Cisco 871w Wireless config help
I configured a Cisco 871w router with the config below. DHCP is set up on a server attached to the router (10.10.1.5). Users of this router report they cannot connect through wireless, but wired is OK. I do not know if the problem is with the wireless config or with DHCP. The router is located in a remote office. Any assistance would be greatly appreciated.
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Office
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 <secret>
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2324489708
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2324489708
revocation-check none
rsakeypair TP-self-signed-2324489708
!
!
crypto pki certificate chain TP-self-signed-2324489708
certificate self-signed 01
<key>
quit
!
dot11 syslog
!
dot11 ssid SSID
vlan 10
authentication open
authentication key-management wpa
wpa-psk ascii 7 <key>
!
ip source-route
!
!
ip cef
no ip domain lookup
!
!
!
!
username <username> privilege 15 password 7 <password>
!
!
crypto ipsec security-association replay disable
!
!
!
!
crypto ipsec client ezvpn RFTHardEmployees
connect auto
group RFTHardEmployees key <key>
mode network-extension
peer <ip address>
username <username> password <password>
xauth userid mode local
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
switchport trunk native vlan 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto ipsec client ezvpn RFTHardEmployees
!
interface Dot11Radio0
no ip address
no dot11 extension aironet
!
encryption vlan 10 mode ciphers tkip
!
!
broadcast-key change 120
!
!
ssid SSID
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Dot11Radio0.1
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Vlan1
description Wired LAN
ip address 10.10.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
crypto ipsec client ezvpn RFTHardEmployees inside
!
interface Vlan10
description Wireless
no ip address
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled
!
interface BVI10
description Bridge to Internal
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.1.5
ip nat inside
ip virtual-reassembly
crypto ipsec client ezvpn RFTHardEmployees inside
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp 40
ip http server
ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 1 permit 10.10.2.0 0.0.0.255
!
!
!
!
control-plane
!
bridge 10 route ip
!
line con 0
password 7 <password>
no modem enable
line aux 0
line vty 0 4
password 7 <password>
!
scheduler max-task-time 5000
end
ASKER
Ok, when I was setting it up I was wondering if that was possible. However since the router is remote, I don't think this can be done without breaking my telnet connection (need to remove vlan1 IP before setting bvi1 IP). As long as I have both DHCP ranges, do you see any problem with the current config?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Created Vlan2, tried to assign IP address 10.10.1.253/24, "% 10.10.1.0 overlaps with Vlan1"
I did have this working with the two ranges before I shipped it to them, so I know it can be done. About a month ago the config corrupted (don't ask me how...) and I dumped down a new config that I thought was identical to the original. There must have been some difference because wireless has not worked since.
I did have this working with the two ranges before I shipped it to them, so I know it can be done. About a month ago the config corrupted (don't ask me how...) and I dumped down a new config that I thought was identical to the original. There must have been some difference because wireless has not worked since.
ASKER
Anyone see anything obviously wrong about this config that would break the wireless? I don't have another wireless router to test with unfortunately.
ASKER
As an update, I found a possibility that this could be related to a wireless problem exhibited in IOS versions 12.4(20)-T and up. I am trying a downgrade to 12.4(15)-T8 see if it is fixed.
ASKER
This did not work, but I have to close it to open another question. Thanks EE!
The config you have has no need for a BVI int.
Do you need the two different subnets? If not, just bridge VLAN1 and Dot11 into one BVI and assign the IP to the BVI only.
Example below.
Open in new window