I am am having all kinds of problems with setting up my router. I finally got the LAN stuff to work but the wireless will not work its like something is blocking it but I dont see anything. I can ping from wireless to any IP address but I cannot open up web pages. You would think this is DNS issue but I my DNS l looks to be fine and the same DNS works on the 8 port switches on LAN side without issue. I also thought maybe its something to do wtih ACL but I dont see anything there either.
The first one gets my lan up and running, and the second one will let me get my wirelesss up and working and show my SSID but for some reason I am blocked from the internet as far as web pages, and perhaps blocked is not the correct term at this point as it could well be settings but in any case I cannot get there. My level of knowledge is around the CCENT 1, and part of the CCENT 2. I was studying for the first test with my home lab two routers and two older switches when I decided to buy this and since working on this my actual experience has pushed past the first test and pushing me to learn alot of new things. Many of the things in the AP I still dont understand from IOS perspective. all that bridging is a bit confusing and its not in my videos I study for the test.
Anyway I can really use some help and any extra input like if I have things on my router that I probably dont need starting out let me know as less is best so I can fully understand everything I am doing.
(I did find a bug with the 891W model: if you use the GUI and enable the wireless using CCP then you go into the command line and put in guest mode to show the ssid it bugs out and it will not show the SSID. You fix by going back into CCP and turning off SSID and then the command line will work and it shows up, weird huh, but anyway I just put that in here in case some other person is looking for 891W and runs across the error)
Edited: Ok I am adding a piece of information. I can ping google at 18.104.22.168 "from a my PC connected to the wireless AP" but when I Put that same IP into the browser it will not go through. So seems like ICMP is getting through but maybe HTTP and HTTPS are not? I may be on wrong track but seems related.
Note: When connected to the ethernet switch port 0 of the same router (its 8 port switch built in as well) I can get to all websites via browser without any issues. Its only with the wireless that I cannot.
Current configuration : 5658 bytes ! ! Last configuration change at 06:08:06 UTC Wed Jun 20 2012 by brian ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r1 ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 PASSWORD ! no aaa new-model ! ! ! service-module wlan-ap 0 bootimage autonomous ! crypto pki trustpoint TP-self-signed
(bunch of Blah blah blah info here)
ip source-route ! ! ip dhcp excluded-address 10.0.0.1 ! ip dhcp pool Wireless network 10.0.0.0 255.255.255.0 default-router 10.0.0.1 dns-server XX.XX.XX.XX ! ip dhcp pool WIREDLAN network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server XX.XX.XX.XX ! ! ip cef no ip domain lookup ip domain name MYDOMAIN ip inspect log drop-pkt ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO891W-AGN-A-K9 sn XXXXXXXX ! ! archive log config hidekeys username NAME privilege 15 secret 5 SOMEPASSWORD ! ! ! ! ! bridge irb ! ! ! ! interface FastEthernet0 spanning-tree portfast ! ! interface FastEthernet1 spanning-tree portfast ! ! interface FastEthernet2 spanning-tree portfast ! ! interface FastEthernet3 spanning-tree portfast ! ! interface FastEthernet4 shutdown spanning-tree portfast ! ! interface FastEthernet5 spanning-tree portfast ! ! interface FastEthernet6 spanning-tree portfast ! ! interface FastEthernet7 shutdown spanning-tree portfast ! ! interface FastEthernet8 description $ES_WAN$$FW_OUTSIDE$ ip address XXX.XXX.XXX.XXX 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly duplex auto speed auto ! ! interface GigabitEthernet0 description $ES_WAN$$FW_OUTSIDE$ no ip dhcp client request tftp-server-address no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly duplex auto speed auto ! ! interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan4 arp timeout 0 ! ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP switchport trunk native vlan 4 switchport mode trunk ! ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$ ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ! interface Vlan4 ip address 10.0.0.1 255.255.255.0 ! ! interface Async1 no ip address encapsulation slip ! ! ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list 1 interface FastEthernet8 overload ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx ! access-list 1 permit any access-list 100 permit ip any any access-list 101 permit ip any any no cdp run
! ! ! ! ! ! control-plane ! ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 login local line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin udptn ssh line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 end
Current configuration : 2778 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ap ! enable secret 5 SOMEPASSWORD no aaa new-model ! ! dot11 syslog ! dot11 ssid TEST vlan 4 authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 TEST123 ! ! ! username USERNAME privilege 15 secret 5 SomePassword ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 4 mode ciphers tkip ! broadcast-key vlan 4 change 30 ! ! ssid TEST ! antenna gain 0 station-role root ! interface Dot11Radio0.4 encapsulation dot1Q 4 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache ! ! broadcast-key vlan 4 change 30 ! antenna gain 0 dfs band 3 block channel dfs station-role root ! interface Dot11Radio1.4 encapsulation dot1Q 4 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface GigabitEthernet0 description the embedded AP GigabitEthernet 0 is an internal interface connecti ng AP with the host router no ip address no ip route-cache ! interface GigabitEthernet0.4 encapsulation dot1Q 4 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address dhcp no ip route-cache ! ip default-gateway 10.0.0.1 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag bridge 1 protocol ieee bridge 1 route ip ! !
line con 0 privilege level 15 login local no activation-character line vty 0 4 login local ! cns dhcp end
My Wireless client is assigning IPs. I get IP 10.0.0.0.3 I also checked to make sure I had a valid dns which I did. So that is all working perfectly.
I am still learning NAT, and while I understand the theory on it the CLI is still new because thats on the second CCENT 2 test which I have had to crash study for in order to get my new router up. I watched VLAN section and router and I am at the point where its talking about router on a stick but have not finished that.
I wondered about the difference between router on a stick and a router that has a switch built into it like the 891W. Does that communicate the same way?
Anyway I am at work today till 5pm, and while I have access to my router from work I have to disconnect all the internet each night because my kids are out for the summer and they throw a fit if the internet is down and they cannot play xbox lol... So I work in the evenings on this for the most part. I may go home today and go ahead and hook up the internet back to the router as kids and wife are not going to be out of the house till later this evening today.
Hopefully the NAT is the issue but I do have one question. If NAT was the problem would I be able to PING the IPaddresses wouldnt it drop any private IP that I tried to ping with?
Thats why I did not think it was NAT but I will certainly test that out.
Well adding IP NAT INSIDE to the Interface Vlan 4 fixed the issue.
I dont understand they why or how it fixed it though. I thought a private IP would be dropped by the ISP so how was I able to ping from the wirelessly assigned private NAT of 10.0.0.3 to the google IP? I would have thought I could not ping because the packets would be dropped on the ISP network without first being NAT.
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...