Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multicast on hwic-ap

Hey all,

I have been having a heck of a time getting multicast setup on over wifi.  Our office recently got a chromecast for a waiting room and wants to stream netflix to it but the app will not work on our wifi.  Netflix's response is multicast is not enabled.  I have a 2811 with the HWIC-AP card for this office.  I am using a bridge interface to combine a LAN and WLAN interface and here is the config:

dot11 ssid SSID NAME

vlan 50

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii <KEY>

interface Dot11Radio0/2/0

no ip address

ip nat inside

ip virtual-reassembly in

!

encryption vlan 50 mode ciphers aes-ccm tkip

!

encryption vlan 100 mode ciphers aes-ccm tkip

!

!

broadcast-key vlan 50 change 30

!

broadcast-key vlan 125 change 10

!

!

ssid SSID NAME

!

mbssid

speed basic-48.0 basic-54.0

station-role root

infrastructure-client

!

interface Dot11Radio0/2/0.50

description ### SSID SSID NAME ###

encapsulation dot1Q 50

ip helper-address 192.168.3.1

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

interface FastEthernet0/1.30

description ### ANDY VLAN ###

encapsulation dot1Q 30

ip helper-address 192.168.3.1

ip nat inside

ip virtual-reassembly in

no ip route-cache

bridge-group 1

interface BVI1

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

---------------------------------------------------------------------------

Any assistance at all would be great as I am not well versed in HWIC-AP cards and their wifi abilities.

Everyone's tags (3)
13 REPLIES

Multicast on hwic-ap

Can you post the configuration of the router as well?  in this scenario, all the multicast config will be in the 'router' config and not the 'AP' portion

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Multicast on hwic-ap

Here is the config:

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 2811-CME

!

boot-start-marker

boot system flash c2800nm-adventerprisek9-mz.151-4.M5.bin

boot system flash c2800nm-adventerprisek9_ivs_li-mz.151-3.T.bin

boot-end-marker

!

!

security authentication failure rate 3 log

logging buffered 4096

enable secret 5 $1$Oc9P$NoEqI7bMpCegmiiHHbAgl0

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

!

clock timezone CST -6 0

clock summer-time CDT recurring last Sun Mar 2:00 last Sun Oct 2:00

!

dot11 syslog

!

dot11 ssid SSIDNAME

vlan 50

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 06121D204F4558405D4F

!

dot11 ssid Guest

vlan 125

authentication open

mbssid guest-mode

!

dot11 ssid PRINTER

vlan 100

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 011F0B0F4159525D71

!

ip source-route

!

!

ip cef

!

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.3.1 192.168.3.99

ip dhcp excluded-address 192.168.6.51 192.168.6.254

ip dhcp excluded-address 192.168.2.33 192.168.2.255

ip dhcp excluded-address 192.168.7.1

ip dhcp excluded-address 192.168.6.1 192.168.6.2

ip dhcp excluded-address 192.168.125.1

ip dhcp excluded-address 192.168.2.20 192.168.2.255

ip dhcp excluded-address 192.168.3.131 192.168.3.254

!

ip dhcp pool VoIP

   network 192.168.4.0 255.255.255.0

   dns-server 4.2.2.1 4.2.2.2

   option 150 ip 192.168.4.1 1.1.1.1

   default-router 192.168.4.1

   option 42 ip 192.168.3.201

   lease 7

!

ip dhcp pool LAN-MillerNET

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

   option 150 ip 192.168.3.25

   dns-server 192.168.3.1 4.2.2.1 8.8.8.8

   lease 7

!

!

ip dhcp pool LAN-DMZ

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 4.2.2.1 4.2.2.2

!

ip dhcp pool STATIC-PRINTER

   host 192.168.100.2 255.255.255.252

   client-identifier 0100.2000.516e.c9

   default-router 192.168.100.1

   dns-server 192.168.3.20

!

ip dhcp pool CUCM-VoIP

   network 192.168.6.0 255.255.255.0

   option 150 ip 192.168.3.25

   default-router 192.168.6.1

   domain-name millernet.us

   dns-server 192.168.3.20 8.8.8.8 4.2.2.1

   lease 7

!

ip dhcp pool WLAN-Guest

   network 192.168.125.0 255.255.255.0

   dns-server 208.67.222.222 208.67.220.220

   default-router 192.168.125.1

!

!

ip name-server 8.8.8.8

ip name-server 4.2.2.1

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

vpdn enable

!

vpdn-group 1

!

redundancy

!

!

ip ssh version 2

!

!

!

bridge irb

!

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

description ### UPLINK TO INET (USES DIALER1) ###

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

description ### TO 3750 ###

no ip address

ip nat inside

ip virtual-reassembly in

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0/1.20

description ### DMZ ###

encapsulation dot1Q 20

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.30

description ### LAN VLAN ###

encapsulation dot1Q 30

ip helper-address 192.168.3.1

ip nat inside

ip virtual-reassembly in

no ip route-cache

bridge-group 1

!

interface FastEthernet0/1.40

description ### VoIP VLAN ###

encapsulation dot1Q 40

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.60

description ### CUCM VoIP ###

encapsulation dot1Q 60

ip address 192.168.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.200

description ### SERVER VLAN ###

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface Serial0/0/0

description ### TO LAB ###

ip address 192.168.50.1 255.255.255.252

ip nat inside

ip virtual-reassembly in

clock rate 8000000

!

interface Dot11Radio0/2/0

no ip address

ip nat inside

ip virtual-reassembly in

!

encryption vlan 50 mode ciphers aes-ccm tkip

!

encryption vlan 100 mode ciphers aes-ccm tkip

!

!

broadcast-key vlan 50 change 30

!

broadcast-key vlan 125 change 10

!

!

ssid SSIDNAME

!

ssid Guest

!

ssid PRINTER

!

mbssid

speed basic-48.0 basic-54.0

channel 2412

station-role root

infrastructure-client

!

interface Dot11Radio0/2/0.50

description ### SSID SSIDNAME ###

encapsulation dot1Q 50

ip helper-address 192.168.3.1

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0/2/0.100

description ### SSID PRINTER ###

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.252

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface Dot11Radio0/2/0.125

description ### SSID Guest ###

bandwidth 524288

encapsulation dot1Q 125

ip address 192.168.125.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface Service-Engine1/0

ip unnumbered FastEthernet0/1.30

!

interface Virtual-Template1

ip unnumbered BVI1

!

interface Virtual-Template7

ip unnumbered Dialer1

!

interface Dialer1

description ### VIRT INT TO INET ###

ip address negotiated

ip flow ingress

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname

ppp chap password 7 101E5C4B5C4F4A1B0D0920

ppp timeout idle 180

!

interface BVI1

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http path flash:/cme/GUI

!

!

ip dns server

ip nat inside source list 1 interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip access-list extended Asterisk

permit udp any any range 10000 20000

!

logging esm config

logging 192.168.3.201

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

alias exec s show ip interface brief

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server 192.168.3.201 prefer

end

Multicast on hwic-ap

Well, let's start with cleaning up the configuration. Bridge-Group 1.   Under the radio you are calling it VLAN 50, and on the wire it's VLAN 30.  This should match, so that you aren't sending multiple tags.

multicast routing is already enabled, so it should work.  But I'm also concerned that you have limited the radio to 48 and 54 Mbps.  I can't find anything on the web, but the Chromecast may want the lower rates endabled.  I know that with certain nintendo devices, if you don't have 1 and 2 supported you will have issues.

So I recommend:

1.) correct the configuration so that brdige-group 1 is just vlan 30

2) enable the lower data rates 1,2, 5.5, 11, 12, 18,24,36.  You may also need to change the 'basic' rate(s) that you have set.  in aIOS basic means the device needs to support this rate to connect.  But it also uses the lower 'basic' rate to send multicast at.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Multicast on hwic-ap

Ok thank you for the help, I will change the VLAN around to simply just 30.  I just changed the data rates to only those two today in an attempt to fix it so they were not working with the lower ones as well.  I may change those as well.

To apply the VLAN change do I need to edit this line as well:

interface Dot11Radio0/2/0

no ip address

ip nat inside

ip virtual-reassembly in

!

encryption vlan 50 mode ciphers aes-ccm tkip

!

encryption vlan 100 mode ciphers aes-ccm tkip

!

!

broadcast-key vlan 50 change 30

!

broadcast-key vlan 125 change 10

!

!

ssid SSIDNAME

!

ssid Guest

!

ssid PRINTER

!

mbssid

speed basic-48.0 basic-54.0

channel 2412

station-role root

infrastructure-client

To just encryption vlan 30 mode ciphers aes-ccm tkip & broadcast-key vlan 30 change 30


New Member

Multicast on hwic-ap

I attempted this afterhours and after changing the vlan tag in 4 different locations, 1) dot11 ssid 2) Interface radio 0/2/0 encryption vlan 3) Interface radio 0/2/0 broadcast key 4) interface Dot11Radio0/2/0.50 encapculation.

After doing this, I could not connect phones or laptops.  I cannot figure out where the misconfiguration is either.  Any assistnance would be great.

Multicast on hwic-ap

Yes, and change the VLAN under the SSID:

dot11 ssid SSIDNAME

vlan 30

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 06121D204F4558405D4F

Dot11Radio0.30

encapsulation dot1q 30 native

bridge-group 1

and the

encryption vlan 30 mode ciphers aes-ccm

if those don't work, please post the config

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Multicast on hwic-ap

This is the changes I made, but since then I reloaded the router and reverted it.

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 2811-CME

!

boot-start-marker

boot system flash c2800nm-adventerprisek9-mz.151-4.M5.bin

boot system flash c2800nm-adventerprisek9_ivs_li-mz.151-3.T.bin

boot-end-marker

!

!

security authentication failure rate 3 log

logging buffered 4096

enable secret 5 $1$Oc9P$NoEqI7bMpCegmiiHHbAgl0

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

!

clock timezone CST -6 0

clock summer-time CDT recurring last Sun Mar 2:00 last Sun Oct 2:00

!

dot11 syslog

!

dot11 ssid SSIDNAME

vlan 30

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 06121D204F4558405D4F

!

dot11 ssid Guest

vlan 125

authentication open

mbssid guest-mode

!

dot11 ssid PRINTER

vlan 100

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 011F0B0F4159525D71

!

ip source-route

!

!

ip cef

!

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.3.1 192.168.3.99

ip dhcp excluded-address 192.168.6.51 192.168.6.254

ip dhcp excluded-address 192.168.2.33 192.168.2.255

ip dhcp excluded-address 192.168.7.1

ip dhcp excluded-address 192.168.6.1 192.168.6.2

ip dhcp excluded-address 192.168.125.1

ip dhcp excluded-address 192.168.2.20 192.168.2.255

ip dhcp excluded-address 192.168.3.131 192.168.3.254

!

ip dhcp pool VoIP

   network 192.168.4.0 255.255.255.0

   dns-server 4.2.2.1 4.2.2.2

   option 150 ip 192.168.4.1 1.1.1.1

   default-router 192.168.4.1

   option 42 ip 192.168.3.201

  lease 7

!

ip dhcp pool LAN

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

   option 150 ip 192.168.3.25

   dns-server 192.168.3.1 4.2.2.1 8.8.8.8

   lease 7

!

!

ip dhcp pool LAN-DMZ

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 4.2.2.1 4.2.2.2

   domain-name millernet.us

!

ip dhcp pool STATIC-PRINTER

   host 192.168.100.2 255.255.255.252

   client-identifier 0100.2000.516e.c9

   default-router 192.168.100.1

   dns-server 192.168.3.20

!

ip dhcp pool CUCM-VoIP

   network 192.168.6.0 255.255.255.0

   option 150 ip 192.168.3.25

   default-router 192.168.6.1

   domain-name millernet.us

   dns-server 192.168.3.20 8.8.8.8 4.2.2.1

   lease 7

!

ip dhcp pool WLAN-Guest

   network 192.168.125.0 255.255.255.0

   dns-server 208.67.222.222 208.67.220.220

   default-router 192.168.125.1

!

!

multilink bundle-name authenticated

!

!

!

!

vpdn enable

!

vpdn-group 1

!

!

!

!

!

!

!

!

voice-card 0

!

!

license udi pid CISCO2811 sn FTX1115A1GG

!

redundancy

!

!

ip ssh version 2

!

!

!

bridge irb

!

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

description ### UPLINK TO INET (USES DIALER1) ###

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

description ### TO 3750 ###

no ip address

ip nat inside

ip virtual-reassembly in

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0/1.20

description ### DMZ ###

encapsulation dot1Q 20

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.30

description ### ANDY VLAN ###

encapsulation dot1Q 30

ip helper-address 192.168.3.1

ip nat inside

ip virtual-reassembly in

no ip route-cache

bridge-group 1

!

interface FastEthernet0/1.40

description ### VoIP VLAN ###

encapsulation dot1Q 40

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.60

description ### CUCM VoIP ###

encapsulation dot1Q 60

ip address 192.168.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.200

description ### SERVER VLAN ###

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface Serial0/0/0

description ### TO LAB ###

ip address 192.168.50.1 255.255.255.252

ip nat inside

ip virtual-reassembly in

clock rate 8000000

!

interface Dot11Radio0/2/0

no ip address

ip nat inside

ip virtual-reassembly in

!

encryption vlan 30 mode ciphers aes-ccm tkip

!

encryption vlan 100 mode ciphers aes-ccm tkip

!

!

broadcast-key vlan 30 change 30

!

broadcast-key vlan 125 change 10

!

!

ssid SSIDNAME

!

ssid Guest

!

ssid PRINTER

!

mbssid

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0/2/0.50

description ### SSID SSIDNAME ###

encapsulation dot1Q 30

ip helper-address 192.168.3.1

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0/2/0.100

description ### SSID PRINTER ###

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.252

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface Dot11Radio0/2/0.125

description ### SSID Guest ###

bandwidth 524288

encapsulation dot1Q 125

ip address 192.168.125.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface Service-Engine1/0

ip unnumbered FastEthernet0/1.30

!

interface Virtual-Template1

ip unnumbered BVI1

!

interface Virtual-Template7

ip unnumbered Dialer1

!

interface Dialer1

description ### VIRT INT TO INET ###

ip address negotiated

ip flow ingress

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname <>

ppp chap password 7 <>

ppp timeout idle 180

!

interface BVI1

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

Multicast on hwic-ap

conf t

no interface Dot11Radio0/2/0.50

interface Dot11Radio0/2/0.30

escription ### SSID SSIDNAME ###

encapsulation dot1q 30

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

exit

int f0/1.30

encapuslation dot1q 30

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

exit

Int dot11radio0/2/0

encryption vlan 30 mode ciphers aes-ccm

that should work.

But to be safe, save the current running config

copy running-config backup-config.

make the changes then do a copy run start then reload

if your clients can't connect, then you can load the backup-config to the running to revert

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Multicast on hwic-ap

I have applied the changes and I will check with clients in that building immediately, but some of the lines of the config did not work.

These did not work for the fa0/1.30

bridge-group 1 block-unknown-source

bridge-group 1 source-learning

bridge-group 1 unicast-flooding

These are the only options:

  input-address-list         Filter packets by source address

  input-lat-service-deny     Deny input LAT service advertisements matching a group list

  input-lat-service-permit   Permit input LAT service advertisements matching a group list

  input-lsap-list            Filter incoming IEEE 802.3 encapsulated packets

  input-pattern-list         Filter input with a pattern list

  input-type-list            Filter incoming Ethernet packets by type code

  output-address-list        Filter packets by destination address

  output-lat-service-deny    Deny output LAT service advertisements matching a group list

  output-lat-service-permit  Permit output LAT service advertisements matching a group list

  output-lsap-list           Filter outgoing IEEE 802.3 encapsulated packets

  output-pattern-list        Filter output with a pattern list

  output-type-list           Filter outgoing Ethernet packets by type code

  path-cost                  Set interface path cost

  priority                   Set interface priority

  spanning-disabled          Disable spanning tree on a bridge group

  subscriber-loop-control    Configure subscriber loop control

New Member

Multicast on hwic-ap

I checked and no one is able to connect to the wifi with any deivce.  I reverted the config but I saved the config and here it is:

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 2811-CME

!

boot-start-marker

boot system flash c2800nm-adventerprisek9-mz.151-4.M5.bin

boot system flash c2800nm-adventerprisek9_ivs_li-mz.151-3.T.bin

boot-end-marker

!

!

security authentication failure rate 3 log

logging buffered 4096

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

!

clock timezone CST -6 0

clock summer-time CDT recurring last Sun Mar 2:00 last Sun Oct 2:00

!

dot11 syslog

!

dot11 ssid SSIDNAME

vlan 30

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 06121D204F4558405D4F

!

dot11 ssid Guest

vlan 125

authentication open

mbssid guest-mode

!

dot11 ssid PRINTER

vlan 100

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 011F0B0F4159525D71

!

ip source-route

!

!

ip cef

!

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.3.1 192.168.3.99

ip dhcp excluded-address 192.168.6.51 192.168.6.254

ip dhcp excluded-address 192.168.2.33 192.168.2.255

ip dhcp excluded-address 192.168.7.1

ip dhcp excluded-address 192.168.6.1 192.168.6.2

ip dhcp excluded-address 192.168.125.1

ip dhcp excluded-address 192.168.2.20 192.168.2.255

ip dhcp excluded-address 192.168.3.131 192.168.3.254

!

ip dhcp pool VoIP

   network 192.168.4.0 255.255.255.0

   dns-server 4.2.2.1 4.2.2.2

   option 150 ip 192.168.4.1 1.1.1.1

   default-router 192.168.4.1

   option 42 ip 192.168.3.201

   lease 7

!

ip dhcp pool LAN

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

   option 150 ip 192.168.3.25

   dns-server 192.168.3.1 4.2.2.1 8.8.8.8

   lease 7

ip dhcp pool LAN-DMZ

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 4.2.2.1 4.2.2.2

!

ip dhcp pool STATIC-PRINTER

   host 192.168.100.2 255.255.255.252

   client-identifier 0100.2000.516e.c9

   default-router 192.168.100.1

   dns-server 192.168.3.20

!

ip dhcp pool CUCM-VoIP

   network 192.168.6.0 255.255.255.0

   option 150 ip 192.168.3.25

   default-router 192.168.6.1

   dns-server 192.168.3.20 8.8.8.8 4.2.2.1

   lease 7

!

ip dhcp pool WLAN-Guest

   network 192.168.125.0 255.255.255.0

   dns-server 208.67.222.222 208.67.220.220

   default-router 192.168.125.1

!

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

vpdn enable

!

vpdn-group 1

!

!

bridge irb

!

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

description ### UPLINK TO INET (USES DIALER1) ###

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

description ### TO 3750 ###

no ip address

ip nat inside

ip virtual-reassembly in

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0/1.20

description ### DMZ ###

encapsulation dot1Q 20

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.30

description ### LAN VLAN ###

encapsulation dot1Q 30

ip helper-address 192.168.3.1

ip nat inside

ip virtual-reassembly in

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

!

interface FastEthernet0/1.40

description ### VoIP VLAN ###

encapsulation dot1Q 40

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.60

description ### CUCM VoIP ###

encapsulation dot1Q 60

ip address 192.168.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface FastEthernet0/1.200

description ### SERVER VLAN ###

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

!

interface Serial0/0/0

description ### TO LAB ###

ip address 192.168.50.1 255.255.255.252

ip nat inside

ip virtual-reassembly in

clock rate 8000000

!

interface Dot11Radio0/2/0

no ip address

ip nat inside

ip virtual-reassembly in

!

encryption vlan 50 mode ciphers aes-ccm tkip

!

encryption vlan 100 mode ciphers aes-ccm tkip

!

!

encryption vlan 30 mode ciphers aes-ccm

!

broadcast-key vlan 50 change 30

!

broadcast-key vlan 125 change 10

!

!

ssid SSIDNAME

!

ssid Guest

!

ssid PRINTER

!

mbssid

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0/2/0.30

description ### SSID SSIDNAME ###

encapsulation dot1Q 30

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0/2/0.100

description ### SSID PRINTER ###

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.252

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface Dot11Radio0/2/0.125

description ### SSID Guest ###

bandwidth 524288

encapsulation dot1Q 125

ip address 192.168.125.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface Service-Engine1/0

ip unnumbered FastEthernet0/1.30

!

interface Virtual-Template1

ip unnumbered BVI1

!

interface Virtual-Template7

ip unnumbered Dialer1

!

interface Dialer1

description ### VIRT INT TO INET ###

ip address negotiated

ip flow ingress

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname <>

ppp chap password 7 101E5C4B5C4F4A1B0D0920

ppp timeout idle 180

!

interface BVI1

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

Multicast on hwic-ap

are your clients configured for WPA2 or WPA?

your vlan 50 encryption is set to aes-ccm tkip

so you may need to go with

encryption vlan 30 mode ciphers aes-ccm tkip

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Multicast on hwic-ap

I made those changes and clients can connect but the netflix still fails.  I am running out of ideas to be honest.

New Member

Multicast on hwic-ap

Has anyone else seen this? I have still not found a solution.

514
Views
0
Helpful
13
Replies