?
Solved

Cisco 871W Wired and Wireless Routing With BVI

Posted on 2007-07-19
1
Medium Priority
?
2,365 Views
Last Modified: 2013-11-12
Hi i have a cisco 871w router at home. I set the router up so that my wirelass laptop as well as my lan were all in the same bridge group (BVI). For the most part this has worked well because the dhcp settings on the cisco apply to both the wireless and the wired and that has functioned as i would like. My issue is that my wireless devices can see my wired network, but my wired cannot see my wireless. I suspect this is because the wired devices do not expect to need to goto the router to reach the wireless because they are on the same ip network. Perhaps the wired to wireless traffic is reaching the router but is not properly being routed to my dot11 interface. please take a look at the configuration below. I realize i could break the bvi group up and set up a different ip network on the wireless side and it would probably resolve me issue. if i have to thats fine but i was playing around mostly to learn and would like to figure this out if its doable. Also if i do have to make that change, how do i setup essentially 2 dhcp servers on the device so that wired get 1 set if ip info and wireless get another?

thanks


!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PSC-Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.199
!
ip dhcp pool PSC-DHCP
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.10
   domain-name PSC.Net
!
!
no ip domain lookup
ip domain name PSC.Net
ip name-server 192.168.1.10
!
!
crypto pki trustpoint TP-self-signed-3084853728
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3084853728
 revocation-check none
 rsakeypair TP-self-signed-3084853728
!
!
crypto pki certificate chain TP-self-signed-3084853728
 certificate self-signed 01
  3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303834 38353337 3238301E 170D3032 30333031 30303239
  30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30383438
  35333732 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BC34 BFDFFCB3 C943ECC0 714C8E34 0CC29F41 58F6CCD3 76C85B5D D538F3A6
  6E56ABD0 FD285B83 100CE714 FD7AFA7F 4FF1DD74 FC76D0FB 45C31F84 D44E3537
  358FF312 4F690189 F0764B0C 4C162F44 C42E5BBF C6CF3F80 03B58456 B57F27D0
  088B12AA 9148BB0A 5104FAD9 AD10D7B2 49F89439 7EDCFE33 9C912CCF 38DB93B8
  24010203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
  551D1104 16301482 12505343 2D526F75 7465722E 5053432E 4E657430 1F060355
  1D230418 30168014 4DD277F9 946D57FC 7628F936 27572002 C85F98DA 301D0603
  551D0E04 1604144D D277F994 6D57FC76 28F93627 572002C8 5F98DA30 0D06092A
  864886F7 0D010104 05000381 81002203 CA5B6C1A 55266BC0 ED74893D E3E6AD33
  2EF197F2 594F8652 DB81F736 EE0852DA 5554246D F1EF9B6E 4813709E 67F0BF90
  938E2FFC 9E8A9D3F 7D854972 33F61631 5BD5D884 64FDD1BF A97F8BFF 96B6D0AA
  29FC24D2 36F648A1 CDE6B11E F89A1FF8 A53805DC 5A0F76EB F99177F1 48277785
  DC805404 D3DCCABA 4C6D1138 E6A2
  quit
!
!
username admin privilege 15 secret 5 $1$fI1G$0yeFNqncWC.LSPERHkDev/
username administrator privilege 15 secret 5 $1$mgPc$inRh4AaFohJ34elZTLGIw/
username cryptz privilege 15 secret 5 $1$RFuy$6EgCKXAg93.ZQb5Fabv9X.
!
!
!
bridge irb
!
!
!
interface FastEthernet0
 no cdp enable
!
interface FastEthernet1
 no cdp enable
!
interface FastEthernet2
 no cdp enable
!
interface FastEthernet3
 no cdp enable
!
interface FastEthernet4
 description WAN
 ip address dhcp client-id FastEthernet4
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface Dot11Radio0
 no ip address
 !
 encryption key 1 size 128bit 0 C20461818C20461818C204618C transmit-key
 encryption mode wep mandatory
 !
 ssid CHouse
    authentication open
    guest-mode
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel 2462
 station-role root
 no dot11 extension aironet
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description Internal Switch
 no ip address
 bridge-group 1
!
interface BVI1
 ip address 192.168.1.1 255.255.255.0
 ip broadcast-address 192.168.1.0
 ip nat inside
 ip virtual-reassembly
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.201 3350 interface FastEthernet4 3350
ip nat inside source static tcp 192.168.1.2 28000 interface FastEthernet4 28000
ip nat inside source static tcp 192.168.1.10 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.1.10 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.1.10 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.1.2 6999 interface FastEthernet4 6999
ip nat inside source static udp 192.168.1.2 6998 interface FastEthernet4 6998
ip nat inside source static tcp 192.168.1.10 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.1.10 995 interface FastEthernet4 995
ip nat inside source static tcp 192.168.1.10 993 interface FastEthernet4 993
ip nat inside source static tcp 192.168.1.10 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.1.199 29000 interface FastEthernet4 29000
ip nat inside source static tcp 192.168.1.10 3389 interface FastEthernet4 3389
ip nat inside source static udp 192.168.1.10 123 interface FastEthernet4 123
ip nat inside source static tcp 192.168.1.10 7000 interface FastEthernet4 7000
ip nat inside source static udp 192.168.1.10 7001 interface FastEthernet4 7001
ip nat inside source static tcp 192.168.1.199 21594 interface FastEthernet4 21594
ip nat inside source static tcp 192.168.1.199 27015 interface FastEthernet4 27015
ip nat inside source static udp 192.168.1.199 27015 interface FastEthernet4 27015
ip nat inside source static tcp 192.168.1.199 27005 interface FastEthernet4 27005
ip nat inside source static udp 192.168.1.199 27005 interface FastEthernet4 27005
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static udp 192.168.1.199 8088 interface FastEthernet4 8088
ip nat inside source static udp 192.168.1.199 65535 interface FastEthernet4 65535
ip nat inside source static udp 192.168.1.2 28000 interface FastEthernet4 28000
ip nat inside source static udp 192.168.1.199 29000 interface FastEthernet4 29000
ip nat inside source static udp 192.168.1.199 29001 interface FastEthernet4 29001
ip nat inside source static tcp 192.168.1.199 29001 interface FastEthernet4 29001
ip nat inside source static tcp 192.168.1.199 3724 interface FastEthernet4 3724
ip nat inside source static tcp 192.168.1.199 6112 interface FastEthernet4 6112
ip nat inside source static tcp 192.168.1.199 6881 interface FastEthernet4 6881
ip nat inside source static udp 192.168.1.199 6881 interface FastEthernet4 6881
!
access-list 100 permit icmp any any
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any eq ftp-data any
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any eq ftp any
access-list 100 permit tcp any any eq telnet
access-list 100 permit udp any any eq 23
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any eq smtp any
access-list 100 permit udp any any eq time
access-list 100 permit tcp any any eq domain
access-list 100 permit udp any any eq domain
access-list 100 permit udp any any eq bootps
access-list 100 permit udp any eq bootps any
access-list 100 permit udp any any eq bootpc
access-list 100 permit udp any eq bootpc any
access-list 100 permit udp any eq domain any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any eq www any
access-list 100 permit udp any any eq ntp
access-list 100 permit udp any eq ntp any
access-list 100 permit tcp any any eq 443
access-list 100 permit tcp any eq 443 any
access-list 100 permit udp any any eq isakmp
access-list 100 permit tcp any any eq 993
access-list 100 permit tcp any eq 993 any
access-list 100 permit tcp any any eq 995
access-list 100 permit udp any any eq 1036
access-list 100 permit tcp any any eq 3350
access-list 100 permit tcp any any eq 3389
access-list 100 permit tcp any eq 3389 any
access-list 100 permit tcp any eq 3724 any
access-list 100 permit udp any eq 4321 any
access-list 100 permit udp any any eq non500-isakmp
access-list 100 permit tcp any any range 5500 5700
access-list 100 permit tcp any eq 6112 any
access-list 100 permit tcp any eq 6667 any
access-list 100 permit udp any any eq 6998
access-list 100 permit udp any eq 6998 any
access-list 100 permit tcp any any eq 6999
access-list 100 permit tcp any eq 6999 any
access-list 100 permit tcp any any eq 7000
access-list 100 permit udp any any eq 7001
access-list 100 permit tcp any any eq 10000
access-list 100 permit tcp any any eq 21594
access-list 100 permit udp any eq 27014 any
access-list 100 permit udp any eq 27015 any
access-list 100 permit udp any eq 27900 any
access-list 100 permit tcp any any eq 28000
access-list 100 permit udp any any eq 28000
access-list 100 permit tcp any eq 28910 any
access-list 100 permit tcp any any eq 29000
access-list 100 permit tcp any eq 29900 any
access-list 100 permit tcp any eq 29920 any
access-list 100 permit udp any any eq 62515
access-list 100 permit tcp any any established
access-list 100 permit gre any any
access-list 100 permit udp any any eq 29000
access-list 100 permit udp any any eq 27015
access-list 100 permit tcp any any eq 27015
access-list 100 permit tcp any eq 27015 any
access-list 100 permit udp any any eq 27005
access-list 100 permit udp any eq 27005 any
access-list 100 permit tcp any any eq 27005
access-list 100 permit tcp any eq 27005 any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login 
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm 
-----------------------------------------------------------------------

!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175111
ntp server 207.46.130.100
end
0
Comment
Question by:Baran711
1 Comment
 
LVL 2

Accepted Solution

by:
klnicholas15 earned 1500 total points
ID: 19542779
I have the exact same setup and mine works without a problem, I cannot see anything that jumps out and appears to be a problem but here is an excerpt from my config.  Hope it gets you on the right track.

!
bridge irb
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 no ip address
 no ip redirects
 ip virtual-reassembly
 load-interval 30
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet1
 no ip address
 ip virtual-reassembly
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet2
 description
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet3
 description
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet4
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet5
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet6
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet7
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet8
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet9
 description
 load-interval 30
 no cdp enable
 spanning-tree portfast
!
interface Dot11Radio0
 no ip address
 ip route-cache flow
 !
 encryption key 1 size 128bit 7
 encryption mode wep mandatory
 !
 ssid WireLess
    authentication open
    guest-mode
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip redirects
 no ip proxy-arp
 ip route-cache flow
 shutdown
 speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0
 station-role root
 no cdp enable
!
interface Vlan1
 no ip address
 ip virtual-reassembly
 load-interval 30
 bridge-group 1
!
interface Async1
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation slip
!

!
interface BVI1
 ip address 192.168.200.1 255.255.255.0
 ip mask-reply
 ip accounting output-packets
 ip nbar protocol-discovery
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 load-interval 30
!
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question