Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1064
Views
0
Helpful
1
Replies

cisco 876w: wlan client - routing problem

DD.basner
Level 1
Level 1

‎05-01-2010 07:46 PM - edited ‎03-03-2019 05:56 AM

I configured a Cisco 876w to connect to an existing WLAN as a client. Now I would like to connect 3 PCs to the 876w which should be able to access the internet via the 876w.

Problem:

Being at the console (ssh) of the 876w, I can ping hosts in the internet (even with their name like www.google.com) but when I'm using a client PC, I can't... What am I missing here? Could it be a NAT problem?

Config:

Internet <--->  DSL Router 192.168.1.1 (and WLAN AccessPoint)  <--->  Cisco 876w (gets IP per DHCP, VLAN1 IP: 10.10.10.1) <---> PC (10.10.10.101)

Current configuration : 9897 bytes
!
version 12.4
no service pad
...
dot11 vlan-name wlan-lan vlan 1
!
dot11 ssid WLAN
 vlan 1
 authentication open 
 authentication key-management wpa
 wpa-psk ascii 7 0923467F1B2E52789807132F7A202E3D31
!
no ip source-route
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.9
ip dhcp excluded-address 10.10.10.101 10.10.10.254
!
ip dhcp pool ccp-pool1
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1 
   domain-name cisco.test.com
   dns-server 208.67.222.222 
!
!
ip cef
no ip bootp server
ip domain name test.com
ip name-server 208.67.222.222
ip ddns update method sdm_ddns1
 HTTP
  add http://blah.blah@members.dyndns.org/nic/update?system=dyndns&hostname=//blah.blah@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://blah.blah@members.dyndns.org/nic/update?system=dyndns&hostname=//blah.blah@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
!
no ipv6 cef
!
multilink bundle-name authenticated
!
isdn switch-type basic-net3
!
!
username admin privilege 15 secret 5 $1$uiouLKjbLIUBlKbj
username service privilege 15 secret 5 $1$LKjblkJNBLKkjlbkm
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-all sdm-cls--1
 match access-group name AllowAny
!
!
policy-map type inspect sdm-policy-sdm-cls--1
 class type inspect sdm-cls--1
  inspect 
 class class-default
  drop
!
zone security wan
zone security lan
zone-pair security sdm-zp-lan-wan source lan destination wan
 service-policy type inspect sdm-policy-sdm-cls--1
!
!
!
interface BRI0
 description <-- 
 no ip address
 ip flow ingress
 ip virtual-reassembly
 encapsulation ppp
 shutdown
 dialer pool-member 1
 isdn switch-type basic-net3
 isdn point-to-point-setup
 ppp multilink
!         
interface ATM0
 backup interface BRI0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 no atm ilmi-keepalive
!
interface ATM0.3 point-to-point
 description <-- 
 ip flow ingress
 shutdown
 pvc 1/32 
  pppoe-client dial-pool-number 2
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 description <-- 
 no ip address
 no ip proxy-arp
 ip flow ingress
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 !
 encryption vlan 1 mode ciphers aes-ccm 
 !
 ssid WLAN
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role non-root
 no cdp enable
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security lan
 ip tcp adjust-mss 1412
!
interface Dialer0
 ip ddns update hostname blahblah.dnsalias.com
 ip ddns update sdm_ddns1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 zone-member security wan
 encapsulation ppp
 shutdown
 dialer pool 1
 dialer idle-timeout 600
 dialer string 01919214124
 dialer load-threshold 20 outbound
 dialer watch-group 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname asfa
 ppp chap password 7 128763520
 ppp pap sent-username asfa password 7 0302141555
 ppp multilink
!
interface Dialer2
 ip ddns update sdm_ddns1
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 zone-member security wan
 encapsulation ppp
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname gast
 ppp chap password 7 095B239876473F06090A
 ppp pap sent-username gast password 7 1239847629873693D
!
router rip
 network 10.0.0.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source list 106 interface Dot11Radio0.1 overload
!
ip access-list extended AllowAny
 remark CCP_ACL Category=128
 permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended nix
 remark tut nix
 remark CCP_ACL Category=2
 permit tcp any any
 permit udp any any
 permit icmp any any
 permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 permit ip any any
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=2
access-list 103 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 remark Alles
access-list 105 remark CCP_ACL Category=2
access-list 105 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 permit icmp 10.10.10.0 0.0.0.255 any
access-list 105 permit udp 10.10.10.0 0.0.0.255 any
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any
access-list 106 remark NAT wlan
access-list 106 remark CCP_ACL Category=2
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 106 permit icmp 10.10.10.0 0.0.0.255 any
access-list 106 permit udp 10.10.10.0 0.0.0.255 any
access-list 106 permit tcp 10.10.10.0 0.0.0.255 any
dialer watch-list 1 ip 208.67.222.222 255.255.255.255
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you 
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

#sh ip int brief

ndrmedienturm#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  up                    down    
FastEthernet2              unassigned      YES unset  up                    down    
FastEthernet3              unassigned      YES unset  up                    down    
BRI0                       unassigned      YES NVRAM  standby mode/disabled down    
BRI0:1                     unassigned      YES unset  administratively down down    
BRI0:2                     unassigned      YES unset  administratively down down    
Dot11Radio0                unassigned      YES TFTP   up                    up      
Dot11Radio0.1              unassigned      YES DHCP   up                    up      
ATM0                       unassigned      YES NVRAM  administratively down down    
ATM0.3                     unassigned      YES unset  administratively down down    
SSLVPN-VIF0                unassigned      NO  unset  up                    up      
Vlan1                      10.10.10.1      YES NVRAM  up                    up      
NVI0                       unassigned      YES unset  administratively down down    
Dialer0                    unassigned      YES NVRAM  administratively down down    
Dialer2                    unassigned      YES NVRAM  up                    up      
Virtual-Dot11Radio0        unassigned      YES TFTP   up                    up      
Virtual-Dot11Radio0.1      192.168.1.54    YES DHCP   up                    up
Labels:
0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎05-02-2010 08:10 AM

Hi,

Just check it out few things from client are you able to ping the wan interface of the cisco 876w and when you ping the internt address from client pc what is the out put of the nat translation in router.

The command to check the same is show ip nat translation is packet is gettin translated or not.

Hope to Help !!

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents