Re: Cisco 851 Wlan problems

mdoyal · ‎08-09-2006

I am unable to reach the internet using SSID TKCTS. Everytime it associates it is given a IP 192.168.1.103. However my fastethernet0 connection I have setup as DHCP and I get the correct ip 192.168.112.2. What am i doing wrong. attached is my config file... Thanks..

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ETH-WAN$

ip address dhcp client-id FastEthernet4

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto ipsec client ezvpn ASA

!

interface Dot11Radio0

no ip address

countermeasure tkip hold-time 15

!

encryption mode ciphers tkip

!

ssid TKCTS

max-associations 254

authentication open

authentication key-management wpa

guest-mode

infrastructure-ssid

wpa-psk ascii 0 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

no dot11 extension aironet

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.112.1 255.255.255.0

ip helper-address 192.168.1.5

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect DEFAULT100 in

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

crypto ipsec client ezvpn ASA inside

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip dns view ezvpn-internal-view

domain name-server 192.168.1.6

domain name-server 192.168.1.7

ip nat inside source list 112 interface FastEthernet4 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.121.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 112 deny ip 192.168.112.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 112 permit ip 192.168.112.0 0.0.0.255 any

no cdp run

!

Stephen Rodriguez · ‎08-09-2006

Create a BVI1 interface,and move the IP address from the VLAN to the BVI. Make sure to move all the commands from the VLAN interface to the BVI.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

mdoyal · ‎08-09-2006

Thanks... I am not too sure on how to make the bvi. I am pretty new to this is thier a site I can go to for directions.

Thanks

mdoyal · ‎08-10-2006

I tried this and it did not work am I missing something. This also took my router down. I was unable to use SDM or CLI. Any suggestions?

Thanks

ssid TKCS

max-associations 254

authentication open

authentication key-management wpa

guest-mode

infrastructure-ssid

wpa-psk ascii 0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

no dot11 extension aironet

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

load-interval 30

bridge-group 1

!

interface BVI1

ip address 192.168.112.1 255.255.255.0

ip helper-address 192.168.1.5

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect DEFAULT100 in

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

crypto ipsec client ezvpn ASA inside

!

bridge 1 route ip

enable

!

Stephen Rodriguez · ‎08-10-2006

that all looks rightl. You can't reach the router via CLI of SDM? can you get an address from the wired and wireless, and have internet access?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

mdoyal · ‎08-10-2006

I was given an address on the wirless side but it was a 192.168.1.103. I can us CLI but not SDM. My wired connection gives me the right IP 192.168.112.2. I am not able to reach the internet when the config with BVI is running. I have to revert back to the old config.