Solved

Cisco 1811W Wireless Clients connect to SSID but can't get IP address.

Posted on 2010-11-14
8
1,143 Views
Last Modified: 2012-05-10
I have a brand new Cisco 1811w integrated services router. I am using the built-in DHCP server in the router and it is a flat native VLAN structure. Wireless clients associate fine with the radios/ssid but they don't get a address from the internal dhcp server. Can someone please look at my configuration and tell me what is wrong?
Building configuration...

Current configuration : 6703 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO1811W
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret ------------------------------------
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2081397696
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2081397696
 revocation-check none
 rsakeypair TP-self-signed-2081397696
!
!
crypto pki certificate chain TP-self-signed-2081397696
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32303831 33393736 3936301E 170D3130 31313134 31383536 
  34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383133 
  39373639 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81008598 4D826056 8268D7AA 85401F81 B6BA70AA 990009A6 BF08E6B8 E54B4E16 
  F742D10D B376C098 EED59B64 B041B98D FEDA7778 6038E0DA FC697593 ACBF8470 
  876DA3A2 BE7D689A C814E2F3 1EFBF478 4A03B4F0 19481739 548F9CCF 0713462A 
  07E777C4 4DF43533 BE587678 934D1C6E 3DF8ECCC F7E06418 ABB39F65 592CA087 
  80690203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 
  551D1104 13301182 0F434953 434F3138 3131572E 72686363 301F0603 551D2304 
  18301680 1443C070 23E711E0 02EF0718 8D838794 6755A7F8 D9301D06 03551D0E 
  04160414 43C07023 E711E002 EF07188D 83879467 55A7F8D9 300D0609 2A864886 
  F70D0101 04050003 81810080 3931633C 5F9A43B4 B009398C 7C5CA7EE 436EAD57 
  F36E6C62 B8791D78 E60C41CB 34141BD8 59E9ABC1 773E8FED 32652426 D54A6CB4 
  69FAFF59 B5404DCC 5775115D E06A5AFE 00B6D008 38DF6BF7 4E205F38 1301C8B5 
  128CA02B 50221903 BB40F31B DA1BB07C 1F5AE0BC 42DDDDC9 A4E1B5EA F0948B3B 
  0D46785B 28FA1A82 26EEEA
  	quit
dot11 syslog
!
dot11 ssid RHCC
 vlan 1
 authentication open 
 authentication key-management wpa
 guest-mode
 wpa-psk ascii --------------------------------
!
no ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 64.71.255.198 
   default-router 192.168.1.1 
!
!
ip cef
no ip bootp server
ip domain name rhcc
ip name-server 64.71.255.198
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 secret ---------------------------------------
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 1 change 30
 !
 !
 ssid RHCC
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
!
interface Dot11Radio1
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 1 change 30
 !
 !
 ssid RHCC
 !
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no cdp enable
!
interface FastEthernet0
 description $ES_WAN$$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
interface BVI1
 description $ES_LAN$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run

!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler interval 500
end

Open in new window

0
Comment
Question by:Mike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132069
you need to enabel dhcp:

service dhcp

and enable routing:

ip routing
0
 
LVL 2

Expert Comment

by:prhowe
ID: 34132084
Unless you didn't paste the whole config, I don't see routing enabled, nor do I see any default route 0.0.0.0 built?  

ip dhcp excluded-address 192.168.1.1 192.168.1.100


and no dhcp service running?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132112
Default route not need, because, the outside interface get route from DHCP server!
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:Mike
ID: 34132116
Since my CLI knowledge is limited, I used the CCP wizard to configure. As I mentioned, wired clients get DHCP addresses fine, it is only the wireless clients that don't get an IP address. Any ideas?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34132249
do you able to debug dhcp?
0
 

Accepted Solution

by:
Mike earned 0 total points
ID: 34170338
Thanks folks for looking into this for me. I ended up calling Cisco for help. I am posting what the fix was hoping to help other people that may be experiencing the same issue. Snippit from the parts of the config that needed tweaking...

dot11 ssid RHCC
 vlan 1
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

interface Dot11Radio0
 no ip address
 encryption mode ciphers aes-ccm
 encryption vlan 1 mode ciphers aes-ccm
 broadcast-key vlan 1 change 45

interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding


same thing as above for Dot11Radio1 and sub interface Dot11Radio1.1
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34859898
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 106
Radius Debug Error 16 130
Cisco Edge Routers for BGP 6 116
Wireless router under network , where it from connected to my windows ? 10 64
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question