05-03-2011 04:00 PM - edited 07-03-2021 08:09 PM
I have a problem I've created an SSID on a 800 series with an interface with vlan 2 ip address 20.20.20.1 255.255.255.0
What is the problem if a client wants to connect to get this done I have no ip address on another Cisco router and it does not work on this router have just done the same who can help me
Lan
ip dhcp pool R1.CISCO_Private
import all
network 20.20.20.0 255.255.255.0
default-router 20.20.20.1
lease infinite
Interface Vlan2
ip address 20.20.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
Wireless
dot11 ssid CISCO_Private
vlan 2
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 ***************
Interface Dot11Radio0.1
dot1Q a native encapsulation
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
Interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
Interface GigabitEthernet0.1
dot1Q a native encapsulation
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
Interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
Interface BVI1
ip address 10.10.10.2 255.255.255.0
05-05-2011 09:25 AM
Ok, so on the AP side, the configuration looks correct.
Take a look at the Gig interface on the router side that connects to the AP. It needs to be trunk port as well, by default it's access.
Cheers,
Steve
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
05-05-2011 10:53 AM
This is a current running-config on the router maybe I forgot something
Current configuration : 6391 bytes
!
! Last configuration change at 18:37:24 UTC Wed May 4 2011 by Tim
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1543950434
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1543950434
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-1543950434
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353433 39353034 3334301E 170D3131 30353033 32313537
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35343339
35303433 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C36F 8A3BAC71 481BC354 EB274105 07D37E4F BD9CE8AA 7A5D60A4 974AB4AE
6E4D60A2 60067AB8 0F63A755 0C6D8357 7BFB4F9E 00C01D4F EEE921C1 784B5780
810C7D56 D3047AE5 25353CF8 72248830 FAB69DAA F1F0DC42 901E9B34 33D70CD9
E3F584F2 CF0E4BF0 DD6212E3 6600923E E55F63A7 0FF4E900 EF486B0D 2F4929A2
4F530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14124469 1E3E8D2F 8A97D968 63DA4666 3A149C7C 34301D06
03551D0E 04160414 1244691E 3E8D2F8A 97D96863 DA46663A 149C7C34 300D0609
2A864886 F70D0101 04050003 8181004F F9804815 4DA6727E 4A83258A E38A2F93
3634190B 50D6BE93 FD825797 CE93AF45 384C9EA4 67AF76A3 9F08DBFB 021E5DDE
31496DB9 10077E2E ED1EDE75 A6F245BB C9DE79C4 2B97E27D B0C71C8D 7AFDF79C
D69E3A22 D6F12D36 39161910 AA557A00 8FB40329 AAD83FE6 860B3F96 9BA6D04D
A0678B2C 379E16D9 5D619436 3A0664
quit
ip source-route
!
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.20
ip dhcp excluded-address 20.20.20.1 20.20.20.20
!
ip dhcp pool R1.LAN
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease infinite
!
ip dhcp pool R1.CISCO_Private
import all
network 20.20.20.0 255.255.255.0
default-router 20.20.20.1
lease infinite
!
!
ip cef
ip domain name cursist.be
ipv6 unicast-routing
ipv6 cef
!
!
!
archive
log config
logging enable
path flash:R1.standard.running-config
username Tim privilege 15 secret 5 $1$Sx0K$3yl8z7/N4I8ogiBJf3ggF/
username Cisco privilege 15 secret 5 $1$/DVS$HpHRG1wyd3KnxNWOcREVJ1
!
!
!
!
ip ssh rsa keypair-name R1.cursist.be
ip ssh version 2
ip scp server enable
!
!
crypto isakmp policy 10000
encr aes 256
authentication pre-share
group 16
crypto isakmp key Cisco123 address ***************!
!
crypto ipsec transform-set 10000 ah-sha-hmac esp-aes 256 esp-sha-hmac comp-lzs
!
crypto map R1.CMAP 10000 ipsec-isakmp
set peer ******************
set transform-set 10000
set pfs group16
match address Remote-VPN
qos pre-classify
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
ip address dhcp client-id FastEthernet8
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
description WAN
ip address dhcp client-id GigabitEthernet0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map R1.CMAP
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
description LAN
ip address 10.10.10.1 255.255.255.0
ip access-group VLAN1 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 20.20.20.1 255.255.255.0
ip access-group VLAN2 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.10.10.1 22 interface GigabitEthernet0 40000
ip nat inside source static tcp 20.20.20.1 22 interface GigabitEthernet0 50000
ip nat inside source list R1-ACL interface GigabitEthernet0 overload
!
ip access-list extended R1-ACL
deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
deny ip 20.20.10.0 0.0.0.255 20.20.10.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
permit ip 20.20.20.0 0.0.0.255 any
ip access-list extended Remote-VPN
permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip 20.20.20.0 0.0.0.255 20.20.10.0 0.0.0.255
ip access-list extended VLAN1
deny icmp 10.10.10.0 0.0.0.255 20.20.10.0 0.0.0.255
deny icmp 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip any any
ip access-list extended VLAN2
deny icmp 20.20.20.0 0.0.0.255 10.10.20.0 0.0.0.255
deny icmp 20.20.20.0 0.0.0.255 20.20.10.0 0.0.0.255
permit ip any any
05-05-2011 11:26 AM
ok, under the ssid, do a no mbssid guest-mode, then do guest-mode, no need for mbssid.
If that doesn't work, remove the encryptions, and see if open works.
Cheers,
Steve
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
05-05-2011 12:23 PM
Okay I have removed but it does not
05-05-2011 01:01 PM
how can you solve that I have now changed but not working
05-06-2011 02:06 PM
it might be lying because the IOS version has a 150-1.M4.bin and the other is 151-3.T.bin is these routers?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide