the AP i have is an AIR-AP1141N-A-K9, which according to cisco is not a controller based, but a standalone AP. my understanding is that standalone APs do NOT need to work with a controller. however, i cannot seem to get DHCP and NAT to work on this.
I configured the dhcp pool, but it does not appear to work. client cannot get an IP address. if i do a show dot11 association on the AP, i see client's MAC address, but IP address is 0.0.0.0.
i can NOT configure the ip nat inside and ip nat outside and the ip nat inside source at all. when i input those commands, it keeps telling me "unrecongized command".
below is the config. how can i make it so that the AP can act as a DHCP server and do NAT for associated wireless clients?
! version 12.4 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Cisco1141-Autonomous ! no logging console ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! aaa session-id common clock timezone PST -8 clock summer-time PDT recurring no ip dhcp use vrf connected ip dhcp excluded-address 192.168.141.1 192.168.141.99 ip dhcp excluded-address 192.168.50.1 192.168.50.199 ! ip dhcp pool client network 192.168.141.0 255.255.255.0 dns-server x.x.x.x default-router 192.168.141.1 ! ip dhcp pool Guest network 192.168.50.0 255.255.255.0 dns-server x.x.x.x
! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 2 mode ciphers aes-ccm tkip ! encryption vlan 1 mode ciphers aes-ccm tkip ! ssid xxxxx ! ssid yyyyy
! antenna gain 0 mbssid station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.2 encapsulation dot1Q 2 no ip route-cache no cdp enable bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled ! interface GigabitEthernet0 ip address x.x.x.x 255.255.255.128 no ip route-cache duplex auto speed auto no keepalive no cdp enable ! interface BVI1 ip address 192.168.141.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp no ip route-cache ! interface BVI2 ip address 192.168.50.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp no ip route-cache ! ip default-gateway x.x.x.x no ip http server ip http authentication aaa ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag no cdp run bridge 1 protocol ieee bridge 1 route ip ! line con 0 exec-timeout 15 0 line vty 0 4 access-class 111 in exec-timeout 15 0 line vty 5 15 access-class 111 in exec-timeout 15 0 ! sntp broadcast client end
To my knowledge NAT is not supported with-in the controller either; you'd still need a router or firewall to do the NAT.
In terms of advantage of aIOS (Standalone) -vs- LWAPP (Controller based) there are pros and cons for both and each person will argue it to a different bias. For a small deployment a controller based system can be extremely cost prohibitive since the controllers are expensive.
This is a stand-alone cisco access point running IOS software, all configuration is performed and stored on the access point and it operates independent of other access points or devices. Each IOS ap is it's own entitiy/device. To install a new aIOS ap you must apply a configuration to it manually and it's unaware of the other access points around it.
LWAPP (Controller based access points, ex: AIR-LAP1242AG-x-K9, AIR-LAP1131AG-x-K9)
This is a controller based cisco access point, all configuration is performed and stored on the Wireless Lan Controller any access point that connects to this controller will inherit the same configuration as the others. In an LWAPP system the AP's are more aware of the AP's near them, there are alot of advanced fatures that exist on the controller based that the aIOS doesn't support. Also when you power off an LWAPP AP it loses all of it's config and retains almost no data about your network, unlike the aIOS AP.. An LWAPP AP gets a new configuration each time it connects to it's controller.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...