Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 1921 Router LAN config

Hi there - I have been asked to configure a new out of the box 1921 series Router for internet access.Basically our company has to provide Internet access to an office area with 8-10 IP Phones,Wireless & Internet set up. I have configured the Router to what I think would work best. . I have a Cisco E1200 ready to go for the Wifi side of things. This office area is not part of our network.

Bottom line is that they need their IP phones  and Wifi

to work

My question is...Is there anything else I would need to add to the config for the phones to work better(no drops). Any help would be appreciated.

ISP > Router WAN > Router LAN > Cisco 2900XL Switch

ISP: 12.16.xxx.xx 255.255.255.248

LAN: 192.168.1.0 255.255.255.0

Building configuration...

Current configuration : 1648 bytes

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NEX_Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 wv8gUHK2fGNWeZuTKMRv7NWW3pQQ/a3WIwDP/OW0WIY

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone CDT -6 0

clock summer-time CDT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool Nexxxxx

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 208.67.222.222

lease 7

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FTX17318328

!

!

username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Nexxxx LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description WAN side of Router

ip address 12.16.xxx.xx 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 240 0

password 7 0010160709480A1200

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 051F030E2C5F4F1D16

logging synchronous

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

2 ACCEPTED SOLUTIONS

Accepted Solutions

Cisco 1921 Router LAN config

Yep. They look to be up waiting for a connection. Once you get it connected, the default route will show up in your routing table.

You're welcome!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Cisco 1921 Router LAN config

Getting into voip is going to probably make you want to move to vlans. Vlan 30 doesn't need to be in the ssid area on the AP since you're not using it any longer.

Fair warning though. Since you have all of this working, it's all going to change when you move to vlans. There are no drawbacks to running it this way because this is the preferred method. I've seen people put addresses on the radio, ethernet, and bvi which isn't necessary. The AP bridges the two interfaces together so you can use one address. Cisco recommends not to put a separate address on each interface.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
28 REPLIES

Re: Cisco 1921 Router LAN config

The first thing that jumps out is that you have nat configured on the interfaces, but you don't have nat actually configured so internet access wouldn't work if this device is supposed to do natting. If not, then you need to remove "ip nat inside/outside" from the interfaces. If it is to do natting, you'll need to finish the config:

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 100 interface g0/1 overload

As far as phones, are they hosted or internal only? You don't have an LLQ configured for the phones, but going over the internet isn't going to be easy to control if it's needed. You would be better off with a tunnel, but they may not offer that. To create a class, you'd do something like the following:

class-map Voice

match dscp ef      <---- Assuming phones are marking with dscp 46 and mls qos is not configured on the LAN switch

policy-map Output

class Voice

priority 512

class class-default

bandwidth 512

fair-queue

int g0/1

service-policy output Output

There are many different options that you can do for voice, but in reality once it hits the internet (without an agreement from the provider), your EF tag will generally be stripped. This policy would help get it out of the router first during congestion, but there's still no guarantee that you won't be dropped later down the line.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John,

Thanks for the quick reply. The phones are been hosted by a 3rd party VOIP vender - basically they were informed that all they needed to do was plug in the phone (internet access)and they could register them via MAC address.

The WAN IP address is one of 4 IP addresses that we own - we allocated this office one of these IP's.

I will add your config and test it.Again thanks for your help.

New Member

Cisco 1921 Router LAN config

John, I forgot to ask...with the maximum number of phones been 10, would QoS - LLQ be required. We have a 10M Fiberline coming into the building - would we have issues with bandwidth with internet access for users  via ethernet or WiFi plus the 10 IP phones?

Thanks again

Cisco 1921 Router LAN config

QoS only kicks in when there's congestion on the interface. You would probably still want to configure it because if it's ever needed, it will be there. If it's not needed, it'll never go into effect so it doesn't hurt anything having it applied. You may never use it though.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Re: Cisco 1921 Router LAN config

You do need QOS because voice quality is as much about priority queue as it is bandwidth. If there is any buffering at all, you probably want voice to be "next". That's what keeps the audible clicks and pops minimized.

Sent from Cisco Technical Support iPad App

New Member

Cisco 1921 Router LAN config

Thank you guys,you have givin me alot to think about. I'd rather have something like this set than having to re-visit a quality issue later down the road.

John: can I just add your config into my config assuming that these are standard Polycom phones requiring only "Internet access"by the 3rd party hosting company? I dont believe MLS QOS was configured on the switch but I will check the Runing-conifg.

As far as phones, are they hosted or internal only? You don't have an  LLQ configured for the phones, but going over the internet isn't going  to be easy to control if it's needed. You would be better off with a  tunnel, but they may not offer that. To create a class, you'd do  something like the following:

class-map Voice

match dscp ef      <---- Assuming phones are marking with dscp 46 and mls qos is not configured on the LAN switch

policy-map Output

class Voice

priority 512

class class-default

bandwidth 512

fair-queue

int g0/1

service-policy output Output

Cisco 1921 Router LAN config

Sure you can. To explain the config further, I didn't realize you had 10Mb to begin with so I was minimal with it.

Class map Voice creates the class map to match on the marking that the phones are probably doing. The reason I brought up mls is because if it's enabled on a switch and not configured, the switch will set the marking back to default and you would never see this marking at the router unless you trusted the marking at the switch. Without mls configured or enabled on the switch, the switch won't tamper with the marking that the phone sends, so you should see the marking at the router.

class Voice under the policy map tells it to take 512k off the top immediately when it sees a packet marked with dscp 46 (ef) and reserve it. This creates an LLQ and is service immediately before anything else, but it's also policed at this rate as well so it can't starve the other queues.

class-default is a class that's there by default, but it's not seen unless configured. What you're telling this class is that you want to reserve a minimum amount of bandwidth (512k) and use fair queueing which enables flow based fair queueing.

All of these are configurable. Anything that doesn't match your Voice class will fall into the class-default queue. You can modify the bandwidth values by putting whatever you want in there. For a 10Mb circuit, you may choose to set aside 8Mb for the class-default class, or you may leave class default where it is and add other classes.

Many people, including myself, have a High, Med, Low class, or some ISPs use a Gold, Silver, Bronze class. My classes are configured for voice in High, Business apps in Med, and general web browsing and FTP in the Low class. Depending on what you do with the classes, you can shape/police traffic based on the type of traffic it is. I can police users to 512k of bandwidth only for Web but give them 5Mb for Business class applications. When there's nothing going on in the Medium class, the Low class can use all of the bandwidth it needs.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

Thank you John, I will add that to the config. I also noticed that when I added the statement:

ip route 0.0.0.0 0.0.0.0 12.161xx.xx and

ip route 0.0.0.0 0.0.0.0 ge0/1

The Gateway of last resort of is not set when I do a "show IP route". I added the second statement to the original config just in case. This a stub router- with no other way out, is it normal not to have it shown until I actually connect the router? I cant figure why it wont show up in the config!?

Cisco 1921 Router LAN config

Make sure that you have ip routing enabled "ip routing" and then try the default route again. It's not normal for you to set this and it not show up unless you have routing turned off.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John - I had IP routing enabled. RIP V2 is running but I still cant see gateway of last resort. Is there something configured by default on the router? I have posted my config again with the QoS...I've been trying to figure this out! Thank you!

Building configuration...

Current configuration : 1976 bytes

!

! Last configuration change at 08:14:13 CDT Mon Sep 9 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NEX_Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 wv8gUHK2fGNWeZuTKMRv7NWW3pQQ/a3WIwDP/OW0WIY

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone CDT -6 0

clock summer-time CDT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 10.25.131.1

!

ip dhcp pool Nex

import all

network 10.25.131.0 255.255.255.0

default-router 10.25.131.1

dns-server 208.67.222.222

lease 7

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FTX17318328

!

!

username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Nex LAN

ip address 10.25.131.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description WAN side of Router

ip address 12.16.xxx.xx 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

router rip

network 10.0.0.0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx

!

access-list 100 permit ip 10.25.131.0 0.0.0.255 any

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 240 0

password 7 0010160709480A1200

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 051F030E2C5F4F1D16

logging synchronous

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

Cisco 1921 Router LAN config

If the wan interface isn't up at the time of you installing the default route, it won't show up in the routing table. Is the circuit up and functional?

I would remove this:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

Let me show you what I mean:

R2(config-if)#do sh run | i ip route

ip route 0.0.0.0 0.0.0.0 12.15.15.1  <--- Here's the route

R2(config-if)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 12.15.15.1 to network 0.0.0.0   <-- installed in the routing table

     12.0.0.0/24 is subnetted, 1 subnets

C       12.15.15.0 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 12.15.15.1

R2(config-if)#shut <--- I shut fa0/0

R2(config-if)#

*Mar  1 00:03:46.231: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

*Mar  1 00:03:47.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

R2(config-if)#do sh run | i ip route

ip route 0.0.0.0 0.0.0.0 12.15.15.1 <---- route is still here, but now "not set" below

R2(config-if)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set < --- "not set" because the interface leading to the next hop is down.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John,

The unit is being configured on my desk - sorry I should have informed you of that. I havent gotten to install/plug in the unit just yet until the config is correct!

The interfaces should be up once I plug them in correct. Down Down is a phyiscal issue i.e cable unplugged. I have removed the statement 0.0.0.0 0.0.0.0 ge0/1 and left the the default as 0.0.0.0 0.0.0.0 12.198.xxx.xx

Thank you for all your help once again!

NEX_Router#show ip int brief

Interface                  IP-Address      OK? Method Status                Prot                                    ocol

Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down                                   

GigabitEthernet0/0         10.25.131.1     YES NVRAM  down                  down                                   

GigabitEthernet0/1         12.16.xxx.xx    YES NVRAM  down                  down                                   

NVI0                       unassigned      YES unset  administratively down down      

Cisco 1921 Router LAN config

Yep. They look to be up waiting for a connection. Once you get it connected, the default route will show up in your routing table.

You're welcome!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John - I connected everything and it worked great, thank you for your help once again!

I now find myself adding a Cisco 1242 AP to the switch that for wifi access.

I have the router to router to configuration set up - I can  get to the internet. The router is configured with the DHCP pool, I am  getting an IP address from this range.I  have created a VLAN 100 on the switch which I have dedicated a few ports  too. I only have one VLAN so I didn't enable trunking just access on  the VLAN. I have the SSID and VLAN set up on the AP through the web  interface.

Switch 2900XL 24 ports
VLAN 100:::Ports FA0/4-0/24

Router:::FA0/24

AP:::FA0/23

The  problem is I can't get out to the internet using wireless. I can ping  the AP's IP address from the network, I can also ping the Default  gateway. I can't get an IP address though from the DHCP pool of the  Router.

I guessing I need to do more configuring from the console on the AP itself or maybe the router -

Some forums suggest using sub-interfaces on the router...Assigning the Sub interface to the VLAN.

If I have the VLAN setup do I need to establish a new dhcp pool on the Router for the AP to give out ips?

Would you have any quick thoughts!?

Thank you

Purple

Cisco 1921 Router LAN config

Hi,

if wired clients and wireless clients are on different VLANs( different subnets) then you'll have to issue another DHCP pool for the corresponding subnet on the router.if you are using L2 ports( switchports) on the router and you have multiple VLANs from the switch to the router then you should configure your port as a trunk, you'll also need to have a vlan interface which is up/up in this wireless subnet.For Internet connectivity you should enable NAT on the wireless vlan interface and modify your dynamic PAT ACL to permit this subnet too.

Post your router config as well as a quick diagram showing your topology so we can tell you the commands if you got any problem.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Cisco 1921 Router LAN config

Thank you - The wired and wirelss client should all be on the one VLAN. There are two 2 VLANS on the switch which should not be communicating to each other. One goes to our company and the other VLAN is for this new branch. We created the second VLAN on the switch just for this reason. The branch will not have any access to our network - just internet access through its own separte router as well. Could I exclude a range of IPS on the Router just for Wireless? I will post a config ASAP.

Thank you again!

Purple

Cisco 1921 Router LAN config

Hi,

if wired and wireless are on same VLAN(subnet) then you only have one pool to configure indeed.

It is not possible to have 2 pools with same subnet on a router as far as I know and one way to set aside IPs for the wireless would be to use static bindings for ethernet clients(or wireless) by using the origin file:http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpsv.html#wp1074511

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Cisco 1921 Router LAN config

Hi,

I have included the router config. You will have to excuse my cisco knowledge - only getting started! As you can see I have a dhcp pool defined in the config- my previous posts had me getting a IP address from this range when hard wired. I am thinking I have to define the VLAN within the router for AP to give out IPs.

NEX_Router#show ip int brief

Interface                  IP-Address      OK? Method Status                Prot                                    ocol

Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down                                   

GigabitEthernet0/0         10.25.131.1     YES NVRAM  down                  down                                   

GigabitEthernet0/1         12.16.xxx.xx    YES NVRAM  down                  down                                   

NVI0                       unassigned      YES unset  administratively down down                                   

NEX_Router#

NEX_Router#show run

Building configuration...

Current configuration : 1911 bytes

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NEX_Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 Jtja31O3DL3dFoer5Ui/.9yk3wKk08Sz.d/IwZb/FLA

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone CDT -6 0

clock summer-time CDT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 10.25.131.1

ip dhcp excluded-address 10.25.131.10 <<<<-------------------------------------IP of AP

!

ip dhcp pool Nex

import all

network 10.25.131.0 255.255.255.0

default-router 10.25.131.1

dns-server 208.67.222.222

lease 7

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FTX17318328

!

!

username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Nex LAN

ip address 10.25.131.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description WAN side of Router

ip address 12.16.xxx.xx 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

router rip

network 10.0.0.0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx

!

access-list 100 permit ip 10.25.131.0 0.0.0.255 any

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 240 0

password 7 0010160709480A1200

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 051F030E2C5F4F1D16

logging synchronous

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

AS you can see I have excluded the IP address of the AP in the config. Do I have to define the VLAN within the router config as a sub-interface?

On my AP gui the VLAN 30 (in this case) is already assigned to the AP. On my switch, VLAN 30 takes up 20 ports for its use.

Any help would be great!Thanks

New Member

Cisco 1921 Router LAN config

After doing some research I added a sub interface giga0/0.30 and assigned the VLAN 30 to this. After including this in the config I could not get an IP address been hard wired nor could I get Internet access. I had removed the IP address of the giga0/0 10.25.131.1 and assigned it to the VLAN - the ip on router sub-interface for a particular vlan will work as a default gateway for that vlan. Is there something else I am supposed to add/remove from the config?

Thanks again!

NEX_Router#show run

Building configuration...

Current configuration : 2044 bytes

!

! Last configuration change at 09:53:56 CDT Tue Sep 10 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NEX_Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 Jtja31O3DL3dFoer5Ui/.9yk3wKk08Sz.d/IwZb/FLA

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone CDT -6 0

clock summer-time CDT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 10.25.131.1

ip dhcp excluded-address 10.25.131.10

!

ip dhcp pool Nex

import all

network 10.25.131.0 255.255.255.0

default-router 10.25.131.1

dns-server 208.67.222.222

lease 7ip address

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FTX17318328

!

!

username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Nex LAN

no ip address

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/0.30

encapsulation dot1Q 30

ip address 10.25.131.1 255.255.255.0

!

interface GigabitEthernet0/1

description WAN side of Router

ip address 12.16.xxx.xx 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

router rip

network 10.0.0.0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx

!

access-list 100 permit ip 10.25.131.0 0.0.0.255 any

!

!

!

!

etc

Cisco 1921 Router LAN config

You've removed the primary address from the parent interface. The primary is always default to vlan 1. Since you've moved the same address to the subinterface and that interface is tagging with vlan 30, the switch expects that port to be trunked with vlan 1 and 30. The easiest thing to do is to remove the subinterface and put everything back the way that it was. If the AP clients need to get an address from the same pool, they should be able to as long as the bvi that you have configured on the AP is in the same range.

For example:

dot11 ssid Test

int d0

ssid Test

bridge-group 1

int fa0

bridge-group 1

int bvi1

ip addres 10.25.131.

ip default-gateway

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John, I have put the configuration back the way it was. I have the AP confgured through the GUI.

After I get do a show run I can see that the BVI interface has a IP address thats the same as the AP address. So what your saying is that I need to exclude a new IP address on the router and assign it to the BVI interface?

Nex-AP#show run

Building configuration...

Current configuration : 1922 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Nex-AP

!

enable secret 5 $1$8Pxj$fC9vLXLBEcMLD6gr8wBXu/

!

no aaa new-model

!

resource policy

!

ip subnet-zero

!

!

dot11 vlan-name Nex vlan 30

!

dot11 ssid Nex

   authentication open

!

power inline negotiation prestandard source

!

!

username Cisco password 7 072C285F4D06

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

shutdown

!

ssid Nex

!

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

no snmp trap link-status

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

bridge-group 30 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

ssid Nex

!

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.30

encapsulation dot1Q 30

no ip route-cache

no snmp trap link-status

bridge-group 30

no bridge-group 30 source-learning

bridge-group 30 spanning-disabled

!

interface BVI1

ip address 10.25.131.10 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

Re: Cisco 1921 Router LAN config

Ok. You need to remove the vlan 30 information. I can't help with the gui unfortunately , but I can walk you through the cli.

For the same vlan, same pool as wired/wireless users, etc, you'll need three interfaces on the AP: Do0, Fa0, and BVI. The BVI bridges the wired (Fa0) and wireless (Do0) interfaces together. Currently, you're telling the AP that you want to support tagging, but that's not the case unless you're going to want to run multiple ssids.

For starters, do this from the cli: (copy and paste below)

dot11 vlan-name Nex vlan 30

no int fa0.30

no int d0.30

int d0

no shut

Then try to connect to your ssid and you should get an address in the same pool as your wired clients. Yes, you'll want to exclude the address that you want to assign to the bvi.

Also, if you want to do separate pools at a later date for, say, a guest network, vlans are the way to go on the AP. So, you have a good starting point for that.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John - Thank you for that. I followed your commands. I was able to get a IP address and was able to access the internet successfully! I ended up assigning the BVI a different IP address, as soon as I did copy run star it kicked me off the GUI side and the Telnet side!

The only issue now with the Wifi is that it is unsecured.

Would the following commands set up the security on the SSID? We don't have server based secuirty setup.

Enable

Conf t

Dot11 ssid Nex

Vlan 2

  authentication open

  authentication key-management wpa

  wpa-psk ascii 7

Mbssid Guest-mode

End

Re: Cisco 1921 Router LAN config

Hmmm...I'm not sure where the vlan2 comes in. Normally that's to attach the ssid to a certain vlan. You should be able to remove that. The rest of it looks good for a preshared key for wpa. If you want to use wpa2, you should be able to change '"authentication key-management wpa" to "authentication key-management wpa version 2". Depending on the ciphers that you use on the radio will determine what your encryption methods are:

int d0

encryption mode ciphers aes-ccm (for wpa2)

OR

encryption mode ciphters tkip (for wpa)

aes-ccm enables wpa2. I would recommend wpa2.

Mbssid guest-mode is for when you want to broadcast more than one ssid. Since you only have one on the AP, you can change this to just guest-mode if you want to broadcast the ssid.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John- that VLAN 2 was a typo...sorry it should have been VLAN 30

With the setup I have confiured now using the BVI will all packets coming and going have to go through the BVI interface which is on the AP? The BVI allows this traffic to be bridged between both the fastethernet and radio with 1 the one ip address right?

Are there any drawbacks to using this approach especially when we use IP phones? I may post a final config to verify that everthing is working as it should be!

Thanks again!

Cisco 1921 Router LAN config

Getting into voip is going to probably make you want to move to vlans. Vlan 30 doesn't need to be in the ssid area on the AP since you're not using it any longer.

Fair warning though. Since you have all of this working, it's all going to change when you move to vlans. There are no drawbacks to running it this way because this is the preferred method. I've seen people put addresses on the radio, ethernet, and bvi which isn't necessary. The AP bridges the two interfaces together so you can use one address. Cisco recommends not to put a separate address on each interface.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Cisco 1921 Router LAN config

John,

Thanks for all your help once again - so far so good!

Cisco 1921 Router LAN config

You're welcome!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
2225
Views
50
Helpful
28
Replies