Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless Clients cannot communicate to eachother.

I have a 871W router that I am having trouble getting wireless clients to communicate.

I can ping and use applications from any wired client to any wireless device. However I am unable to ping or use any other protacol from one wireless device to another.

I have confirmed that there is no firewalls on the endpoints blocking communication.

I have removed ACLs on the BVI1 interface but that had no affect.

Any assistance would be greatly appreciated.

Current configuration : 7670 bytes


version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers


hostname cc-fw-router





logging buffered 51200 debugging

enable secret 5 $1$crkU$2cWtWnMRjMvfo4ADb4pfi0


aaa new-model



aaa authentication login default local none


aaa session-id common


resource policy


clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

ip subnet-zero

no ip source-route

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address

ip dhcp excluded-address


ip dhcp pool sdm-pool1

   import all





ip dhcp pool xbox


   hardware-address 0100.1dd8.5b52.73 ieee802




ip inspect name DEFAULT100 cuseeme

ip inspect name DEFAULT100 ftp

ip inspect name DEFAULT100 h323

ip inspect name DEFAULT100 icmp

ip inspect name DEFAULT100 netshow

ip inspect name DEFAULT100 rcmd

ip inspect name DEFAULT100 realaudio

ip inspect name DEFAULT100 rtsp

ip inspect name DEFAULT100 esmtp

ip inspect name DEFAULT100 sqlnet

ip inspect name DEFAULT100 streamworks

ip inspect name DEFAULT100 tftp

ip inspect name DEFAULT100 tcp

ip inspect name DEFAULT100 udp

ip inspect name DEFAULT100 vdolive

ip tcp synwait-time 10

no ip bootp server

ip domain name

ip name-server

ip ssh time-out 60

ip ssh authentication-retries 2



crypto pki trustpoint TP-self-signed-1816499983

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1816499983

revocation-check none

rsakeypair TP-self-signed-1816499983



crypto pki certificate chain TP-self-signed-1816499983

certificate self-signed 01

  30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31383136 34393939 3833301E 170D3038 30323039 32313436

  31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38313634

  39393938 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BD37 F594F5B4 726A60BA 2C99B43C 0DE6814A 17BB53C2 A2202828 D6AA7774

  7E3FF99D 7A6B06D8 C7A52D0E 2989CF78 F5E892C0 9A9DA783 1E6C8B59 6F8B01D7

  1E631226 D372D65B 6E72CA49 D572FEA6 26131F83 32F87678 4B13735F 383D9F65

  287E2CE3 46459CAD 582DB438 6E599885 BAE48719 4AC9EB73 8BC32114 C6C637C9

  80350203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603

  551D1104 1E301C82 1A63632D 66772D70 65746572 2E796F75 72646F6D 61696E2E

  636F6D30 1F060355 1D230418 30168014 391859D0 F5A8499D 8EF185B7 DC937161

  7F2B7CBA 301D0603 551D0E04 16041439 1859D0F5 A8499D8E F185B7DC 9371617F

  2B7CBA30 0D06092A 864886F7 0D010104 05000381 8100BC17 189FF9F1 01349085

  70E363E9 47AB7A9A 6F80498B D8F727DF 687CC37E 8FF3024F 30451A97 C4C81676

  C2FCA1A0 2B51D091 AA0B44E7 BA7FCA6A ED98CF5F 3EE60AD4 AB79DB09 BBE94F64

  C83FB22E 8936E561 C84AF542 DB4756E3 6EF31359 4210262A 43D2E1F7 15DD3E32

  15278156 9569D8BE 5EC38773 9A2EFB63 11C55FFD 93B4


username user privilege 15 secret 5 $1$wVlg$THSMUBnF3f3A3o2Oh18xS/

username ccadmin password 7 09774C051612111B180439




crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key 01234567890123456789 address no-xauth



crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel


set transform-set ESP-3DES-SHA1

match address 103


bridge irb



interface FastEthernet0


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1


interface Dot11Radio0

no ip address


encryption mode ciphers tkip


ssid my_home

    authentication open

    authentication key-management wpa


    wpa-psk ascii 7 133E1413181F0138273D15


speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

no dot11 extension aironet

bridge-group 1

bridge-group 1 spanning-disabled


interface Vlan1


no ip address

ip virtual-reassembly

bridge-group 1


interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname verizonfios

ppp chap password 7 01050316521109012745411A

ppp pap sent-username verizonfios password 7 120F00051B11030A2C222B3B

crypto map SDM_CMAP_1


interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1200


ip classless

ip route Dialer0


ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

ip nat inside source static udp 88 interface Dialer0 88

ip nat inside source static tcp 3074 interface Dialer0 3074

ip nat inside source static udp 3074 interface Dialer0 3074



access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit

access-list 1 permit

access-list 100 remark auto generated by Cisco SDM Express firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny   ip host any

access-list 100 deny   ip any

access-list 100 permit ip any any

access-list 103 remark SDM_ACL Category=4

access-list 103 remark IPSec Rule

access-list 103 permit ip

access-list 103 permit ip

access-list 110 deny   ip

access-list 110 deny   ip

access-list 110 permit ip any

access-list 120 remark Xbox

access-list 120 permit tcp any eq 88 host eq 88

access-list 120 permit tcp any eq 3074 host eq 3074

access-list 120 permit udp any eq 3074 host eq 3074

dialer-list 1 protocol ip permit

snmp-server community public RO

no cdp run

route-map SDM_RMAP_1 permit 1

match ip address 110





bridge 1 protocol ieee

bridge 1 route ip

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C


line con 0

no modem enable

transport output telnet

line aux 0

transport output telnet

line vty 0 4

privilege level 15

transport input telnet ssh


scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500



Wireless Clients cannot communicate to eachother.

see the option "client Isolation"in the Ap


Posted by WebUser Anshul Rohilla