Mike
asked on
Cisco 1811W Wireless Clients connect to SSID but can't get IP address.
I have a brand new Cisco 1811w integrated services router. I am using the built-in DHCP server in the router and it is a flat native VLAN structure. Wireless clients associate fine with the radios/ssid but they don't get a address from the internal dhcp server. Can someone please look at my configuration and tell me what is wrong?
Building configuration...
Current configuration : 6703 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO1811W
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret ------------------------------------
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2081397696
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2081397696
revocation-check none
rsakeypair TP-self-signed-2081397696
!
!
crypto pki certificate chain TP-self-signed-2081397696
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303831 33393736 3936301E 170D3130 31313134 31383536
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383133
39373639 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008598 4D826056 8268D7AA 85401F81 B6BA70AA 990009A6 BF08E6B8 E54B4E16
F742D10D B376C098 EED59B64 B041B98D FEDA7778 6038E0DA FC697593 ACBF8470
876DA3A2 BE7D689A C814E2F3 1EFBF478 4A03B4F0 19481739 548F9CCF 0713462A
07E777C4 4DF43533 BE587678 934D1C6E 3DF8ECCC F7E06418 ABB39F65 592CA087
80690203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F434953 434F3138 3131572E 72686363 301F0603 551D2304
18301680 1443C070 23E711E0 02EF0718 8D838794 6755A7F8 D9301D06 03551D0E
04160414 43C07023 E711E002 EF07188D 83879467 55A7F8D9 300D0609 2A864886
F70D0101 04050003 81810080 3931633C 5F9A43B4 B009398C 7C5CA7EE 436EAD57
F36E6C62 B8791D78 E60C41CB 34141BD8 59E9ABC1 773E8FED 32652426 D54A6CB4
69FAFF59 B5404DCC 5775115D E06A5AFE 00B6D008 38DF6BF7 4E205F38 1301C8B5
128CA02B 50221903 BB40F31B DA1BB07C 1F5AE0BC 42DDDDC9 A4E1B5EA F0948B3B
0D46785B 28FA1A82 26EEEA
quit
dot11 syslog
!
dot11 ssid RHCC
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii --------------------------------
!
no ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool ccp-pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 64.71.255.198
default-router 192.168.1.1
!
!
ip cef
no ip bootp server
ip domain name rhcc
ip name-server 64.71.255.198
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 secret ---------------------------------------
!
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
broadcast-key vlan 1 change 30
!
!
ssid RHCC
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
!
interface Dot11Radio1
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
broadcast-key vlan 1 change 30
!
!
ssid RHCC
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no cdp enable
!
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
interface BVI1
description $ES_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler interval 500
end
Unless you didn't paste the whole config, I don't see routing enabled, nor do I see any default route 0.0.0.0 built?
ip dhcp excluded-address 192.168.1.1 192.168.1.100
and no dhcp service running?
ip dhcp excluded-address 192.168.1.1 192.168.1.100
and no dhcp service running?
Default route not need, because, the outside interface get route from DHCP server!
ASKER
Since my CLI knowledge is limited, I used the CCP wizard to configure. As I mentioned, wired clients get DHCP addresses fine, it is only the wireless clients that don't get an IP address. Any ideas?
do you able to debug dhcp?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
service dhcp
and enable routing:
ip routing