asked on

Wireless configuration help with cisco 861w

I have no problems setting up the router without wireless, however my lack of knowledge with the built in AP is driving me crazy!!!! I have tried to follow 871w configs but none of that seemed to work.

My goal is to have the wireless clients on a separate vlan
wired host vlan 100 172.16.1.0/24
wireless clients vlan 601 172.16.16/24

This AP supports G/N clients and I have not seen any documentation on how to specify G only for
instance.

I don't need to preserve any configurations as this is a lab environment.

ROUTER CONFIG
 
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5
!
no aaa new-model
!
!
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username admin privilege 15 secret 5 
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 100
!
interface FastEthernet1
 switchport access vlan 100
!
interface FastEthernet2
 switchport access vlan 100
!
interface FastEthernet3
 switchport access vlan 100
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan100
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
!
interface Vlan1
 no ip address
!
interface Vlan100
 ip address 172.16.1.254 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.1.1
!
ip http server
ip http authentication local
no ip http secure-server
!
!
control-plane
!
!
line con 0
 logging synchronous
 no modem enable
line aux 0
line 2
line vty 0 4
 logging synchronous
 login local
!
scheduler max-task-time 5000
end
 
AP CONFIG
 
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 
!
no aaa new-model
!
!
!
!
username @
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 shutdown
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
 no ip address
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
 no activation-character
line vty 0 4
 login local
!
end

Open in new window

ASKER CERTIFIED SOLUTION

Les Moore

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Highspade

ASKER

Thanks lrmoor, I will give that a shot.

I do have a question in regards to the BVI setup in respect to the VLANS, does the BVI group have to match the VLAN ID? or is this more of an arbitrary assignment like a subinterface id?

Les Moore

The BVI number matches the bridge group number not the vlan, but in this case the vlan ID matches the subinterface which matches the bvi, which matches the bridge group, etc.. just good practice to keep them all in sync for ease of troubleshooting later.

Les Moore

Are you using the Cisco software that came with it to configure it? The Cisco Configuration Professional?
It has quirks of its own...

Highspade

ASKER

Thanks for the config, I had it working to a point.

I'm running into issues modifying it to fit my topology, and suspect that the more I hack at this the deeper my hole is getting.

config-posted.txt

Les Moore

>I had it working to a point
You gotta be more specific than that...
what works, what doesn't?

Highspade

ASKER

sorry, I should have been more specific.

Using your configuration I was able to connect via wireless to the 10.1.10.x net (I think you had that listed as corp) when I started to modify the config for my specific networks it stopped working.

Using your config the AP was pulling a 10.1.10.34 address and I was able to connect to the AP web administration site.

As configured now, the AP is not pulling an IP and when I connect to the HOME network its trying to connect but stays at waiting for network.

I suspect the issue is somewhere in the vlan, bridge-group portion of the config.

Highspade

ASKER

Ok a small update

I just entered some configuration into interface vlan 1 on the router, setup a DHCP scope for it, and the AP interface BVI 1 pulled an IP from that.

Highspade

ASKER

I recreated vlan 1 on the GigE and Dot11radio interfaces and set the vlan to native. and I am now able to connect to the test network on vlan 1.

I'm still unable to connect to vlan 601 ssid home for some reason.

Highspade

ASKER

Looks like this router is restricted to only having 2 vlan's. vlan 601 was showing protocol down, I'm not sure if it was showing that way all the time, or if it went down after I reconfigured vlan 1.

Either way I have decided to modify my original intent. I will assign wireless clients to vlan1 instead of 601, I'm disappointed that after all this messing around my problem was most likely caused by my desire to avoid using vlan1 as this note I found in a config doc would indicate.

Note: When you configure VLANs on access points, the Native VLAN must be VLAN1. In a single architecture, client traffic received by the access point is tunneled through an IP-GRE tunnel, which is established on the access points Ethernet interface native VLAN. Because of the IP-GRE tunnel, some users may confgure another switch port as VLAN1. This misconfiguration causes errors on the switch port.

Les Moore

Before you give up, you can try setting interface interface Wlan-GigabitEthernet0 to a trunk port
interface Wlan-GigabitEthernet0
switch mode trunk

Highspade

ASKER

I appreciate the added suggestion, but while I know how to set the interface to trunk mode, I not sure how this will help me. Could you provide your thought process on that?

Les Moore

That interface needs to trunk multiple vlans to the AP. If you don't, you'll probably see the vlan interface up/down. because there is nothing active on the vlan.

My early testing of the config I posted gave me a false positive. I was not actually getting an IP address from the correct address pool when connecting to HOME on VLAN3, and the vlan3 interface showed up/down. I plugged into one of the vlan3 switch ports and I got the right IP address and brought vlan3 up/up. It works now and I did two things.
1. define the vlan on the router (should not have had to do this because I used CCP to do the initial config)
router(config)#vlan 3
router(config-vlan)#exit

2. Set interface to trunk port

BAM! I started getting the appropriate address from vlan3 dhcp pool on HOME SSID. I think that setting the interface to trunk mode keeps vlan other than 1 up/up

Highspade

ASKER

I see

while doing this did in fact bring my vlan 601 up/up I don't think the router is happy with my third vlan. Still unable to ping the vlan interface IP address.

I will need to do some testing with vlan 100 to see if I can pull the proper IP via wireless should I choose to setup wireless access for it.

However for the time being my wireless clients are able to access vlan 1 with no issues. So I will conside this question closed for the moment.

Thank you for your time.