Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1941w+4EHWIC 2 VLANs to ISP

Hi, all!

I'm new in Cisco. I have cisco 1941w router with 4 EHWIC ports. I need to configure two subnets - one for wireless clients and one for LAN users, that need access to internet. Currently I has next configs:

Router config:

---------------------------------------------------------------------------------------------------------------------------------

!

! Last configuration change at 00:06:58 Russia Wed Oct 16 2013 by admin

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname router1

!

boot-start-marker

boot system flash c1900-universalk9-mz.SPA.153-3.M.bin

boot-end-marker

!

!

enable secret 5 $1$5WFu$6PUvFLm1Os73fxsNFihMV/

enable password 7 00051F0A50420413

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication enable default enable

!        

!        

!        

!        

!        

aaa session-id common

no process cpu autoprofile hog

service-module wlan-ap 0 bootimage autonomous

!        

!        

!        

!        

ip dhcp excluded-address 192.168.11.1

ip dhcp excluded-address 192.168.10.1

ip dhcp excluded-address 192.168.10.2

!        

ip dhcp pool DHCP-POOL-11

network 192.168.11.0 255.255.255.0

default-router 192.168.11.1

dns-server 194.8.160.90 195.131.195.131

lease 30

!        

ip dhcp pool DHCP-POOL-10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 194.8.160.90 195.131.195.131

lease 30

!        

!        

!        

ip cef   

no ipv6 cef

!        

multilink bundle-name authenticated

!        

!        

!        

license udi pid CISCO1941W-E/K9 sn XXXXXXXXXX

license boot module c1900 technology-package securityk9

hw-module ism 0

!        

!        

!        

username XXXX privilege 15 secret 5 yyyyyyyyyyyyyyyyy

!        

redundancy

!        

!        

!        

!        

!        

ip ssh time-out 15

ip ssh logging events

ip ssh version 2

!        

!        

!        

!        

!        

bridge irb

!        

!        

!        

!        

interface Embedded-Service-Engine0/0

no ip address

shutdown

!        

interface GigabitEthernet0/0

descriptionInternet provider

mac-address 001f.d0ac.883c

ip address 94.xx.yy.118 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

no mop enabled

!        

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered BVI1

no cdp enable

arp timeout 0

no mop enabled

no mop sysid

!        

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

no cdp enable

!        

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

no cdp enable

!        

interface GigabitEthernet0/0/0

switchport access vlan 11

no ip address

!        

interface GigabitEthernet0/0/1

switchport access vlan 11

no ip address

!        

interface GigabitEthernet0/0/2

switchport access vlan 11

no ip address

!        

interface GigabitEthernet0/0/3

switchport access vlan 11

no ip address

!        

interface Vlan1

no ip address

bridge-group 1

!        

interface Vlan11

no ip address

bridge-group 11

!        

interface BVI1

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!        

interface BVI11

ip address 192.168.11.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!        

ip forward-protocol nd

!        

no ip http server

no ip http secure-server

!        

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 94.xx.yy.1

!        

!        

!        

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.11.0 0.0.0.255

!        

!        

!        

control-plane

!        

bridge 1 protocol ieee

bridge 1 route ip

bridge 11 protocol ieee

bridge 11 route ip

!        

!        

line con 0

exec-timeout 0 0

line aux 0

line 2   

no activation-character

no exec 

transport preferred none

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 67  

no activation-character

no exec 

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

password 7 xxxxxxxxxxxxxxxxx

transport input all

!        

scheduler allocate 20000 1000

!        

end      

---------------------------------------------------------------------------------------------------------------------------------

AP config:

---------------------------------------------------------------------------------------------------------------------------------

!

! Last configuration change at 07:36:27 Russia Mon Mar 1 1993

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

logging rate-limit console 9

enable secret 5 xxxxxxxxxxxxxxxxx

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid MYSSID

   vlan 1

   authentication open

   mbssid guest-mode

!        

!        

crypto pki token default removal timeout 0

!        

!        

username xxxxxxxxxx password 7 yyyyyyyy

!        

!        

!        

bridge irb

!        

!        

interface Dot11Radio0

no ip address

no ip route-cache

!       

ssid MYSSID

!       

antenna gain 0

mbssid  

station-role root

!        

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!        

interface Dot11Radio1

no ip address

no ip route-cache

!       

ssid MYSSID

!       

antenna gain 0

no dfs band block

mbssid  

channel dfs

station-role root

!        

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!        

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!        

interface BVI1

ip address 192.168.10.2 255.255.255.0

no ip route-cache

!        

ip default-gateway 192.168.10.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!        

!        

!        

line con 0

no activation-character

line vty 0 4

login local

transport input all

!        

end

---------------------------------------------------------------------------------------------------------------------------------

I can access internet from wireless clients but not from LAN. Also I can't ping router interfaces from LAN clients.

What I 'm doing wrong?

Regards,

Alexey.

Everyone's tags (3)
197
Views
0
Helpful
0
Replies