Solved

Trying to create a Vlan for aironet wireless.

Posted on 2010-08-21
16
599 Views
Last Modified: 2012-05-10
Guys i need some help i am ok with cisco but not that great. What i am trying to do is i have a cisco 1811, Cisco 2960G switch, and a aironet 1242AG  i am trying to create 2 SSID's and have one go to my internal network and have the second ssid goto VLAN2 that has its own range of ip addresses so that it does nto touch the internal network.  I will post my current config below. Ths issue i am having i cant connect to vlan1 fine and it works great for the internal network. But vlan 2 i get an ip on the client but it will not pass any traffic. For example when i try to ping the 10.10.10.1 address of the router from the access point it does not respond.  Here is the current config of all 3 devices.

Router
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.08.21 12:11:24 =~=~=~=~=~=~=~=~=~=~=~=


User Access Verification


CygnusRTR#sh run
Building configuration...

Current configuration : 10205 bytes
!
! Last configuration change at 12:24:46 EDT Sat Aug 21 2010 by dcoulson
!
version 15.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname CygnusRTR
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
 --More--         aaa authorization network groupaithor local
!
!
!
!
!
aaa session-id common
!
clock timezone EST -5
clock summer-time EDT recurring
!
crypto pki trustpoint TP-self-signed-2874608491
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2874608491
 revocation-check none
 rsakeypair TP-self-signed-2874608491
!
!
crypto pki certificate chain TP-self-signed-2874608491
 certificate self-signed 01
 
  4BFB9EC4 E2
        quit
dot11 syslog
ip source-route
!
!
!
!
 --More--         ip cef
ip name-server 198.190.226.3
no ipv6 cef
!
multilink bundle-name authenticated
!
parameter-map type regex sdm-regex-nonascii
 pattern [^\x00-\x80]

parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 --More--          server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com

!
!
license udi pid CISCO1811/K9 sn FTX1151Z0AY
 --More--         username dcoulson privilege 15 password 7 12090A1906020D07
!
!
!
class-map type inspect smtp match-any sdm-app-smtp
 match  data-length gt 5000000
class-map type inspect http match-any sdm-app-nonascii
 match  req-resp header regex sdm-regex-nonascii
class-map type inspect imap match-any sdm-app-imap
 match  invalid-command
class-map type inspect match-any sdm-cls-protocol-p2p
 match protocol edonkey signature
 match protocol gnutella signature
 match protocol kazaa2 signature
 match protocol fasttrack signature
 match protocol bittorrent signature
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol dns
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol tcp
 --More--          match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-all sdm-protocol-pop3
 match protocol pop3
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any sdm-cls-protocol-im
 match protocol ymsgr yahoo-servers
 match protocol msnmsgr msn-servers
 match protocol aol aol-servers
class-map type inspect pop3 match-any sdm-app-pop3
 match  invalid-command
class-map type inspect match-all sdm-protocol-p2p
 match class-map sdm-cls-protocol-p2p
class-map type inspect http match-any sdm-http-blockparam
 match  request port-misuse im
 --More--          match  request port-misuse p2p
 match  request port-misuse tunneling
 match  req-resp protocol-violation
class-map type inspect match-all sdm-protocol-im
 match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
 match access-group 100
class-map type inspect http match-any sdm-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 --More--          match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 match  request method options
 match  request method poll
 match  request method post
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 --More--          match  request method unlock
 match  request method unsubscribe
class-map type inspect match-all sdm-protocol-http
 match protocol http
class-map type inspect match-all sdm-protocol-smtp
 match protocol smtp
class-map type inspect match-all sdm-protocol-imap
 match protocol imap
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect http sdm-action-app-http
 class type inspect http sdm-http-blockparam
  log
  reset
 class type inspect http sdm-app-httpmethods
  log
  reset
 class type inspect http sdm-app-nonascii
 --More--           log
  reset
policy-map type inspect smtp sdm-action-smtp
 class type inspect smtp sdm-app-smtp
  reset
policy-map type inspect imap sdm-action-imap
 class type inspect imap sdm-app-imap
  log
  reset
policy-map type inspect pop3 sdm-action-pop3
 class type inspect pop3 sdm-app-pop3
  log
  reset
policy-map type inspect sdm-inspect
 class type inspect sdm-invalid-src
  drop log
 class type inspect sdm-protocol-http
  inspect
  service-policy http sdm-action-app-http
 class type inspect sdm-protocol-smtp
  inspect
  service-policy smtp sdm-action-smtp
 class type inspect sdm-protocol-imap
 --More--           inspect
  service-policy imap sdm-action-imap
 class type inspect sdm-protocol-pop3
  inspect
  service-policy pop3 sdm-action-pop3
 class type inspect sdm-protocol-p2p
  drop log
 class type inspect sdm-protocol-im
  drop log
 class type inspect sdm-insp-traffic
  inspect
 class type inspect SDM-Voice-permit
  inspect
 class class-default
  pass
policy-map type inspect sdm-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
 --More--         zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
!
!
!
!
!
!
!
interface FastEthernet0
 description WAN INTERFACE$FW_OUTSIDE$
 ip address 206.xxx.xxx.xxx 255.255.255.0
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 speed auto
 full-duplex
 no cdp enable
!
interface FastEthernet1
 --More--          no ip address
 duplex auto
 speed auto
!
interface FastEthernet1.1
 encapsulation dot1Q 1 native
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
 --More--         interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
!
interface Vlan2
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 no ip route-cache cef
 no ip route-cache
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
 --More--         !
!
ip dns server
ip nat inside source list 10 interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 206.123.254.254
!
logging source-interface Vlan1
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 100 permit ip 206.123.254.0 0.0.0.255 any
!
!
!
!
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
line 1
 --More--          modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 privilege level 15
 transport input all
!
end

CygnusRTR#  exit


Root Switch

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.08.21 12:12:40 =~=~=~=~=~=~=~=~=~=~=~=


User Access Verification

Username: dcoulson
Password:

CMC-ROOT-SW#sh run
Building configuration...

Current configuration : 9593 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname CMC-ROOT-SW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GymO$b0HBFID/geV4mzJSLsS51/
enable password 7 095C41070D0C1611
!
username admin privilege 15 password 7 095C1A5C4C1247000F
username dcoulson privilege 15 password 7 051B090135454F0A
!
!
aaa new-model
 --More--         !
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
!
!
!
aaa session-id common
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip dhcp excluded-address 10.10.10.1 10.10.10.9
ip dhcp excluded-address 10.10.10.101 10.10.10.254
!
ip dhcp pool Vlan2
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 24.154.1.6 24.154.1.7
   default-router 10.10.10.1
   netbios-name-server 24.154.1.6
!
!
 --More--         !
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
 enrollment selfsigned
 serial-number
 revocation-check none
 rsakeypair HTTPS_SS_CERT_KEYPAIR
!
!
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
 certificate self-signed 01
  3082026C 308201D5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  45311530 13060355 0403130C 434D432D 524F4F54 2D53572E 312C300F 06035504
  05130837 39423730 39383030 1906092A 864886F7 0D010902 160C434D 432D524F
  4F542D53 572E301E 170D3933 30343238 31333238 30385A17 0D323030 31303130
  30303030 305A3045 31153013 06035504 03130C43 4D432D52 4F4F542D 53572E31
  2C300F06 03550405 13083739 42373039 38303019 06092A86 4886F70D 01090216
  0C434D43 2D524F4F 542D5357 2E30819F 300D0609 2A864886 F70D0101 01050003
  818D0030 81890281 8100C457 3F902328 7C8776ED F5EB591B A3C2BAC3 DF249A48
  F59B2BE1 0253DBF2 BDA0CC82 4C5976D0 6C1E7899 290F5DC3 10E85714 3BB32336
  B8018ABF 1668213D 07012161 6AAC9A2F 4393A610 66A9E7CA A618F586 9A023319
  A398DFB9 C6C26D10 0D93FC6B EB1C3AA6 D5755877 4C4DDBEA 9C1B4F63 A8A9CB03
  F1439843 1186500F ABC50203 010001A3 6C306A30 0F060355 1D130101 FF040530
 --More--           030101FF 30170603 551D1104 10300E82 0C434D43 2D524F4F 542D5357 2E301F06
  03551D23 04183016 801452AC 99ADB34C F6217557 8A9C1448 F5F8A039 6E0F301D
  0603551D 0E041604 1452AC99 ADB34CF6 2175578A 9C1448F5 F8A0396E 0F300D06
  092A8648 86F70D01 01040500 03818100 87540DC3 C923CEA3 2311C949 B17A119C
  8D7E1A5A B1D68C1F 6097FB5C C0FC3DE8 1036A217 9D5AFE9B E01BB833 E3AB4342
  1808E374 940F9167 12A00671 CEE0ADB7 81BAF0B2 944DC89F 82041CE0 70EB61DD
  F2DEE9AA 494E5DC1 A4F9A9EA DAADB061 45817BF4 409EDAEC 1A172739 11C9479C
  D5028A22 BC6F7C0B 428EC75F 74A92E3A
  quit
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel1
 switchport mode access
!
 --More--         interface Port-channel2
 switchport mode access
!
interface GigabitEthernet0/1
 switchport mode access
!
interface GigabitEthernet0/2
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
 description cmcnets-2
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
 --More--         !
interface GigabitEthernet0/5
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 macro description cisco-wireless
 auto qos voip trust
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
 description T2020-1
 switchport mode access
 speed 100
 duplex full
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
 --More--         !
interface GigabitEthernet0/8
 switchport mode access
 macro description cisco-desktop
!
interface GigabitEthernet0/9
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
 description IP Camera 1
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
 --More--         !
interface GigabitEthernet0/12
 description IP Camera 2
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/13
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/14
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
 switchport trunk allowed vlan 1,2
 --More--          switchport mode trunk
!
interface GigabitEthernet0/17
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
 description cygnus-pred
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/19
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/20
 description cmcapp1
 --More--          switchport mode access
 macro description cisco-desktop
 channel-group 1 mode active
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/21
 description WEST102
!
interface GigabitEthernet0/22
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/23
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/24
!
 --More--         interface GigabitEthernet0/25
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/26
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/27
 description ASA5510
 switchport mode trunk
 mls qos trust dscp
 macro description cisco-router
 auto qos voip trust
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/28
!
 --More--         interface GigabitEthernet0/29
 description cmchr
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/30
 description Linksys AP
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/33
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
 --More--         !
interface GigabitEthernet0/34
 description cmcapp1
 switchport mode access
 macro description cisco-desktop
 channel-group 1 mode active
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/35
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/36
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/37
 switchport mode access
 --More--          macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/38
 description cmcspamsvr
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/39
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/40
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
 --More--         interface GigabitEthernet0/41
 description cmcfs1-2
 switchport mode access
 macro description cisco-desktop
 channel-group 2 mode active
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/42
 description cmcfs1-1
 switchport mode access
 macro description cisco-desktop
 channel-group 2 mode active
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/43
 switchport mode access
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/44
 --More--          switchport trunk allowed vlan 1,2
 switchport mode trunk
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
 switchport mode access
 macro description cisco-desktop
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
 switchport mode trunk
 macro description cisco-switch
 auto qos voip trust
 spanning-tree link-type point-to-point
!
interface Vlan1
 ip address 192.168.1.23 255.255.255.0
 no ip route-cache
!
interface Vlan2
 description GuestWIFI-VLAN
 --More--          ip address 10.10.10.2 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
snmp-server community public RO
snmp-server location Computer Room
snmp-server contact Rich Couchenour
!
line con 0
line vty 0 4
 password 7 010352510E1C561D25
line vty 5 15
 password 7 010352510E1C561D25
!
end

CMC-ROOT-SW#  exit


Access Point

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.08.21 12:13:18 =~=~=~=~=~=~=~=~=~=~=~=


User Access Verification

Username: dcoulson
Password:
% Login invalid

Username: admin
Password:
CMCAP3-TRNGROOM>en
Password:
CMCAP3-TRNGROOM#sh run
Building configuration...

Current configuration : 2347 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CMCAP3-TRNGROOM
!
enable secret 5 $1$Ah9o$3Ctaon3QUYvW0.mLxn05v/
!
no aaa new-model
!
!
dot11 syslog
dot11 vlan-name DefaultLAN vlan 1
dot11 vlan-name GuestVLAN vlan 2
!
dot11 ssid CygnusMFG
   vlan 1
   authentication open
 --More--            information-element ssidl advertisement
!
dot11 ssid Guest
   vlan 2
   authentication open
   mbssid guest-mode
!
!
!
username admin secret 5 $1$bL3A$yBXEqWPD2fMoZ8E0UbS75/
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1 key 1 size 40bit 7 0C7F123C7FCA transmit-key
 encryption vlan 1 mode wep mandatory
 !
 ssid CygnusMFG
 --More--          !
 ssid Guest
 !
 mbssid
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 --More--          no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
 --More--         interface FastEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
interface BVI1
 ip address 192.168.1.234 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
 --More--         !
!
!
line con 0
line vty 0 4
 login local
!
end

CMCAP3-TRNGROOM#  exit


Any help would be greatly appreciated.

Thanks
Don C
0
Comment
Question by:donnyiris
  • 6
  • 5
  • 3
  • +2
16 Comments
 
LVL 24

Expert Comment

by:rfc1180
ID: 33492043
The configs are missing much information, so it is hard to tell what is connected to what; I am going on based on what I see and what has been provided:

I do not see that you have a subinterface configured on the 1811 for vlan, I believe you are going to need:

interface FastEthernet1.2
 encapsulation dot1Q 2 native

Billy
0
 
LVL 13

Expert Comment

by:luc_roy
ID: 33493995
ok i have a few questions

1 where is the dhcp for vlan 1?
2 are you using the other switch ports on the router?
3 can you ping 10.10.10.1 from vlan 1?
0
 

Author Comment

by:donnyiris
ID: 33494020
Dhcp is a win 2003 dc.  No I can't pong from vlam1 to 2 or even from 2 to 2
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33494021
copy and paste error (leave out the native):

interface FastEthernet1.2
 encapsulation dot1Q 2
0
 
LVL 13

Expert Comment

by:luc_roy
ID: 33494050
2 are you using the other switch ports on the router?
0
 
LVL 2

Expert Comment

by:nblancpain
ID: 33494345
You need to get a trunk between the switch and the router to pass both vlans to the router.
It will then route between vlans.
Then you can add ACLs to filter traffic (or inspect-list if you've got firewall licence)

interface FastEthernet0/0
 duplex auto
 speed auto

interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 172.16.119.1 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 172.16.120.1 255.255.255.0
0
 
LVL 13

Expert Comment

by:luc_roy
ID: 33495149
nblancpain - he has trunks on the switch already and rfc1180 told him to add sub interface 1.2 above.

donnyiris - I see several some issues with the router and switch configs.  The problem is not knowing you setup / design.  What ports are connected to each device, what device is being used for each service, etc.  nblancpain is correct once you get this working you will need and ACL to block VLAN1 from VLAN 2, making vlans dos not keep traffinc from talking.

Here are some of the things I would do

1) Change both your vlans from 1 and 2 to 10 and 20 and add an adming vlan 5 (this is more of a design thing)
2) Leave vlan 1 as an unused vlan or untagged trafic (NATIVE).
3) Move DHCP for vlan 2 (now 20) to the router

Here is where the paths can chage based on what you can or can't do
1) Can you physically move the AIRONET connections to the router? If you can I would, then you do not need VLAN 20 on the switch.
2) Remove vlan 2 from the switch

Let me know the path you take and we can finish up

0
 
LVL 7

Expert Comment

by:diepes
ID: 33495245
Where does the AP connect to ?

It might be helpfull to include a
# sh cdp neighbor

from each device , then we can see the physical layout and ensure all the ports pass the correct vlan's.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:donnyiris
ID: 33500714
What i just did was moved the 2 access points to the router. still nothing. Here is the show cdp neighabor.
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
CMCAP1-CROOM     Fas 3              174          T I      AIR-AP124 Fas 0
CMC-ROOT-SW      Fas 2              125          S I      WS-C2960G Gig 0/44
CMCAP3-TRNGROOM  Fas 4              161          T I      AIR-AP124 Fas 0.1

I am very new to Vlan configs so please forgive my ignorance. I understand the concept but implementing it is a whole other thing.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33500919
Question, have you tried any of the recommend solutions that have been provided so far?

If you make too many changes, it is going to get a little complicated in helping you, either leave the APs on the switch or move them to the router, but choose one agg point and lets work on the.


So you have the APs to the router, on fast 3 and 4:

Did you configure trunking, create and SVI (Or create IP address on the subinterface)?

Billy
0
 

Author Comment

by:donnyiris
ID: 33500943
no i am unsure on how to do that. I plan to leave them directly connected to the router. the AP i would liek to work with righ tnow in CMCAP3
0
 
LVL 13

Expert Comment

by:luc_roy
ID: 33501047
ok post your route config only.  I need to see what changes you have made.
0
 

Author Comment

by:donnyiris
ID: 33501060
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet1.2
 encapsulation dot1Q 2 native
!
interface FastEthernet2
!
interface FastEthernet3
 description CROOM-AP
!
interface FastEthernet4
 description CUBS-AP
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
!
interface Vlan2
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 no ip route-cache cef
 no ip route-cache
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source list 10 interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 206.123.254.254
!
logging source-interface Vlan1
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 100 permit ip 206.123.254.0 0.0.0.255 any
!
!
!
!
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 --More--
0
 
LVL 13

Expert Comment

by:luc_roy
ID: 33501154
interface Vlan1
 no ip nat inside
 no ip address 192.168.1.3 255.255.255.0
!
interface Vlan2
 no ip nat inside
 no ip address 10.10.10.1 255.255.255.0

interface FastEthernet1
 ip nat inside
 no shutdown

interface FastEthernet1.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.3 255.255.255.0
 no shutdown

interface FastEthernet1.2
 no encapsulation dot1Q 2 native
 encapsulation dot1Q 2
 ip address 10.10.10.1 255.255.255.0
 no shutdown

interface FastEthernet3
 description CROOM-AP
 switchport access vlan 1
 spanning-tree portfast

interface FastEthernet4
 description CUBS-AP
 switchport access vlan 2
 spanning-tree portfast

0
 

Author Comment

by:donnyiris
ID: 33503334
its  aloved. thanks for all the help.
0
 
LVL 13

Accepted Solution

by:
luc_roy earned 500 total points
ID: 33503394
no problem
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
execute a MS SQL script as a schedule SQL job 72 97
SMB Routers with GB WAN 12 32
iPad Won't Connect 16 34
Azure SQL DB? 3 14
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now