Solved

Cisco 1811W Wireless Clients connect to SSID but can't get IP address.

Posted on 2010-11-14
8
1,122 Views
Last Modified: 2012-05-10
I have a brand new Cisco 1811w integrated services router. I am using the built-in DHCP server in the router and it is a flat native VLAN structure. Wireless clients associate fine with the radios/ssid but they don't get a address from the internal dhcp server. Can someone please look at my configuration and tell me what is wrong?
Building configuration...



Current configuration : 6703 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname CISCO1811W

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging message-counter syslog

logging buffered 51200

logging console critical

enable secret ------------------------------------

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-2081397696

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-2081397696

 revocation-check none

 rsakeypair TP-self-signed-2081397696

!

!

crypto pki certificate chain TP-self-signed-2081397696

 certificate self-signed 01

  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 32303831 33393736 3936301E 170D3130 31313134 31383536 

  34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383133 

  39373639 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  81008598 4D826056 8268D7AA 85401F81 B6BA70AA 990009A6 BF08E6B8 E54B4E16 

  F742D10D B376C098 EED59B64 B041B98D FEDA7778 6038E0DA FC697593 ACBF8470 

  876DA3A2 BE7D689A C814E2F3 1EFBF478 4A03B4F0 19481739 548F9CCF 0713462A 

  07E777C4 4DF43533 BE587678 934D1C6E 3DF8ECCC F7E06418 ABB39F65 592CA087 

  80690203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 

  551D1104 13301182 0F434953 434F3138 3131572E 72686363 301F0603 551D2304 

  18301680 1443C070 23E711E0 02EF0718 8D838794 6755A7F8 D9301D06 03551D0E 

  04160414 43C07023 E711E002 EF07188D 83879467 55A7F8D9 300D0609 2A864886 

  F70D0101 04050003 81810080 3931633C 5F9A43B4 B009398C 7C5CA7EE 436EAD57 

  F36E6C62 B8791D78 E60C41CB 34141BD8 59E9ABC1 773E8FED 32652426 D54A6CB4 

  69FAFF59 B5404DCC 5775115D E06A5AFE 00B6D008 38DF6BF7 4E205F38 1301C8B5 

  128CA02B 50221903 BB40F31B DA1BB07C 1F5AE0BC 42DDDDC9 A4E1B5EA F0948B3B 

  0D46785B 28FA1A82 26EEEA

  	quit

dot11 syslog

!

dot11 ssid RHCC

 vlan 1

 authentication open 

 authentication key-management wpa

 guest-mode

 wpa-psk ascii --------------------------------

!

no ip source-route

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.100

!

ip dhcp pool ccp-pool1

   import all

   network 192.168.1.0 255.255.255.0

   dns-server 64.71.255.198 

   default-router 192.168.1.1 

!

!

ip cef

no ip bootp server

ip domain name rhcc

ip name-server 64.71.255.198

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

username admin privilege 15 secret ---------------------------------------

! 

!

!

archive

 log config

  hidekeys

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

bridge irb

!

!

!

interface Dot11Radio0

 no ip address

 !

 encryption vlan 1 mode ciphers aes-ccm tkip 

 !

 broadcast-key vlan 1 change 30

 !

 !

 ssid RHCC

 !

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.1

 encapsulation dot1Q 1 native

 no cdp enable

!

interface Dot11Radio1

 no ip address

 !

 encryption vlan 1 mode ciphers aes-ccm tkip 

 !

 broadcast-key vlan 1 change 30

 !

 !

 ssid RHCC

 !

 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface Dot11Radio1.1

 encapsulation dot1Q 1 native

 no cdp enable

!

interface FastEthernet0

 description $ES_WAN$$FW_OUTSIDE$

 ip address dhcp client-id FastEthernet0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 ip nat outside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface FastEthernet1

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Vlan1

 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$

 no ip address

 ip tcp adjust-mss 1452

 bridge-group 1

!

interface Async1

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 encapsulation slip

!

interface BVI1

 description $ES_LAN$

 ip address 192.168.1.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 ip tcp adjust-mss 1412

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

no cdp run



!

!

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner exec ^CC

% Password expiration warning.

-----------------------------------------------------------------------

 

Cisco Configuration Professional (Cisco CP) is installed on this device 

and it provides the default username "cisco" for  one-time use. If you have 

already used the username "cisco" to login to the router and your IOS image 

supports the "one-time" user option, then this username has already expired. 

You will not be able to login to the router with this username after you exit 

this session.

 

It is strongly suggested that you create a new username with a privilege level 

of 15 using the following command.

 

username <myuser> privilege 15 secret 0 <mypassword>

 

Replace <myuser> and <mypassword> with the username and password you want to 

use.

 

-----------------------------------------------------------------------

^C

banner login ^CCAuthorized access only!

 Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

 login local

 transport output telnet

line 1

 modem InOut

 stopbits 1

 speed 115200

 flowcontrol hardware

line aux 0

 login local

 transport output telnet

line vty 0 4

 privilege level 15

 login local

 transport input telnet ssh

line vty 5 15

 privilege level 15

 login local

 transport input telnet ssh

!

scheduler interval 500

end

Open in new window

0
Comment
Question by:Mike
8 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132069
you need to enabel dhcp:

service dhcp

and enable routing:

ip routing
0
 
LVL 2

Expert Comment

by:prhowe
ID: 34132084
Unless you didn't paste the whole config, I don't see routing enabled, nor do I see any default route 0.0.0.0 built?  

ip dhcp excluded-address 192.168.1.1 192.168.1.100


and no dhcp service running?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132112
Default route not need, because, the outside interface get route from DHCP server!
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Mike
ID: 34132116
Since my CLI knowledge is limited, I used the CCP wizard to configure. As I mentioned, wired clients get DHCP addresses fine, it is only the wireless clients that don't get an IP address. Any ideas?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132249
do you able to debug dhcp?
0
 

Accepted Solution

by:
Mike earned 0 total points
ID: 34170338
Thanks folks for looking into this for me. I ended up calling Cisco for help. I am posting what the fix was hoping to help other people that may be experiencing the same issue. Snippit from the parts of the config that needed tweaking...

dot11 ssid RHCC
 vlan 1
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

interface Dot11Radio0
 no ip address
 encryption mode ciphers aes-ccm
 encryption vlan 1 mode ciphers aes-ccm
 broadcast-key vlan 1 change 45

interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding


same thing as above for Dot11Radio1 and sub interface Dot11Radio1.1
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34859898
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now