Solved: Wired and wireless access within a multiple SSID 887W router

bprietoclv · ‎10-07-2014

I have configured my 877W router with two SSIDs, one for work and the other one for guest access and both of them works fine, but when I try to connect a wired computer, which I'd like to use guest ip range, none of the fastethernet ports seems to work (neither with fixed IP address nor dynamic). This is my current interface configuration:

version 12.4
no service pad
service timestamps debug datetime msec localtime year
service timestamps log datetime msec localtime year
service password-encryption
service compress-config
...
!
dot11 syslog
dot11 vlan-name vlan101 vlan 101
dot11 vlan-name vlan102 vlan 102
!
dot11 ssid WOLOLO
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii ***
!
dot11 ssid WOLOLO.Guest
vlan 102
max-associations 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii ***
!
dot11 ssid WOLOLO.Home
vlan 101
max-associations 2
authentication open
authentication key-management wpa
wpa-psk ascii ***
!
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.15
ip dhcp excluded-address 10.25.1.9
!
ip dhcp pool dhcp_vlan102
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 80.58.61.250 8.8.4.4
lease 30
!
ip dhcp pool dhcp_vlan101
network 10.25.1.8 255.255.255.248
default-router 10.25.1.9
dns-server 172.21.232.42 172.21.232.43
lease 30
!
bridge irb
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/32
encapsulation aal5snap
protocol ip inarp
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 101 mode ciphers tkip
!
encryption vlan 102 mode ciphers tkip
!
ssid WOLOLO.Guest
!
ssid WOLOLO.Home
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.101
encapsulation dot1Q 101
no ip route-cache
no cdp enable
bridge-group 101
bridge-group 101 subscriber-loop-control
bridge-group 101 spanning-disabled
bridge-group 101 block-unknown-source
no bridge-group 101 source-learning
no bridge-group 101 unicast-flooding
!
interface Dot11Radio0.102
encapsulation dot1Q 102 native
no ip route-cache
no cdp enable
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 spanning-disabled
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan101
no ip address
bridge-group 101
bridge-group 101 spanning-disabled
!
interface Vlan102
no ip address
bridge-group 102
bridge-group 102 spanning-disabled
!
interface Dialer0
ip ddns update hostname razpiroz.no-ip.info
ip ddns update no-ip
ip address negotiated
no ip proxy-arp
ip accounting output-packets
ip mtu 1420
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname adslppp@telefonicanetpa
ppp chap password ***
ppp pap sent-username adslppp@telefonicanetpa password ***
ppp timeout retry 30
crypto map topix
!
interface BVI101
ip address 10.25.1.9 255.255.255.248
ip directed-broadcast
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1380
!
interface BVI102
ip address 192.168.0.1 255.255.255.0
ip directed-broadcast
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1380
!
ip forward-protocol nd
no ip forward-protocol udp
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 101 protocol ieee
bridge 101 route ip
bridge 102 protocol ieee
bridge 102 route ip

michael o'nan · ‎10-08-2014

What does show vlan-sw br tell you? Are you able to add the vlan by typing vlan 102?

View solution in original post

michael o'nan · ‎10-08-2014

Ah now I see. You probably need to upgrade license on IOS. Will need advipservices to run multiple VLANs on 800 series. You can check current by using sh ver

View solution in original post

Babak KHorshid · ‎10-07-2014

Hi

interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3

Are they trunk by default or on Vlan 1? I think you better assign vlan 102 to these ports and then try it again to see if you are able to get IP address from the dhcp.

bprietoclv · ‎10-08-2014

If I try to assign vlan 102, which is the one that I want, I get the following error:

router(config)#int fa0
router(config-if)#switchport mode access
router(config-if)#switchport access vlan 102
Vlan can not be added. Maximum number of 2 vlan(s) in the database.

Maybe this can help:

router#sh vlan-switch

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0, Fa1, Fa2, Fa3
101 VLAN0101 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
101 enet 100101 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0

router#sh vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: Dot11Radio0

Protocols Configured: Address: Received: Transmitted:
Other 0 12

0 packets, 0 bytes input
12 packets, 1520 bytes output

Virtual LAN ID: 101 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: Dot11Radio0.101

Protocols Configured: Address: Received: Transmitted:
Bridging Bridge Group 101 0 0

0 packets, 0 bytes input
0 packets, 0 bytes output

Virtual LAN ID: 102 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: Dot11Radio0.102

This is configured as native Vlan for the following interface(s) :
Dot11Radio0

Protocols Configured: Address: Received: Transmitted:
Bridging Bridge Group 102 481 19403

2254998 packets, 2198669877 bytes input
19405 packets, 4977807 bytes output

michael o'nan · ‎10-08-2014

What does show vlan-sw br tell you? Are you able to add the vlan by typing vlan 102?

bprietoclv · ‎10-08-2014

What can see is that there is nothing related to vlan 102 on the output of show vlan-switch. In fact I have tried to configure vlan 101 (which is not the one that I want to configure) on the FastEthernet0 and it works and I can get dynamic IP from that network.

But what I really want to add is vlan 102 instead, which I can't :(

michael o'nan · ‎10-08-2014

Sorry I missed the output for show vlan-sw above....

Instead of trying to input vlan 102 on the interface can you just type vlan 102?

Router#(config) vlan 102

bprietoclv · ‎10-08-2014

Same error:

router(config)#vlan 102
Vlan can not be added. Maximum number of 2 vlan(s) in the database.

I do not know why I can configure VLAN 101 instead of VLAN 102 if both of them has the same configuration. Maybe because, as show in the show vlans commands, VLAN 102 is configured as native Vlan for the Dot11Radio0 interface? Headaches!!!

michael o'nan · ‎10-08-2014

Ah now I see. You probably need to upgrade license on IOS. Will need advipservices to run multiple VLANs on 800 series. You can check current by using sh ver

bprietoclv · ‎10-08-2014

Thank you so much Michael.

I will try to contact my reseller in order to get the IOS and move from advsecurity to advipservices. Meanwhile I will try to swap vlans 101 and 102 just to see if I can enable the one that I need on the wired ports. I will let you know.

Best regards,

Rafa.

bprietoclv · ‎10-09-2014

That was the point. Change to advipservices. Thank you!!!