Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NEWBIE HELP

I've got an 871w here and I'm trying to setup wireless. PCs

associate with the wireless device but receive no IP address. I'm posting my config which I've probably jacked up pretty good. If someone

can point out the glaring mistake, I'd appreciate it.

Building configuration...

Current configuration : 3510 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$n2Lp$0hc9r5IgIuuip2nfMxAHu/
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1241142470
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1241142470
revocation-check none
rsakeypair TP-self-signed-1241142470
!
!
crypto pki certificate chain TP-self-signed-1241142470
certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31323431 31343234 3730301E 170D3038 30313134 31313233
  30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32343131
  34323437 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C8E9 A43AD7B1 1A77D806 1F3387B9 DE9AF20D CC4AB2BD BB2B8B74 CA05D166
  C1DFD084 86771EC2 816E374B 8CE3CE48 292247EE 267DB5CC E4594450 809F714E
  9A37C660 63391F71 4430ABEE E3B1AF52 13C7339C 0B22B4BF 142727F3 288A619E
  794C23EC E9F442B1 B8DE01BE 9BFA1A65 6D1B153C 5F8F26B0 F71E5834 5C1B7388
  93D90203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
  551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 6527E674
  F6FD0712 7EF2107D 4A65B320 741A584E 301D0603 551D0E04 16041465 27E674F6
  FD07127E F2107D4A 65B32074 1A584E30 0D06092A 864886F7 0D010104 05000381
  81001DC5 A5CC8CE1 D3B79E40 55D7CE95 06EC5969 4C0B8CCE 72DA8426 09E8D8B7
  CF1E2D18 EECB3BD8 BF51FF62 16B41576 117E2B48 FCA5AFB8 DF38255E 290F422B
  175E5FF4 8CD916F3 9C75FB8E CAE45F7D 39FCBA82 D895DDFE 37B466B0 1A7BFF04
  7840D8E6 21572421 F2A46C3A 89D67A54 010A3CF7 FA911436 2969C009 0D4EEBDF B6BB
        quit
!
!
!
dot11 ssid CISCOHOME
   vlan 1
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!
ip cef
!
!
ip dhcp relay information option
no ip dhcp use vrf connected
!
ip dhcp pool test
   network 192.168.1.0 255.255.255.0
!
!
!
multilink bundle-name authenticated
!
!
username bill privilege 15 secret 5 $1$qPBp$yVSZM9stQzJzaQaQ7we2r1
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
ip address 192.168.1.2 255.255.255.0
!
encryption vlan 1 mode ciphers tkip
!
ssid CISCOHOME
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
bridge-group 1
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password 7  logging synchronous
login
no modem enable
line aux 0
line vty 0 4
password 7
login
!
scheduler max-task-time 5000

!
webvpn cef
end

16 REPLIES

Re: NEWBIE HELP

You need to add a BVI interface and move your IP address from VLAN 1 interface to it.  Make sure you have console access, otherwise you'll drop connectivity when you make this change.  Also you don't need the IP address under the Dot11Radio0 Interface.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: NEWBIE HELP

Thanks Steve, I will give that a try

New Member

Re: NEWBIE HELP

Hmm, still no IP address given to any clients

Re: NEWBIE HELP

save config and reboot, see if we come up cleanly.  If not, please post current config

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: NEWBIE HELP

Here is current config - Still no IP being dsihed out to client PCs wirelessly:

Building configuration...

Current configuration : 3569 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1241142470
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1241142470
revocation-check none
rsakeypair TP-self-signed-1241142470
!
!
crypto pki certificate chain TP-self-signed-1241142470
certificate self-signed 01
  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31323431 31343234 3730301E 170D3038 30313230 31333335
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32343131
  34323437 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C8E9 A43AD7B1 1A77D806 1F3387B9 DE9AF20D CC4AB2BD BB2B8B74 CA05D166
  C1DFD084 86771EC2 816E374B 8CE3CE48 292247EE 267DB5CC E4594450 809F714E
  9A37C660 63391F71 4430ABEE E3B1AF52 13C7339C 0B22B4BF 142727F3 288A619E
  794C23EC E9F442B1 B8DE01BE 9BFA1A65 6D1B153C 5F8F26B0 F71E5834 5C1B7388
  93D90203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
  551D1104 1F301D82 1B526F75 7465722E 68736431 2E67612E 636F6D63 6173742E
  6E65742E 301F0603 551D2304 18301680 146527E6 74F6FD07 127EF210 7D4A65B3
  20741A58 4E301D06 03551D0E 04160414 6527E674 F6FD0712 7EF2107D 4A65B320
  741A584E 300D0609 2A864886 F70D0101 04050003 818100C6 A3FF3B0B 8E60480F
  FD008AEE 13F38EA8 14A27889 CE2CB715 C15C5622 A50CB313 D9335866 8083A413
  5F3111A4 D0FF77B2 A6E6A72C A4B326EF 07528AB6 A4081DEC 740C6375 0A859649
  7ED9EA9B 00B87B01 AD001D38 12E2AF93 71AA84F0 AD7F28EF 15532FF2 B5717A2B
  ADF66A84 3C476BA7 EF5C386D A847436C 0081679E B28250
        quit
!
!
!
dot11 ssid CISCOHOME
   vlan 1
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 12170A031B05011D2224313B36372B1C13150B
!
ip cef
!
!
ip dhcp relay information option
no ip dhcp use vrf connected
!
ip dhcp pool test
   network 192.168.1.0 255.255.255.0
!
!
!
multilink bundle-name authenticated
!
!
username bill privilege 15 secret 5 $1$qPBp$yVSZM9stQzJzaQaQ7we2r1
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid CISCOHOME
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password 7
logging synchronous
login
no modem enable
line aux 0
line vty 0 4
password 7
login
!
scheduler max-task-time 5000

!
webvpn cef
end

Re: NEWBIE HELP

If you give yourself a static address does it work?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: NEWBIE HELP

Sorry, let me back up for a second...

It is now getting an IP but it is getting the IP from the BVI. However, the client nor the BVI can seem to communicate to the outside. So I'm getting an IP but not getting out.

Re: NEWBIE HELP

Bill,

     There is no nat statements and no NAT ACL, so you would need something like:

F4

ip nat outside

BVI1

ip nat inside

ip access-list NAT permit ip 192.168.1.0

ip nat inside source list NAT inter F4 overload

You should also add some information under teh DHCP scope

default-gateway 192.168.1.1

dns 4.2.2.2  ( or whatever DNS server you want to use )

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: NEWBIE HELP

Steve,

You dont think its a route issue? I only say this because what need would there to be a NAT on the AP side ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: NEWBIE HELP

You need to NAT to get to the outside, and since the BVI is the L3, that's where the nat inside statement should go

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: NEWBIE HELP

I'm not sure I need that, maybe I do, as it states I am new to the Cisco side. What I need is a route of some type as F4 is connected to another Dlink router and gets its IP from the DLINK which is on the 192.168.0.x network. I want to have a VLAN and the wireless on another network, the 192.168.1.x network. Right now the two networks do not tlk to each other.

New Member

Re: NEWBIE HELP

So how do I get these two networks to talk to each other....just put in a static route on each end? Currently fastethernet 4 is not talking to the wireless piece/bridge.

Re: NEWBIE HELP

can you post a quick topology please... thanks

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: NEWBIE HELP

Sure -

Internet (Cable) 64.x.x.x --> Dlink Router WAN link (4 port switch also) Nat'd to 192.168.0.x

From one of the ethernet ports --> Fe4 of Cisco 871w, this port is on the 192.168.0.x network with an address through DHCP

Then the config from previous posts is how the rest of it is setup.

New Member

Re: NEWBIE HELP

So do you guys think I just need a route statement in there?

Symptoms are that clients off the wireless vlan1 get an IP address but cannot ping the other network. For example, the wireless network is on

192.168.1.x while the other network going out to the internet is on the 192.168.0.x network. Both using /24 subnet mask.

While I get an IP from the wireless ok (192.168.1.6), I cannot ping the other network. What's the easiest way to rectify?

New Member

Re: NEWBIE HELP

Anybody have any ideas? Pretty confused at this stage.

766
Views
0
Helpful
16
Replies
CreatePlease to create content