Solved

1941w - Can't access AP configuration

Posted on 2013-06-06
3
865 Views
Last Modified: 2013-06-17
Setting up a new 1941w router.  Already have another one offsite that's working great.  Based the new configuration on the one I have working and can route traffic, etc.  My problem with this new one is that I cannot get into the embedded AP to configure.  My configuration follows this question.  I have checked status of the interfaces and everything is up except VLAN2.  I've used the command no shutdown within the VLAN2 interface, but the operational status is still reading down.  The admin status is reading up.  All other interfaces are up and up.  I say this because I suspect it may be my problem, but I know I could be wrong.  When I try to go into the AP config I use the command:

     service-module wlan-ap 0 session

the 1941w returns to the screen

     Trying 10.10.10.10, 2067 ...

and then says

     % Connection timed out; remote host not responding

I'm hoping this is any easy fix for the experts here.  Thanks in advance for any help you can give.  The full configuration is:

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1941w
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
memory-size iomem 25
clock timezone EST -5 0
clock summer-time EDT recurring
service-module wlan-ap 0 bootimage autonomous
!
ip cef
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.1.9.51 10.1.9.255
!
ip dhcp pool ighqcolo
 network 10.1.9.0 255.255.255.0
 domain-name routersrus.com
 default-router 10.1.9.245
 dns-server 10.1.1.100 10.1.1.101
!
!
!
ip domain name routersrus.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-A/K9 sn xxxxxxxxxxxx
hw-module ism 0
!
!
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
redundancy
!
!
!
!
!
!
class-map match-all voice
  description Voice Traffic
 match ip precedence 5
!
policy-map VOIP
 class voice
  priority 512
 class class-default
  fair-queue
!
!
!
!
!
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description MPLS
 ip address 198.16.152.226 255.255.255.252
 duplex full
 speed 100
 no mop sysid
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan2
 arp timeout 0
 no mop enabled
 no mop sysid
!
interface GigabitEthernet0/1
 description internal Lan
 no ip address
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no mop sysid
 bridge-group 1
!
interface Wlan-GigabitEthernet0/0
 description Internal switch interface connecting to the embedded AP
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
!
interface Vlan1
 no ip address
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan2
 ip address 10.10.10.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 bridge-group 1
!
interface BVI1
 ip address 10.1.9.245 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 198.16.152.226
!
access-list 1 permit any
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.1.1.0 0.0.0.255
access-list 23 permit 10.1.9.0 0.0.0.255
access-list 23 permit 10.2.1.0 0.0.0.255
access-list 100 permit ip any any
dialer-list 1 protocol ip list 1
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
 password 7 xxxxxxxxxxxxxxxxxxxxxxx
 login
line aux 0
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
 login
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output none
 stopbits 1
line 67
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output all
line vty 0 4
 access-class 23 in
 privilege level 15
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
 login
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 password xxxxxxxxxxxxxxxxxxx
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/1
ntp server 128.59.59.177
!
end
0
Comment
Question by:tparrett
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 39228041
Assign a management IP address to interface wlan-ap0 and then telnet in from the router's command prompt. That should do the trick.

It needs to be on its own network, so a /32 address that's unassociated with your other networks is best.

Failing that, you should be able to reach its console directly by telnetting into your router's BVI interface's IP address on port 2002. You'll need to enter your router credentials to access the line itself and then you may need to enter separate credentials to access the AP console once you're connected.
0
 

Author Comment

by:tparrett
ID: 39230380
Thank for the response- - I ended up getting this going yesterday, but not sure why I needed to do what I did.  Here's what happend:

 
With Chrome - Logged in to https://10.1.9.245

Went to Interfaces> Highlighted VLAN2 selected edit

At this point I did NOT make any changes was just looking at

Clicked OK and the AP turned on.  

Now admin status and operational status are both up

 
I am able to go into the CLI  for the AP configuration at this point and get it setup.  Now I'm struggling with the fact that my computer can connect to the AP, but I don't get an IP address from the dhcp that is configured on the router.  I get an ip address when wired, just can't get one through wireless.

 
The configuration has not changed since the above configuration I originally posted.  The following is my AP configuration.  Also, I used the same setup as a working 1941w I already have online.

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

logging rate-limit console 9

enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

enable password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid ROUTERWAP1

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX!

!

username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid ROUTERWAP1

!

antenna gain 0

station-role root access-point

no dot11 extension aironet

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

antenna gain 0

dfs band 3 block

channel dfs

station-role root access-point

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.1.9.52 255.255.255.0

no ip route-cache

!

ip default-gateway 10.1.9.245

ip http server

ip http secure-server

ip http help-path

http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

 
bridge 1 protocol ieee

bridge 1 route ip

!

!

!

line con 0

privilege level 15

login local

no activation-character

line vty 0 4

password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX

login

transport input telnet

!

end
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 39230405
It looks mostly good, but there are a few extraneous pieces of configuration that I would pull out at least for testing.  Try this:

interface Wlan-GigabitEthernet0/0
 description Internal switch interface connecting to the embedded AP
 switchport access vlan 2
 switchport mode access
 no switchport trunk native vlan 2
!
interface Vlan1
 no ip nat inside
 no ip virtual-reassembly in
!
interface Vlan2
 no ip address 10.10.10.10 255.255.255.0
 no ip nat inside
 no ip virtual-reassembly in

That will take the router down to a simple bridging configuration for VLAN2 and will be easier to troubleshoot.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now