Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuring Cisco Aironet 1100 Access Point. Please help!

Hi all,

I have dozens of Cisco Aironet 1100 access points, each is managing its own wi-fi with DHCP.

I had to disable dhcp on them because they are on a wired subnet where I am using the static IPs and don't want my wired clients to get DHCP addresses, nor someone to be able to plug the wire into own laptop and get on the network.

It's been working fine with one exception - I need to be able to ping my access points from the central site, and I can't.

What IOS command would enable ICMP echo on my access points in this case?

Please help!

1 ACCEPTED SOLUTION

Accepted Solutions

Configuring Cisco Aironet 1100 Access Point. Please help!

you have to go into the Access-list, first.

conf t

ip access-list extended DENY_DHCP deny udp any any eq bootps

permit tcp any any

permit udp any any

permit icmp any any

exit

HTH,

Steve

-


Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
8 REPLIES

Configuring Cisco Aironet 1100 Access Point. Please help!

ICMP should be allowed by default, unless you have applied an ACL to the AP.  Can you post the config of one of the AP?

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Configuring Cisco Aironet 1100 Access Point. Please help!

Here you go Stephen.
Thank you for your reply.


! ! Last configuration change at 13:54:34 EST Thu Dec 22 2011 by admin ! NVRAM config last updated at 13:54:41 EST Thu Dec 22 2011 by admin ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname ===here was my APs host name=== ! no logging console enable secret ===here was my secret=== ! clock timezone EST -5 clock summer-time EDT recurring ip subnet-zero ip dhcp excluded-address 10.10.1.224 10.10.1.254 ip dhcp excluded-address 10.10.1.1 10.10.1.203 ! ip dhcp pool ===here was my dhcp pool name===    network 10.10.1.0 255.255.255.0    default-router 10.10.1.254    domain-name ===here was my domain name===    dns-server 10.1.1.10 10.1.1.138 ===here were my external DNS servers===    netbios-name-server 10.1.1.138    lease 8 ! ! aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa session-id common ! dot11 ssid ===here was my ssid===    authentication open    authentication key-management wpa optional    wpa-psk ascii ===here was my wpa-psk=== ! dot11 arp-cache optional ! ! username ===here were my username and password=== ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip wep128 ! ssid PPMMA_DE ! speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 channel 2412 station-role root l2-filter bridge-group-acl bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 input-address-list 700 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address ip access-group DENY_DHCP in no ip route-cache speed 100 full-duplex bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled hold-queue 80 in ! interface BVI1 ip address 10.10.1.251 255.255.255.0 no ip route-cache ! ip default-gateway 10.10.1.254 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! ip access-list extended DENY_DHCP deny   udp any any eq bootps permit tcp any any permit udp any any

===========

here was the list of my mac addresses for filtering

===========

radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 5 15
!
sntp server 10.1.1.138
sntp broadcast client
end

Re: Configuring Cisco Aironet 1100 Access Point. Please help!

In the deny dhcp you allow UDP and TCP. Add a line to allow icmp as well and see if you can then ping the ap

HTH,

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Configuring Cisco Aironet 1100 Access Point. Please help!

That was my line of thoughts too Stephen.

But when I've tried to add

permit icmp any any

from a config mode while telnet to the access point I've got

% Invalid input detected at '^' marker

Then I've tried to add

permit udp any any

and got the same error.

This led me to believe that these commands in the config file may not be working all along.

The guy who did the config originally isn't available to rebuild it.

So, what would be the correct command/syntacsis in this case?

New Member

Configuring Cisco Aironet 1100 Access Point. Please help!

And then I've decided to check the command help window and here is what I've seen...

So, it seems there is no permit command at all.

Now what?

New Member

Configuring Cisco Aironet 1100 Access Point. Please help!

There are other commands in the config mode but still no permit command.

I found that there are the commands

service tcp-small-servers

and service udp-small-servers

these supposed to take care of the echo requests but the access poins still not responding to pings.

I am going to restart it tonight and see if this would make a difference.

Configuring Cisco Aironet 1100 Access Point. Please help!

you have to go into the Access-list, first.

conf t

ip access-list extended DENY_DHCP deny udp any any eq bootps

permit tcp any any

permit udp any any

permit icmp any any

exit

HTH,

Steve

-


Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Configuring Cisco Aironet 1100 Access Point. Please help!

Thank you for pointing me into the right direction.

I had figured it out, though the command

permit icmp any any 

didn't work.

Thanks again!

1711
Views
0
Helpful
8
Replies