with you get console over to the wlan-ap0 interface. The AP is running  ap801-k9w7-mx.124-10b.JA3 but I thought I saw some post about how important it is to upgrade or you can't even browse to it to use the GUI ?  I configured the ssid and but can't even see it broadcast yet.. I can't even find ap801xxxxxx software on the cisco site...

so far my configuration is

ip dhcp excluded-address 10.10.20.1 10.10.20.2
ip dhcp excluded-address 10.10.10.1 10.10.10.2
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   dns-server 8.8.8.8 4.2.2.2
   lease 0 2
!
ip dhcp pool vlan2
   import all
   network 10.10.20.0 255.255.255.248
   default-router 10.10.20.1
   dns-server 8.8.8.8 4.2.2.2
   lease 0 2

bridge irb
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.60.1 255.255.255.248
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport access vlan 2
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1442
bridge-group 2
!
interface BVI1
no ip address
!
interface BVI2
ip address 10.10.20.1 255.255.255.248
ip nat inside
ip virtual-reassembly

ip nat inside source list vlan1 interface FastEthernet4 overload
ip nat inside source list vlan2 interface FastEthernet4 overload
!

bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip

--------

ap side

------

!
no aaa new-model
!
!
!
dot11 ssid dluser
   vlan 1
   authentication open
   authentication shared
   guest-mode
!
dot11 ssid dluser1
   vlan 2
   authentication open
   authentication shared
   guest-mode
!

!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid dluser
!
speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!

any help appreciated..

Regards

Mark

9 REPLIES
Cisco Employee

Re: 881W wireless configuration help

Hi Mark,

Is your ap's bvi interface picking up an ip address via dhcp?  Make sure you can ping it from the pc that you're trying to manage it from.

Your ssid's probably aren't showing up because you're trying to advertise multiple ssid's, so you'll need to configure mbssid on the ssid's and the dot0 interface.

Here's a good example:

http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap7-mbssid.html#wp1050468

hth

jeff

New Member

Re: 881W wireless configuration help

Brian, I'm not sure what you mean when your send is the bvi getting a dhcp IP address. On the router side, it's hard coded in. On the AP configuration side , the answer is yes, it picked it up..

I attempted earlier to limit myself to one ssid on the dot11 interface so to make it easier for troubleshooting but that didn't help. I really only need one ssid.  The strange thing is that the interface shows reset , down everytime I add the command 'guest-mode'..  if I removed, the dot11radio0 interface comes up..

New Member

Re: 881W wireless configuration help

I used trunking to create the backplane network over to the AP - have a few rolled out this way.

You get on the AP by typing "service-module wlan-ap 0 session"

Router#

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan8

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport trunk native vlan 8

switchport mode trunk

interface Vlan8

ip address 10.10.18.118 255.255.255.248

no ip redirects

no ip unreachables

ip inspect fw-insp in

ip virtual-reassembly

ip tcp adjust-mss 1360

ap#

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 8 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp client-id GigabitEthernet0

no ip route-cache

New Member

Re: 881W wireless configuration help

Brian, I dont' see anything on your config that deals with the wireless SSID portion. That's the main problem I'm having right now. I need to somehow be able to get the Dot11Radio0 configured with the right ssid and have the router assigned the dhcp address to the via a dhcp pool. I'm actually got the lan side of it up this way. I've created the vlan and the dhcp pool. If a pc plugged in to one of the port, it will connect and pick up one of the IP address. Just need to do this via the wireless portion , set to another vlan and created the SSID.

Thanks

New Member

Re: 881W wireless configuration help

Here's my full wireless config

aaa new-model

!

aaa group server radius aaa-server

server-private 10.2.254.149 auth-port 1812 acct-port 1813 key ****

server-private 10.56.254.101 auth-port 1812 acct-port 1813 key ****

!

aaa authentication login eap_methods group aaa-server

!

aaa session-id common

!        

!

dot11 syslog

!

dot11 ssid Quintiles

   vlan 8

   authentication open eap eap_methods

   authentication key-management wpa

   guest-mode

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

no shut

!

encryption vlan 8 mode ciphers aes-ccm

!

broadcast-key vlan 8 change 600

!

!

ssid Quintiles

!

antenna gain 0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 8 native

no ip route-cache

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 8 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp client-id GigabitEthernet0

no ip route-cache

!

No ip http server

no ip http secure-server

bridge 1 route ip

!

!

!

line con 0

privilege level 15

no activation-character

line vty 0 4

!

cns dhcp

end

New Member

Re: 881W wireless configuration help

Brian

I took some snippet of your config and made some changes  but while I can connect to the SSID of dluser1 ( same as before ) , I still  can't pick up a dhcp address on the wireless client. The dhcp pool sits on the router side.

here's my current config from both router and AP. I'm trying to use  vlan 1 as the wireless side..

ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.20.1
!
ip dhcp pool vlan1
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   dns-server 8.8.8.8 4.2.2.2
   lease 0 2
!
ip dhcp pool vlan2
   import all
   network 10.10.20.0 255.255.255.248
   default-router 10.10.20.1
   dns-server 8.8.8.8 4.2.2.2
   lease 0 2

interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk

interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.1.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1442

interface BVI1
no ip address
ip nat inside
ip virtual-reassembly
!
interface BVI2
no ip address
ip nat inside
ip virtual-reassembly

ip nat inside source list vlan1 interface FastEthernet4 overload
ip nat inside source list vlan2 interface FastEthernet4 overload

bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip

----------

ap

--------

dot11 ssid dluser1
   vlan 1
   authentication open

ssid dluser1

interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled

interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache

bridge 1 route ip

New Member

Re: 881W wireless configuration help

Ok, I seem to have solved the problem.. I moved the scope to the AP side instead. then tied in the ip address on both BVI1 interface on the AP side and then vlan 1 on the router side.  Make sure that they are all on bridge group 1, radio interface and  including of course the SSID. Not even sure if I needed the sub interfaces but seem to be a nicer way to tie all together regardless. Thanks to all who responded.  Especially Brian.

Regards

Cisco Employee

Re: 881W wireless configuration help

Mark,

What do you mean when you say you moved the scope over? I am having the same problem with the wireless giving my laptop a dhcp address.

You mind posting your configs from the router and ap please?

thanks,

Sean

New Member

881W wireless configuration help

Sean, it's been a while but I think I mean when you switch between the AP and ther router portion of the configuration..

eventuanlly this is when I have done to get it to work..

ip dhcp excluded-address 10.10.20.1 10.10.20.10
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool vlan2
   import all
   network 10.10.20.0 255.255.255.0
   default-router 10.10.20.1
   dns-server 8.8.8.8 4.2.2.2
   lease 0 2
!
ip dhcp pool vlan1
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 8.8.8.8 4.2.2.2
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
!
!
username dlcisco privilege 15 secret xxxxx!
!
!
archive
log config
  hidekeys
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
switchport access vlan 2
duplex full
speed 100
!
interface FastEthernet3
switchport access vlan 2
duplex full
speed 100
!
interface FastEthernet4
ip address x.x.x.x 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip access-group NO-INTRA-TRAFFIC in--- I'm just trying to block the 2 vlan from seeing each other.
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1442
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list vlan1 interface FastEthernet4 overload
ip nat inside source list vlan2 interface FastEthernet4 overload
!

ip access-list standard vlan1
permit 10.10.10.0 0.0.0.255
ip access-list standard vlan2
permit 10.10.20.0 0.0.0.255


ip access-list extended NO-INTRA-TRAFFIC
deny   ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip any any
!
access-list 23 permit 10.10.20.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!

^C
!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

DLHOMErouter#

switch over to the router side..


Trying 10.10.10.1, 2002 ... Open

Building configuration...

Current configuration : 3716 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ap.yourdomain.com.
!
enable secretxxx

!
no aaa new-model
no ip domain lookup
!
!
dot11 syslog
!
dot11 ssid LAN2
   vlan 2
   authentication open
   mbssid guest-mode
!
dot11 ssid dluser1
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 0 testtest
!
!
!
username cisco privilege 15 secret xxx

username dlcisco privilege 15 secret xxx!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm tkip

ssid LAN2
!
ssid dluser1
!
antenna gain 0
mbssid
speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0
basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m
6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 10.10.10.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
end

ap.yourdomain.com.#

3977
Views
5
Helpful
9
Replies
CreatePlease to create content