Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

891 W CISCO891W-AGN-A-K9 Wireless

Hi,

I am am having all kinds of problems with setting up my router. I finally got the LAN stuff to work but the wireless will not work its like something is blocking it but I dont see anything. I can ping from wireless to any IP address but I cannot open up web pages. You would think this is DNS issue but I my DNS l looks to be fine and the same DNS works on the 8 port switches on LAN side without issue.  I also thought maybe its something to do wtih ACL but I dont see anything there either.

I built this using a couple of other web posts:

http://www.networkstraining.com/basic-cisco-800-router-configuration-for-internet-access/

https://supportforums.cisco.com/docs/DOC-16145

The first one gets my lan up and running, and the second one will let me get my wirelesss up and working and show my SSID but for some reason I am blocked from the internet as far as web pages, and perhaps blocked is not the correct term at this point as it could well be settings but in any case I cannot get there.  My level of knowledge is around the CCENT 1, and part of the CCENT 2.  I was studying for the first test with my home lab two routers and two older switches when I decided to buy this and since working on this my actual experience has pushed past the first test and pushing me to learn alot of new things.  Many of the things in the AP I still dont understand from IOS perspective.  all that bridging is a bit confusing and its not in my videos I study for the test.

Anyway I can really use some help and any extra input like if I have things on my router that I probably dont need starting out let me know as less is best so I can fully understand everything I am doing.

(I did find a bug with the 891W model: if you use the GUI and enable the wireless using CCP then you go into the command line and put in guest mode to show the ssid it bugs out and it will not show the SSID.  You fix by going back into CCP and turning off SSID and then the command line will work and it shows up, weird huh, but anyway I just put that in here in case some other person is looking for 891W and runs across the error)

Edited:  Ok I am adding a piece of information.  I can ping google at 74.125.227.51  "from a my PC connected to the wireless AP"  but when I Put that same IP into the browser it will not go through.  So seems like ICMP is getting through but maybe HTTP and HTTPS are not?  I may be on wrong track but seems related.

Note: When connected to the ethernet switch port 0 of the same router (its 8 port switch built in as well) I can get to all websites via browser without any issues. Its only with the wireless that I cannot.

==========================================================================              

show run
Building configuration...

Current configuration : 5658 bytes
!
! Last configuration change at 06:08:06 UTC Wed Jun 20 2012 by brian
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 PASSWORD
!
no aaa new-model
!
!
!
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed

(bunch of Blah blah blah info here)

quit

ip source-route
!
!
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool Wireless
   network 10.0.0.0 255.255.255.0
   default-router 10.0.0.1
   dns-server XX.XX.XX.XX
!
ip dhcp pool WIREDLAN
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server XX.XX.XX.XX
!
!
ip cef
no ip domain lookup
ip domain name MYDOMAIN
ip inspect log drop-pkt
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn XXXXXXXX
!
!
archive
log config
  hidekeys
username NAME privilege 15 secret 5 SOMEPASSWORD
!
!
!
!
!
bridge irb
!
!
!
!
interface FastEthernet0
spanning-tree portfast
!
!
interface FastEthernet1
spanning-tree portfast
!
!
interface FastEthernet2
spanning-tree portfast
!
!
interface FastEthernet3
spanning-tree portfast
!
!
interface FastEthernet4
shutdown
spanning-tree portfast
!
!
interface FastEthernet5
spanning-tree portfast
!
!
interface FastEthernet6
spanning-tree portfast
!
!
interface FastEthernet7
shutdown
spanning-tree portfast
!
!
interface FastEthernet8
description $ES_WAN$$FW_OUTSIDE$
ip address XXX.XXX.XXX.XXX 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $ES_WAN$$FW_OUTSIDE$
no ip dhcp client request tftp-server-address
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
duplex auto
speed auto
!
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan4
arp timeout 0
!
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 4
switchport mode trunk
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan4
ip address 10.0.0.1 255.255.255.0
!
!
interface Async1
no ip address
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
access-list 1 permit any
access-list 100 permit ip any any
access-list 101 permit ip any any
no cdp run

!
!
!
!
!
!
control-plane
!
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

r1#

===================================================================================

================AP CONFIG===================================================

show run
Building configuration...

Current configuration : 2778 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ap
!
enable secret 5 SOMEPASSWORD
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid TEST
   vlan 4
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 TEST123
!
!
!
username USERNAME privilege 15 secret 5 SomePassword
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 4 mode ciphers tkip
!
broadcast-key vlan 4 change 30
!
!
ssid TEST
!
antenna gain 0
station-role root
!
interface Dot11Radio0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
!
broadcast-key vlan 4 change 30
!
antenna gain 0
dfs band 3 block
channel dfs
station-role root
!
interface Dot11Radio1.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp
no ip route-cache
!
ip default-gateway 10.0.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
!
!

line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
cns dhcp
end

ap#

===============================================================================================

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

891 W CISCO891W-AGN-A-K9 Wireless

Your wireless clients should take an ip address from VLAN 4 , and the ip address range assigned is private.

You need to check the nat config.

IP nat inside should be added to the gateway of VLAN 4.

3 REPLIES
Cisco Employee

891 W CISCO891W-AGN-A-K9 Wireless

Your wireless clients should take an ip address from VLAN 4 , and the ip address range assigned is private.

You need to check the nat config.

IP nat inside should be added to the gateway of VLAN 4.

Community Member

891 W CISCO891W-AGN-A-K9 Wireless

Maldehne,

My Wireless client is assigning IPs.  I get IP 10.0.0.0.3 I also checked to make sure I had a valid dns which I did.  So that is all working perfectly.

I am still learning NAT, and while I understand the theory on it the CLI is still new because thats on the second CCENT 2 test which I have had to crash study for in order to get my new router up.  I watched VLAN section and router and I am at the point where its talking about router on a stick but have not finished that. 

I wondered about the difference between router on a stick and a router that has a switch built into it like the 891W. Does that communicate the same way?

Anyway I am at work today till 5pm, and while I have access to my router from work I have to disconnect all the internet each night because my kids are out for the summer and they throw a fit if the internet is down and they cannot play xbox lol...   So I work in the evenings on this for the most part.  I may go home today and go ahead and hook up the internet back to the router as kids and wife are not going to be out of the house till later this evening today.

Hopefully the NAT is the issue but I do have one question.  If NAT was the problem would I be able to PING the IPaddresses wouldnt it drop any private IP that I tried to ping with?   

Thats why I did not think it was NAT but I will certainly test that out.

Thanks,

Brian W Catlin

Community Member

891 W CISCO891W-AGN-A-K9 Wireless

Well adding IP NAT INSIDE to the Interface Vlan 4  fixed the issue.

I dont understand they why or how it fixed it though.  I thought a private IP would be dropped by the ISP so how was I able to ping from the wirelessly assigned private NAT of 10.0.0.3 to the google IP?   I would have thought I could not ping because the packets would be dropped on the ISP network without first being NAT. 

I guess I dont fully understand NAT yet.

However this did fix the issue and I am thankful.

Brian

1923
Views
0
Helpful
3
Replies
CreatePlease to create content