Cisco 857W wireless clients dhcp issue after IOS upgrade
I am having difficulty getting wireless clients to obtain an IP address from a Windows 2003 DHCP server. The IOS bin was missing and I loaded the lasted IOS for this router. Everything works except for wireless clients. I have compared the old startup-config to the new startup-config and cannot figure this out. I'm sure it's something simple and was hoping someone's eyes could see it.
Clients on the wired side are fine. They get DHCP from the server and can get to the Internet. The Guest wireless is fine as well, which uses DHCP on the router and not the Windows server. The problem is only with DHCP on the private wireless.
Current configuration : 5530 bytes ! ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname MyRouter ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 $1$xxxxxxxxxxxxxxxxxxxxxxxxor. enable password 7 10xxxxxxxxxxxxxx02 ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! aaa session-id common clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ! crypto pki trustpoint TP-self-signed-2540506638 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2540506638 revocation-check none rsakeypair TP-self-signed-2540506638 ! ! crypto pki certificate chain TP-self-signed-2540506638 certificate self-signed 01 dot11 syslog ! dot11 ssid MySSID vlan 1 authentication open authentication key-management wpa wpa-psk ascii 7 144xxxxxxxxxxxxxxxx962 ! dot11 ssid MySSIDGuest vlan 20 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 1113xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx020517 ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.254.1 192.168.254.9 ! ip dhcp pool VLAN20 import all network 192.168.254.0 255.255.255.0 default-router 192.168.254.1 domain-name windows.local lease 4 ! ! ip cef ip inspect name MYFW tcp ip inspect name MYFW udp ip inspect name MYFW ntp ip inspect name MYFW ssh no ip domain lookup ip domain name windows.local ip dhcp-server 192.168.1.2 ! vpdn enable ! ! ! ! ! archive log config hidekeys ! ! ! bridge irb ! ! interface ATM0 no ip address no snmp trap link-status no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description $ES_WAN$ pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers tkip ! encryption vlan 20 mode ciphers tkip ! ssid MySSID ! ssid MySSIDGuest ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2412 station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 1 native ip nat inside ip virtual-reassembly no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.20 description Guest wireless LAN - routed WLAN encapsulation dot1Q 20 ip address 192.168.254.1 255.255.255.0 ip access-group Guest-ACL in ip nat inside ip virtual-reassembly no cdp enable ! interface Vlan1 description Internal Network no ip address ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 bridge-group 1 bridge-group 1 spanning-disabled ! interface Dialer0 no ip address ip nat outside ip virtual-reassembly no cdp enable ! interface Dialer1 ip address negotiated ip access-group Internet-inbound-ACL in ip inspect MYFW out ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username firstname.lastname@example.org password 7 101xxxxxxxxxxxxxx113 ppp ipcp dns request ppp ipcp address accept ! interface BVI1 description Bridge to Internal Network ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.1.2 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! no ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp 192.168.1.2 3389 interface Dialer1 3389 ip nat inside source static tcp 192.168.1.2 9675 interface Dialer1 9675 ! ip access-list extended Guest-ACL remark SDM_ACL Category=17 remark Auto generated by SDM for NTP (123) 22.214.171.124 permit udp host 126.96.36.199 eq ntp host 192.168.254.1 eq ntp deny ip any 192.168.1.0 0.0.0.255 permit ip any any ip access-list extended Internet-inbound-ACL remark SDM_ACL Category=17 remark Auto generated by SDM for NTP (123) 188.8.131.52 permit udp host 184.108.40.206 eq ntp any eq ntp permit udp any eq bootps any eq bootpc permit icmp any any echo permit icmp any any echo-reply permit icmp any any traceroute permit gre any any permit esp any any permit tcp any host 192.168.1.2 eq 3389 permit tcp any host 192.168.1.2 eq 9675 permit ip any any ! access-list 1 remark SDM_ACL Category=18 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.254.0 0.0.0.255 dialer-list 1 protocol ip list 1 dialer-list 2 protocol ip permit no cdp run ! control-plane ! bridge 1 route ip ! ! scheduler max-task-time 5000 end
Re: Cisco 857W wireless clients dhcp issue after IOS upgrade
I had removed the IP Helper Address as it was not working. The additional bridge-group commands were in place prior to the IOS update and from my research, appears to be common practice? I have no issue removing them and will do so.
I changed station-role root to station-role root access-point and have noticed a couple of wireless clients connected and obtained IP addresses. Could this be the smoking gun? From what I read, it is supposed to use that role by default.
Re: Cisco 857W wireless clients dhcp issue after IOS upgrade
I'm still having the same problem. I thought DHCP was working for my wireless clients, but turned out someone had a static IP address. I tried to remove the extra bridge-group commands by placing a no in front of them on the do0.1 interface, but gives me an error. When I say no bridge-group 1, they all go away. When I say bridge-group 1, they all come back.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...