• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 952
  • Last Modified:

Cannot ping AP1231 from Switch

I have an AP connected to FA0/1 with the config below. I can't ping or telnet to the AP from the switch its connected to but I can from any other device.

From the switch in question, I can ping the gateway of the AP also.

What could be the problem?

Building configuration...
 
Current configuration : 12495 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CCTA_MDF_1:3
!
enable secret 5 $1$DU6Y$rvzjvZzPSTwiUDFSWMrTP/
!
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 10
mls qos min-reserve 7 65
mls qos min-reserve 8 26
mls qos
udld aggressive
 
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
 switchport access vlan 123
 switchport mode access
 no ip address
!
-------
interface Vlan1
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface Vlan121
 ip address 10.2.160.13 255.255.224.0
 no ip route-cache
 no ip mroute-cache
!
ip default-gateway 10.2.160.1
ip classless
ip http server
!
!
snmp-server engineID local 00000009020000027E60CD00
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x12
!
line con 0
line vty 0 4
 password ***
 login
 length 0
line vty 5 15
 password ***
 login
!
end
 
 
 
CCTA_MDF_1:3#show cdp ne de
-------------------------
Device ID: CCTA_AP_01
Entry address(es):
  IP address: 10.30.164.11
Platform: cisco AIR-AP1231G-A-K9    ,  Capabilities: Trans-Bridge
Interface: FastEthernet0/1,  Port ID (outgoing port): FastEthernet0
Holdtime : 174 sec
 
Version :
Cisco Internetwork Operating System Software
IOS (tm) C1200 Software (C1200-K9W7-M), Version 12.2(15)XR2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 17-Sep-04 13:40 by kellythw
 
advertisement version: 2
Duplex: full
Power drawn: 6.460 Watts
Management address(es):
 
-------------------------
CCTA_MDF_1:3#ping 10.30.164.11
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.164.11, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CCTA_MDF_1:3#ping 10.30.164.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.164.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CCTA_MDF_1:3#

Open in new window

0
jjmartineziii
Asked:
jjmartineziii
  • 4
  • 3
1 Solution
 
ciscoml320Commented:
At quick glance, it looks like a routing problem from the AP side of the network.  is the AP configured with proper default gateway?

Could you post the config of the router? or at least the routing table of the router...
any ACLs involved?


0
 
jjmartineziiiAuthor Commented:
Here is the router config with parts removed.

!
version 12.4
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CCTA-VGW
!
boot-start-marker
boot system flash c2801-spservicesk9-mz.124-3h.bin
boot-end-marker
!
logging buffered 16384 informational
logging rate-limit 200
enable secret 5 $***
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.20.94.1 10.20.94.10
!
ip dhcp pool IP_PHONES
   network 10.20.94.0 255.255.254.0
   option 150 ip 10.20.0.20
   dns-server 10.0.0.8
   default-router 10.20.94.1
!
!
no ip domain lookup
ip multicast-routing
!
voice-card 0
!
!
--SNIP---
!
!
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 auto qos voip trust
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet0/0.121
 description CCTA-Data
 encapsulation dot1Q 121 native
 ip address 10.2.160.1 255.255.224.0
 ip helper-address 10.0.0.7
 ip pim sparse-dense-mode
 ip cgmp
 no snmp trap link-status
!
interface FastEthernet0/0.122
 description CCTA-Voice
 encapsulation dot1Q 122
 ip address 10.20.94.1 255.255.254.0
 ip pim sparse-dense-mode
 ip cgmp
 no snmp trap link-status
 h323-gateway voip bind srcaddr 10.20.94.1
!
interface FastEthernet0/0.123
 description CCTA-Wireless
 encapsulation dot1Q 123
 ip address 10.30.164.1 255.255.252.0
 ip access-group 100 out
 ip helper-address 10.0.0.7
 ip pim sparse-dense-mode
 ip cgmp
 no snmp trap link-status
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/2/0
 description LINK to Admin
 ip address 10.254.1.206 255.255.255.252
 ip access-group 100 out
 ip pim sparse-dense-mode
 auto qos voip trust
 service-policy output AutoQoS-Policy-Trust
!
router eigrp 2922
 redistribute connected
 redistribute static
 network 10.0.0.0
 no auto-summary
 no eigrp log-neighbor-changes
!
ip default-gateway 10.254.1.205
ip classless
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.254.1.205
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip pim rp-address 1.1.1.1
!
logging trap notifications
logging source-interface Serial0/2/0
logging 10.0.0.50
access-list 100 deny   icmp any any
access-list 100 permit ip any host 10.0.0.6
access-list 100 permit ip any host 10.0.0.9
access-list 100 permit ip any host 10.0.5.30
access-list 100 permit ip any host 10.0.0.41
access-list 100 permit ip any host 10.0.0.45
access-list 100 permit ip any host 10.2.33.26
access-list 100 permit ip host 10.0.0.41 any
access-list 100 permit ip host 10.0.0.45 any
access-list 100 permit tcp any 10.1.0.0 0.0.0.255
access-list 100 permit tcp any 10.5.0.0 0.0.0.255
access-list 100 permit tcp any host 10.0.3.30 eq www
access-list 100 permit tcp any host 10.0.0.42 eq www
access-list 100 permit tcp any host 10.0.0.44 eq www
access-list 100 permit tcp any 10.5.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.1.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.20.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.30.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.2.47.0 0.0.0.255 eq www
access-list 100 deny   tcp any 10.0.0.0 0.255.255.255 eq www
access-list 100 permit tcp host 67.79.96.129 eq smtp any
access-list 100 permit tcp host 67.79.96.129 eq pop3 any
access-list 100 deny   tcp any eq smtp any log
access-list 100 deny   tcp any eq pop3 any log
access-list 100 deny   tcp any any eq 135 log
access-list 100 deny   tcp any eq 139 any log
access-list 100 deny   tcp any any eq 139 log
access-list 100 deny   tcp any eq 445 any log
access-list 100 deny   tcp any any eq 445 log
access-list 100 deny   tcp any any eq 1025 log
access-list 100 deny   tcp any any eq 2302 log
access-list 100 deny   tcp any any eq 4444 log
access-list 100 deny   tcp any any eq 4662 log
access-list 100 deny   tcp any any eq 5555 log
access-list 100 deny   tcp any any eq 6343 log
access-list 100 deny   tcp any any eq 6346 log
access-list 100 deny   tcp any any eq 6348 log
access-list 100 deny   udp any any eq 6348 log
access-list 100 deny   tcp any any eq 6667 log
access-list 100 deny   tcp any any eq 6954 log
access-list 100 deny   tcp any any eq 6969 log
access-list 100 deny   tcp any any eq 6991 log
access-list 100 permit ip any any

!
!
!
---SNIP---
!
ntp server 10.0.0.1
end
0
 
jjmartineziiiAuthor Commented:
Here is a piece of the AP config:
interface FastEthernet0
 no ip address
 no ip route-cache
 speed 100
 full-duplex
 ntp broadcast client
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.30.164.11 255.255.252.0
 no ip route-cache
!
ip default-gateway 10.30.164.1

Open in new window

0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ciscoml320Commented:
this may be the problem
"access-list 100 deny   icmp any any"

0
 
ciscoml320Commented:
one thing you can try
do a  repeated ping from the switch to the AP
"ping 10.30.164.11 rep 100"

then
examine the number of hits you're getting on ACL100 on the router, specifically the line i mentioned above.
This would indicate that your ICMP packets are getting dropped by that ACL
if you do want to have ICMP reachability to the AP, then you can add a permit rule at the top of the ACL for the IP, then start denying ICMP for "any any"
hope this helps...

let me know
0
 
jjmartineziiiAuthor Commented:
doh! i SWEAR it wasn't even allowing me to telnet from the connected switch. i tried it again just now and it was working. (i wasn't worried about pining, just telneting)

Thanks!
0
 
ciscoml320Commented:
awesome...Happy ending!
take care.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now