Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 1941w ISR bridge

Hi everyone, here is the scenario. We have been deploying Cisco 1941w ISRs at our office locations. We love this guy due to the built-in AP which doesn't require us to purchase a separate Access Point for each location. However this is also causing us to use 2 subnets per office, one for wired LAN and other for wireless LAN. Below is my interface configuration;

GigabitEthernet0/0 ....... xxx.xxx.xxx.xxx External

GigabitEthernet0/1 ....... 172.18.24.1 /24    Internal     FIRST SUBNET

wlan-ap0 ............ ip unnumbered VLAN1

VLAN1 - 172.18.124.1 /24                 SECOND SUBNET

VLAN900 - 10.18.24.1 /24

VLAN900 is only for use by guests and not advertised out of this office. We have 2 SSIDs, one for corporate and another for guests

AP configuration:

Interface BVI1 ............. 172.18.124.250

Default-gateway............ 172.18.124.1

SSID_Corp - Vlan1

SSID_Guest - Vlan900

We have an AD based DHCP server which serves IPs to all wired devices in the 172.18.24.0 network.

We have a DHCP pool on the AP itself that serves IPs to all wireless devices in the 172.18.124.0 network.

You may ask, why do we have 2 separate subnets. Well, thats the reason I came knocking on your doors. Is there a way to configure the built-in AP as a bridge and not an Access Point. I want that any wireless device that authenticates with the bridge, obtains an IP address from the AD i.e. 172.18.24.0 network on VLAN1.

But at the same time, I also want it to continue acting as an Access Point for SSID_Guest so that our guests can access the internet through it over vlan 900?

I know I'm asking for too much but I am a bit new to this and not sure how or if this can be done.

Please advise.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Cisco 1941w ISR bridge

ok, so what you can do is this:

bridge irb

bridge 1 protocol ieee

bridge 1 route ip

!

int g0/1

no ip address

bridge-group 1

!

int vlan 1

bridge-group 1

!

interface BVI 1

ip address 172.18.150.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

That will allow you to have the LAN and the AP be on the same subnet.  You already have teh WLAN-Gig0/0 in the correct state.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
9 REPLIES
New Member

Cisco 1941w ISR bridge

Anybody?

Cisco 1941w ISR bridge

Yes, what you are looking to do is possible.  Basically you would need to configure a second SSID and call the VLAN in both, then on the interface Wlan-GigabitEthernet0/0 change it to a trunk port.

As a short example.  This is assuming you are using a WPA/TKIP with a PSK for the 'corp'

SSID Configs:

dot11 ssid SSID_Corp

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 0 12345678

dot11 ssid SSID_Guest

vlan 900

authentitcation open

guest-mode

Sub-Interface Configs

interface dot11radio0.1

encapsulation dot1q 1 native

interface dot11radio1.1

encapsulation dot1q 1 native

interface dot11radio0.900

encapsulation dot1q 900

bridge-group 2

interface dot11radio1.900

encapsulation dot1q 900

interface G0.1

encapsulation dot1q 1 native

interface G0.900

encapuslation dot1q 900

Radio Configs

Interface dot11radio0

encryption vlan 1 mode ciphers tkip

ssid SSID_Corp

ssid SSID_Guest

Interface dot11radio1

encryption vlan 1 mode ciphers tkip

ssid SSID_Corp

ssid SSID_Guest

then on the router

interface Wlan-GigabitEthernet0/0

switchport mode trunk

Hope this helps,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cisco 1941w ISR bridge

Hi Steve, thanks for the advice. The problem is that vlan1 and gigabit0/1 can't have the same IP address. And when I configure the same IP on VLAN1 using the ip unnumbered gigabitethernet0/1 command, I am no longer able to ping the .1 IP address from the AP because of which it can't see it's VLAN gateway. Looks like only solution is to have a separate subnet

Re: Cisco 1941w ISR bridge

No it can be done. Can you post the config if the router and the AP?

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cisco 1941w ISR bridge

Here you go. Please note that I haven't configured anything on the AP other than an IP address on the BVI1 interface and default-gateway.

ROUTER CONFIG

hostname r-lab-1

!

boot-start-marker

boot system flash:c1900-universalk9-mz.SPA.152-2.T.bin

boot-end-marker

!

!

enable secret 5 ommitted

!

no aaa new-model

!        

clock timezone EST -5 0

service-module wlan-ap 0 bootimage autonomous

!

no ipv6 cef

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

!

!

ip dhcp excluded-address 172.18.150.1

ip dhcp excluded-address 172.18.150.250

!

ip dhcp pool LAN

network 172.18.150.0 255.255.255.0

default-router 172.18.150.1

dns-server 172.18.120.10 172.18.120.12

lease 7

!

!

redundancy

!

controller Cellular 0/0

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address ommitted

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip address 192.168.1.1 255.255.255.0

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

description LAN

ip address 172.18.150.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

!

!

interface Vlan1

ip unnumbered GigabitEthernet0/1

AP CONFIG

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

logging rate-limit console 9

enable secret 5 $1$Tgpy$8JqkCx0YOxfOc1zsTnLdw/

!

no aaa new-model

!

!

dot11 syslog

!

!

username Cisco password 7 01300F175804

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

shutdown

antenna gain 0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

antenna gain 0

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 172.18.150.250 255.255.255.0

no ip route-cache

!

ip default-gateway 172.18.150.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

no activation-character

line vty 0 4

login local

!

Cisco 1941w ISR bridge

ok, so what you can do is this:

bridge irb

bridge 1 protocol ieee

bridge 1 route ip

!

int g0/1

no ip address

bridge-group 1

!

int vlan 1

bridge-group 1

!

interface BVI 1

ip address 172.18.150.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

That will allow you to have the LAN and the AP be on the same subnet.  You already have teh WLAN-Gig0/0 in the correct state.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cisco 1941w ISR bridge

Hi Stephen, I want to thank you for helping me out with this problem. It is now working flawlessly. I had to do some minor modifications but everything is working now. I have two separate DHCP pools on the router, one for corp and the other for guest and are both serving IPs on the corresponding SSID. Also when I connect with a wired connection, I am getting IP from the same DHCP pool as SSID Corp. This saves us an entire subnet space for an office where we only have 50 users.

Thanks once again! You have no idea how long we have been working on this. Even spoke with CCIE who said that this can't be done.

You Rock Sir!

Cheers!

New Member

Two years later and I find

Two years later and I find myself looking for the exact same solution.

 

Can someone tell me if the solution above was applied to the Router or AP?

New Member

Yes this has been working

Yes this has been working without any issues for 2 years. I have deployed this at various locations.

1019
Views
0
Helpful
9
Replies
CreatePlease to create content