Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1941w not able to connect to the Internet

Hi,

I have been trying to setup the Cisco 1941w at my company for use as a wireless router. Once the router is up and running, I have to route traffic to a Websense V5000 appliance connected to the router. The connection to websense comes later, I haven't even been able to connect to the internet via the Wired connection or Wireless AP. I'm not an expert in networking, please excuse the stupid mistakes.

I have looked at a few posts regarding this router and have tried implementing some of the solutions presented online, but haven't been successful so far. It would be great if someone could give a few pointers. Below is my router and AP config. Only relevant sections shown.

****************

Router Config

****************

ip dhcp excluded-address 20.30.50.1 20.30.50.10

!

ip dhcp pool DHCPPOOL

network 20.30.50.0 255.255.255.0

default-router 20.30.50.1

dns-server 20.30.50.2

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0     //Connected to the outside WAN

ip address 70.35.55.106 255.255.255.248     //static IP provided by ISP

ip access-group In_From_WAN in

ip access-group Out_To_WAN out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

ip verify unicast reverse-path

duplex auto

speed auto

no cdp enable

no mop enabled

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

no ip redirects

no ip unreachables

no ip proxy-arp

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

ip address 20.30.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface GigabitEthernet0/1/0

no ip address

!

....

....

....

interface GigabitEthernet0/1/7

no ip address

!

interface Vlan1

description $ES_LAN$

ip address 20.30.50.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

bridge-group 1

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source list 135 pool ovrld overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

!

ip access-list extended In_From_WAN

permit udp any host 70.35.55.106

permit tcp any host 70.35.55.106

permit tcp any any established

permit ip host 70.35.55.106 any

permit icmp 70.35.55.0 0.0.0.7 any

ip access-list extended Out_To_WAN

permit ip 20.30.0.0 0.0.255.255 host 70.35.55.106

permit ip 20.30.50.0 0.0.0.255 host 70.35.55.106

permit ip 20.30.10.0 0.0.0.255 host 70.35.55.106

permit tcp 20.30.50.0 0.0.0.255 host 70.35.55.106

!

access-list 135 permit ip 20.30.10.0 0.0.0.255 any

!


end

************************

Access Point Config

************************

ap#show run

Building configuration...

dot11 syslog

!

dot11 ssid example_ssid

   vlan 1

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 ***************************

!

!

!

username ********* privilege 15 secret 5 $1$jjR3$QukCvHw99kL9mmE5LLW2c1

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers tkip

!

ssid example_ssid

!

antenna gain 0

speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root access-point

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

antenna gain 0

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 20.30.50.3 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip


end

I tried to ping various interfaces from the Router and the AP. This is what I've observed.

When I login to the Router:

I am able to ping 20.30.50.1 (vlan1), 20.30.10.1 (ge0/1), 20.30.50.2 (bvi1 on ap)

NOT able to ping 70.35.55.106 (ge0/0)

When I login to the Access Point (service-module wlan-ap 0 session):

I am able to ping all the interfaces mentioned above, including the ge0/0 - 70.35.55.106

Users are able to connect to the AP via the example_ssid and get the expected IP address (20.30.50.11 onwards).

Also, "show ip nat trans" on the router does not show anything.

Appreciate any suggestions.

Thanks

276
Views
0
Helpful
0
Replies
CreatePlease to create content