Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 1811W Wireless Clients connect to SSID but can't get IP address.

Posted on 2010-11-14
8
Medium Priority
?
1,150 Views
Last Modified: 2012-05-10
I have a brand new Cisco 1811w integrated services router. I am using the built-in DHCP server in the router and it is a flat native VLAN structure. Wireless clients associate fine with the radios/ssid but they don't get a address from the internal dhcp server. Can someone please look at my configuration and tell me what is wrong?
Building configuration...

Current configuration : 6703 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO1811W
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret ------------------------------------
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2081397696
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2081397696
 revocation-check none
 rsakeypair TP-self-signed-2081397696
!
!
crypto pki certificate chain TP-self-signed-2081397696
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32303831 33393736 3936301E 170D3130 31313134 31383536 
  34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383133 
  39373639 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81008598 4D826056 8268D7AA 85401F81 B6BA70AA 990009A6 BF08E6B8 E54B4E16 
  F742D10D B376C098 EED59B64 B041B98D FEDA7778 6038E0DA FC697593 ACBF8470 
  876DA3A2 BE7D689A C814E2F3 1EFBF478 4A03B4F0 19481739 548F9CCF 0713462A 
  07E777C4 4DF43533 BE587678 934D1C6E 3DF8ECCC F7E06418 ABB39F65 592CA087 
  80690203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 
  551D1104 13301182 0F434953 434F3138 3131572E 72686363 301F0603 551D2304 
  18301680 1443C070 23E711E0 02EF0718 8D838794 6755A7F8 D9301D06 03551D0E 
  04160414 43C07023 E711E002 EF07188D 83879467 55A7F8D9 300D0609 2A864886 
  F70D0101 04050003 81810080 3931633C 5F9A43B4 B009398C 7C5CA7EE 436EAD57 
  F36E6C62 B8791D78 E60C41CB 34141BD8 59E9ABC1 773E8FED 32652426 D54A6CB4 
  69FAFF59 B5404DCC 5775115D E06A5AFE 00B6D008 38DF6BF7 4E205F38 1301C8B5 
  128CA02B 50221903 BB40F31B DA1BB07C 1F5AE0BC 42DDDDC9 A4E1B5EA F0948B3B 
  0D46785B 28FA1A82 26EEEA
  	quit
dot11 syslog
!
dot11 ssid RHCC
 vlan 1
 authentication open 
 authentication key-management wpa
 guest-mode
 wpa-psk ascii --------------------------------
!
no ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 64.71.255.198 
   default-router 192.168.1.1 
!
!
ip cef
no ip bootp server
ip domain name rhcc
ip name-server 64.71.255.198
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 secret ---------------------------------------
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 1 change 30
 !
 !
 ssid RHCC
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
!
interface Dot11Radio1
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 1 change 30
 !
 !
 ssid RHCC
 !
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no cdp enable
!
interface FastEthernet0
 description $ES_WAN$$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
interface BVI1
 description $ES_LAN$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run

!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler interval 500
end

Open in new window

0
Comment
Question by:Mike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132069
you need to enabel dhcp:

service dhcp

and enable routing:

ip routing
0
 
LVL 2

Expert Comment

by:prhowe
ID: 34132084
Unless you didn't paste the whole config, I don't see routing enabled, nor do I see any default route 0.0.0.0 built?  

ip dhcp excluded-address 192.168.1.1 192.168.1.100


and no dhcp service running?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132112
Default route not need, because, the outside interface get route from DHCP server!
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Mike
ID: 34132116
Since my CLI knowledge is limited, I used the CCP wizard to configure. As I mentioned, wired clients get DHCP addresses fine, it is only the wireless clients that don't get an IP address. Any ideas?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132249
do you able to debug dhcp?
0
 

Accepted Solution

by:
Mike earned 0 total points
ID: 34170338
Thanks folks for looking into this for me. I ended up calling Cisco for help. I am posting what the fix was hoping to help other people that may be experiencing the same issue. Snippit from the parts of the config that needed tweaking...

dot11 ssid RHCC
 vlan 1
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

interface Dot11Radio0
 no ip address
 encryption mode ciphers aes-ccm
 encryption vlan 1 mode ciphers aes-ccm
 broadcast-key vlan 1 change 45

interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding


same thing as above for Dot11Radio1 and sub interface Dot11Radio1.1
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 34859898
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question