I had previously posted this in the LAN Switching and Routing forum, but after no responses I thought this may be a more appropriate forum for this.
I have a new deployment of a Cisco 891W being used for both wired and wireless hosts. Hosts on both the wired and wireless networks are being assigned DHCP addresses from the router and have no problems accessing the Internet. However, I am finding that there is no connectivity between the wired and wireless hosts. For example, the router can ping both wired and wireless hosts, but these hosts cannot ping each other. I've checked the hosts themselves for firewall issues and such, and they are fine. My guess is that I overlooked something basic in the router / ap configuration, perhaps a VLAN configuration. I'm hoping someone on the forum would be able to shed some light on my configuration and/or point me to a configuration document. The router and ap configurations are attached.
Thanks for the suggestion, Nicolas. I have also used this method in the past on the Cisco 1811W platform. With the 1800 ISR series, the router and access point are managed from a unified IOS configuration. I do not have any experinece with the 870 ISR, but suspect this is also the same. Because the 891W uses seperate configurations for the router and access point, I did not initially try this.
My reading of the 890 ISR docs lead me to believe the access point was running as a seperate device within the chassis connected via the router's wlan-GigabitEthernet0 interface. I thought I should be able to manage this interface the same as I would manage a physical interface connected to an external AP. I had tried changing this interface to a trunk, as well as a few other changes, all without success.
I'll try the BVI solution on the router to see if that helps, but I also may try setting up a spare AP to one of the physical interfaces to see if it behaves any differently.
To update the thread, I configured an AP 11142 with a similar config (attached) to that of the router's internal AP. I connected the 1142 to the router on Fa4, but made no changes to the router's configuration. I found that wireless clients could connect to the 1142 and browse the Internet and could now reach servers on the wired LAN, which is exactly the functionality I was looking for. Not seeing any differences of significance between how the 1142 was configured versus the 891W, I moved a test client back to the 891W AP. Surprisingly, the functionality I was looking for continued to work! But this was short lived. I stepped away to test a second wireless client which also worked, but when I came back to the first wireless client I found it was no longer working. After some additional testing, it appears that when I moved a client onto the 1142 I can see it's MAC address via the 'show mac-address-table' command. When I move it back to the 891W AP, it will initially work but once the MAC address expires and disappears from the MAC table, the host in no longer reachable via the wired LAN. Since I'm not having a problem when using the 1142 AP, I'm not sure if this would be a router configuration issues or a router to internal AP communication problem. I would appreciate any additional help or suggestions anyone has to offer.
891W Router: System image file is "flash:c890-universalk9-mz.124-22.YB6.bin"
891W AP: System image file is "flash:/ap801-k9w7-mx.124-21a.JY/ap801-k9w7-mx.124-21a.JY"
1142 AP: System image file is "flash:/c1140-k9w7-mx.124-21a.JA1/c1140-k9w7-mx.124-21a.JA1"
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...