06-06-2006 10:02 AM - edited 07-04-2021 12:14 PM
i have an 871 router that i am setting up at a spoke site to an 871.
before i would configure an ip address on vlan1 everything works fine. now i added a bvi interface and for wireless, than put an ip address and added the things in the config below and now it will not work. TAC keeps sending me to VPN support but i do not think that is the issue, i think this is wireless config.
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.99.1
ip dhcp excluded-address 192.168.99.2 192.168.99.99
ip dhcp excluded-address 192.168.99.150 192.168.99.254
!
ip dhcp pool dcp
network 192.168.99.0 255.255.255.0
domain-name dcpartners.com
dns-server 192.168.1.8 192.168.2.8
default-router 192.168.99.1
!
ip dhcp pool remote_site_userp-md5-hmac
!
!
!
!
!
username admin password 0 xxxxxxxxxxxxx
!
!
!
!
crypto ipsec client ezvpn center_0099
connect auto
group remote_sites key xxxxxxxxxxxx
mode network-extension
peer xxxxxxxxxxxxxxx
username remote password xxxxxxxxxxxxx
xauth userid mode local
!
bridge irb
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address xxxxxxxxxxxxxxx 255.255.255.240
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid dcpstatic
vlan 1
authentication open
authentication key-management wpa
!
ssid dcptest
authentication open
wpa-psk ascii 0 dcpdcpdcp
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
crypto ipsec client ezvpn center_0099 inside
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly
any help will be appreciated
06-07-2006 04:45 AM
figured it out, my ezvpn had to go on the bridge interface, i thought i tried it before but i guess not
bridge irb
crypto ipsec client ezvpn center_0099
connect auto
group remote_sites key xxxxxxxxxx
mode network-extension
peer xxxxxxxxxxxx
username remote password xxxxxxxxxxxxxx
xauth userid mode local
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address xxxxxxxxxxxxx 255.255.255.240
duplex auto
speed auto
crypto ipsec client ezvpn center_0099
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid xxxxxxxx
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 xxxxxxxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.99.1 255.255.255.0
ip virtual-reassembly
crypto ipsec client ezvpn center_0099 inside
!
bridge 1 route ip
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: