Solved

887VAW help with wireless config

Posted on 2013-01-28
5
1,554 Views
Last Modified: 2013-02-04
Hi,

 
Please see my config below. Everything is working, and I can connect to the wireless. I do not seem to be able to communicate accross the bridge to the vlan gateway or net. Alot of the wireless config was copied from the net... so I would not be surprised if I am missing something important. Thanks in advance for any help.

 
 
rfiwireless(config)#do show run
Building configuration...

Current configuration : 2995 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rfiwireless
!
logging rate-limit console 9
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid rfi
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 063429087B1F1xxxxxxxx
!
!
!
username cisco privilege 15 secret 5 $1$X/yz$Fvkl5jXZwQAqHavE1gJ6T1
username chigby privilege 15 secret 5 $1$8vXr$aBRkLpz9Yk/ZPXG4zMWtK.
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
ssid rfi
!
antenna gain 0
no preamble-short
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
!
!
banner exec ^CC
% Password change notice.
xxx
^C
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
end

 
Here is config for the rest of the device:

 
Building configuration...

Current configuration : 6370 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname tassie
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable password 7 1201160040131F1378
!
no aaa new-model
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2118896471
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2118896471
revocation-check none
rsakeypair TP-self-signed-2118896471
!
!
crypto pki certificate chain TP-self-signed-2118896471
certificate self-signed 01
  3082022B xxxxx2B33FF
        quit
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool rfi
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1
!
!
ip domain name yourdomain.com
ip name-server 208.67.222.222
ip name-server 208.67.220.220
no ipv6 cef
!
!
license udi pid C887VA-W-A-K9 sn FTX16438246
!
!
username chigby privilege 15 secret 4 zj1j6t2Rkghk7whGDQRDbDU3cDyepuugsf0st1tSNE.
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
interface ATM0
description ADSL physical line
no ip address
no atm ilmi-keepalive
pvc 8/35
  tx-ring-limit 3
  encapsulation aal5snap
  pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
description LAN
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1420
bridge-group 1
!
interface Dialer0
description adsl authentication
ip address negotiated
ip access-group gateway in
ip mtu 1460
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
ppp chap hostname xxx@xxxx
ppp chap password 7 03515F13080xxxxx
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list nat interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended gateway
permit tcp any any established
permit tcp any eq domain any
permit udp any eq domain any
permit icmp any any echo-reply
deny   ip any any
ip access-list extended nat
permit ip 10.10.10.0 0.0.0.255 any
!
access-list 23 permit 10.10.10.0 0.0.0.255
no cdp run
!
!
!
!
snmp-server community public RO
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

xxx
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
xxxx
^C
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password 7 10420C0D10041504180C2F253D2726342C170E
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
0
Comment
Question by:DatawiseEX
  • 3
  • 2
5 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
Comment Utility
https://supportforums.cisco.com/docs/DOC-16145

Two differences in the examples versus your config are that they are using a trunk link between the AP and router modules which in your case shouldn't be needed, but maybe configure it that way anyway. It would make life easy if you decide to spin up another vlan/ssid because you would only need to add it to the trunk instead of creating the trunk from the ground up.

Also, the example does not define a bridge group on the vlan interface; only the L2 interfaces on the ap.
0
 

Author Comment

by:DatawiseEX
Comment Utility
Thanks for your advice. I really would be preferable not to do the trunking and multiple vlans if possible, as it seems it would add an unnecessary layer to the problem. viewing the comparisons that you have made has made me review it also. What I did notice is that bridge irb was not turned on, on the main module. I have turned this on, and the router can now see a bvi 1 interface from that module, which it was unable to do so previously. However, running a show ip int brief on the main module does not show an IP address as is seen from the wireless module.

I feel that we may be a step closer, but communication between the 2 modules still seems to be not working.

I will remove the bridge group from the vlan 1 as suggested.
0
 
LVL 20

Expert Comment

by:rauenpc
Comment Utility
A show ip int brief will only show the interfaces configured on the module you entered the command. Although both are contained within the same chassis, they very much operate independently. You should be able to see cdp neigh, and you should be able to ping the interfaces. From here I would say try to get a wireless client connected and see what happens. Once you are connected, a ping to the AP proves a functional connection, and a ping to the router's interface proves a functional bridge configuration. From there it's just router configuration, nat, acl, routing, etc.
0
 

Author Comment

by:DatawiseEX
Comment Utility
I understand that the 2 modules are separate configurations, but I assumed, perhaps mistakenly, that there should be some reference to some reference on the bridge on the router interface? I can connect a wireless client, but it seems to be able to only ping locally (the bvi interface on wlan side) and not the default gateway. It appears that communication between the 2 modules is down, although I do need to point out that the BVI interface I seems to be successfully getting a dhcp address.

Same goes for the router interface/physical lan clients, they are unable to ping addresses on the wlan interface
0
 

Author Closing Comment

by:DatawiseEX
Comment Utility
Thanks for the help. I ended up configuring up the multiple vlans as per the article linked, and this has worked. I guess some sort of "routing" problem was occurring with the single vlan/subnet.

Thanks all for your assistance.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now