Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
6
Replies

wireless ssid and vlan's

pcfreak49
Level 1
Level 1

‎05-03-2011 04:00 PM - edited ‎07-03-2021 08:09 PM

I have a problem I've created an SSID on a 800 series with an interface with vlan 2 ip address 20.20.20.1 255.255.255.0
What is the problem if a client wants to connect to get this done I have no ip address on another Cisco router and it does not work on this router have just done the same who can help me

Lan

ip dhcp pool R1.CISCO_Private
   import all
   network 20.20.20.0 255.255.255.0
   default-router 20.20.20.1
   lease infinite

Interface Vlan2
ip address 20.20.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

Wireless

dot11 ssid CISCO_Private
   vlan 2
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 0 ***************

Interface Dot11Radio0.1
dot1Q a native encapsulation
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
Interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!

Interface GigabitEthernet0.1
dot1Q a native encapsulation
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
Interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
Interface BVI1
ip address 10.10.10.2 255.255.255.0

Labels:
0 Helpful
6 Replies 6

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎05-05-2011 09:25 AM

Ok, so on the AP side, the configuration looks correct.

Take a look at the Gig interface on the router side that connects to the AP.  It needs to be trunk port as well, by default it's access.

Cheers,
Steve

--

If  this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

pcfreak49
Level 1
Level 1
In response to Stephen Rodriguez

‎05-05-2011 10:53 AM

This is a current running-config on the router maybe I forgot something

Current configuration : 6391 bytes
!
! Last configuration change at 18:37:24 UTC Wed May 4 2011 by Tim
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1543950434
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1543950434
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-1543950434
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353433 39353034 3334301E 170D3131 30353033 32313537
  30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35343339
  35303433 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C36F 8A3BAC71 481BC354 EB274105 07D37E4F BD9CE8AA 7A5D60A4 974AB4AE
  6E4D60A2 60067AB8 0F63A755 0C6D8357 7BFB4F9E 00C01D4F EEE921C1 784B5780
  810C7D56 D3047AE5 25353CF8 72248830 FAB69DAA F1F0DC42 901E9B34 33D70CD9
  E3F584F2 CF0E4BF0 DD6212E3 6600923E E55F63A7 0FF4E900 EF486B0D 2F4929A2
  4F530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14124469 1E3E8D2F 8A97D968 63DA4666 3A149C7C 34301D06
  03551D0E 04160414 1244691E 3E8D2F8A 97D96863 DA46663A 149C7C34 300D0609
  2A864886 F70D0101 04050003 8181004F F9804815 4DA6727E 4A83258A E38A2F93
  3634190B 50D6BE93 FD825797 CE93AF45 384C9EA4 67AF76A3 9F08DBFB 021E5DDE
  31496DB9 10077E2E ED1EDE75 A6F245BB C9DE79C4 2B97E27D B0C71C8D 7AFDF79C
  D69E3A22 D6F12D36 39161910 AA557A00 8FB40329 AAD83FE6 860B3F96 9BA6D04D
  A0678B2C 379E16D9 5D619436 3A0664
        quit
ip source-route
!
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.20
ip dhcp excluded-address 20.20.20.1 20.20.20.20
!
ip dhcp pool R1.LAN
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease infinite
!
ip dhcp pool R1.CISCO_Private
   import all
   network 20.20.20.0 255.255.255.0
   default-router 20.20.20.1
   lease infinite
!
!
ip cef
ip domain name cursist.be
ipv6 unicast-routing
ipv6 cef
!
!
!
archive
log config
  logging enable
path flash:R1.standard.running-config
username Tim privilege 15 secret 5 $1$Sx0K$3yl8z7/N4I8ogiBJf3ggF/
username Cisco privilege 15 secret 5 $1$/DVS$HpHRG1wyd3KnxNWOcREVJ1
!
!
!
!
ip ssh rsa keypair-name R1.cursist.be
ip ssh version 2
ip scp server enable
!
!
crypto isakmp policy 10000
encr aes 256
authentication pre-share
group 16
crypto isakmp key Cisco123 address ***************!
!
crypto ipsec transform-set 10000 ah-sha-hmac esp-aes 256 esp-sha-hmac comp-lzs
!
crypto map R1.CMAP 10000 ipsec-isakmp
set peer ******************
set transform-set 10000
set pfs group16
match address Remote-VPN
qos pre-classify
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
ip address dhcp client-id FastEthernet8
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
description WAN
ip address dhcp client-id GigabitEthernet0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map R1.CMAP
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
description LAN
ip address 10.10.10.1 255.255.255.0
ip access-group VLAN1 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 20.20.20.1 255.255.255.0
ip access-group VLAN2 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.10.10.1 22 interface GigabitEthernet0 40000
ip nat inside source static tcp 20.20.20.1 22 interface GigabitEthernet0 50000
ip nat inside source list R1-ACL interface GigabitEthernet0 overload
!
ip access-list extended R1-ACL
deny   ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
deny   ip 20.20.10.0 0.0.0.255 20.20.10.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
permit ip 20.20.20.0 0.0.0.255 any
ip access-list extended Remote-VPN
permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip 20.20.20.0 0.0.0.255 20.20.10.0 0.0.0.255
ip access-list extended VLAN1
deny   icmp 10.10.10.0 0.0.0.255 20.20.10.0 0.0.0.255
deny   icmp 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip any any
ip access-list extended VLAN2
deny   icmp 20.20.20.0 0.0.0.255 10.10.20.0 0.0.0.255
deny   icmp 20.20.20.0 0.0.0.255 20.20.10.0 0.0.0.255
permit ip any any

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to pcfreak49

‎05-05-2011 11:26 AM

ok, under the ssid, do a no mbssid guest-mode, then do guest-mode, no need for mbssid.

If that doesn't work, remove the encryptions, and see if open works.

Cheers,
Steve

--

If  this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

pcfreak49
Level 1
Level 1
In response to Stephen Rodriguez

‎05-05-2011 12:23 PM

Okay I have removed but it does not

0 Helpful

pcfreak49
Level 1
Level 1
In response to Stephen Rodriguez

‎05-05-2011 01:01 PM

how can you solve that I have now changed but not working

0 Helpful

pcfreak49
Level 1
Level 1
In response to Stephen Rodriguez

‎05-06-2011 02:06 PM

it might be lying because the IOS version has a 150-1.M4.bin and the other is 151-3.T.bin is these routers?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card