Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
1
Replies

871 spoke with ezvpn and wireless

dbakula01
Level 1
Level 1

‎06-06-2006 10:02 AM - edited ‎07-04-2021 12:14 PM

i have an 871 router that i am setting up at a spoke site to an 871.

before i would configure an ip address on vlan1 everything works fine. now i added a bvi interface and for wireless, than put an ip address and added the things in the config below and now it will not work. TAC keeps sending me to VPN support but i do not think that is the issue, i think this is wireless config.

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.99.1

ip dhcp excluded-address 192.168.99.2 192.168.99.99

ip dhcp excluded-address 192.168.99.150 192.168.99.254

!

ip dhcp pool dcp

network 192.168.99.0 255.255.255.0

domain-name dcpartners.com

dns-server 192.168.1.8 192.168.2.8

default-router 192.168.99.1

!

ip dhcp pool remote_site_userp-md5-hmac

!

!

!

!

!

username admin password 0 xxxxxxxxxxxxx

!

!

!

!

crypto ipsec client ezvpn center_0099

connect auto

group remote_sites key xxxxxxxxxxxx

mode network-extension

peer xxxxxxxxxxxxxxx

username remote password xxxxxxxxxxxxx

xauth userid mode local

!

bridge irb

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address xxxxxxxxxxxxxxx 255.255.255.240

duplex auto

speed auto

!

interface Dot11Radio0

no ip address

!

encryption vlan 1 mode ciphers tkip

!

ssid dcpstatic

vlan 1

authentication open

authentication key-management wpa

!

ssid dcptest

authentication open

wpa-psk ascii 0 dcpdcpdcp

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

no ip address

crypto ipsec client ezvpn center_0099 inside

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.99.1 255.255.255.0

ip nat inside

ip virtual-reassembly

any help will be appreciated

Labels:
0 Helpful
1 Reply 1

dbakula01
Level 1
Level 1

‎06-07-2006 04:45 AM

figured it out, my ezvpn had to go on the bridge interface, i thought i tried it before but i guess not

bridge irb

crypto ipsec client ezvpn center_0099

connect auto

group remote_sites key xxxxxxxxxx

mode network-extension

peer xxxxxxxxxxxx

username remote password xxxxxxxxxxxxxx

xauth userid mode local

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address xxxxxxxxxxxxx 255.255.255.240

duplex auto

speed auto

crypto ipsec client ezvpn center_0099

!

interface Dot11Radio0

no ip address

!

encryption vlan 1 mode ciphers tkip

!

ssid xxxxxxxx

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 0 xxxxxxxxx

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2437

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no snmp trap link-status

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.99.1 255.255.255.0

ip virtual-reassembly

crypto ipsec client ezvpn center_0099 inside

!

bridge 1 route ip

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card