Matt
asked on
Cisco Aironet Access Point DHCP via MS2008 R2
Hello,
I have Cisco Access Points (AIR-SAP1602I-E-K9) which I want to run stand alone without a controller and have my MS Server 2008 R2 distributing IP addresses. With my limited knowledge on these devices, I have gotten to the point where I can see my SSID from a wireless device, but cannot seem to gain an IP address from the server DHCP.
I have added server option 43 to my server DHCP but still no joy. My Access point just continually flashes a green light (slowly).
Any help would be appreciated.
I have Cisco Access Points (AIR-SAP1602I-E-K9) which I want to run stand alone without a controller and have my MS Server 2008 R2 distributing IP addresses. With my limited knowledge on these devices, I have gotten to the point where I can see my SSID from a wireless device, but cannot seem to gain an IP address from the server DHCP.
I have added server option 43 to my server DHCP but still no joy. My Access point just continually flashes a green light (slowly).
Any help would be appreciated.
Henk van Achterberg
Can you post your sanitzed config?
ASKER
ESSAP11#show config
Using 2531 out of 32768 bytes
!
! Last configuration change at 00:29:28 UTC Mon Mar 1 1993 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXX
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name XXXXXXX
!
!
!
dot11 syslog
dot11 vlan-name XXXX vlan 1001
!
dot11 ssid XXXX
authentication open
!
dot11 ssid XXXXXX
vlan 1001
band-select
authentication open
guest-mode
mobility network-id 1001
!
!
dot11 network-map
crypto pki token default removal timeout 0
!
!
username XXXX password 7 XXXXXXXXXX
username XXXX privilege 15 password 7 XXXXXXXXXXX
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid XXXXX
!
ssid XXXXX
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
Using 2531 out of 32768 bytes
!
! Last configuration change at 00:29:28 UTC Mon Mar 1 1993 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXX
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name XXXXXXX
!
!
!
dot11 syslog
dot11 vlan-name XXXX vlan 1001
!
dot11 ssid XXXX
authentication open
!
dot11 ssid XXXXXX
vlan 1001
band-select
authentication open
guest-mode
mobility network-id 1001
!
!
dot11 network-map
crypto pki token default removal timeout 0
!
!
username XXXX password 7 XXXXXXXXXX
username XXXX privilege 15 password 7 XXXXXXXXXXX
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid XXXXX
!
ssid XXXXX
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
you need to attach <<IP helper address>> of your MS server IP in the config to get the IP form MS server.
command is IP helper-address <<MS server IP>>...check the command
command is IP helper-address <<MS server IP>>...check the command
check this also:
This example shows how to configure the wireless device as a DHCP server, exclude a range of IP address, and assign a default router:
AP# configure terminal
AP(config)# ip dhcp excluded-address 172.16.1.1 172.16.1.20
AP(config)# ip dhcp pool wishbone
AP(dhcp-config)# network 172.16.1.0 255.255.255.0
AP(dhcp-config)# lease 10
AP(dhcp-config)# default-router 172.16.1.1
AP(dhcp-config)# end
This example shows how to configure the wireless device as a DHCP server, exclude a range of IP address, and assign a default router:
AP# configure terminal
AP(config)# ip dhcp excluded-address 172.16.1.1 172.16.1.20
AP(config)# ip dhcp pool wishbone
AP(dhcp-config)# network 172.16.1.0 255.255.255.0
AP(dhcp-config)# lease 10
AP(dhcp-config)# default-router 172.16.1.1
AP(dhcp-config)# end
ASKER
Thank you Sandeep, I don't want the APs to be DHCP servers, DHCP is to come from the MS Server 2008 R2.
in that case you need to put ip helper-address <<MS server ip>>
on the lan interface
ASKER
Thank you, have done as suggested but still cannot connect to the AP. Here is the updated config, any further suggestions?
!
hostname ESSAP11
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name XXXXXX
!
!
!
dot11 syslog
dot11 vlan-name XXXX vlan 1001
!
dot11 ssid XXXX
authentication open
!
dot11 ssid XXXX
vlan 1001
band-select
authentication open
guest-mode
mobility network-id 1001
!
!
dot11 network-map
crypto pki token default removal timeout 0
!
!
username Cisco password 7 XXXXXX
username XXXX privilege 15 password 7 XXXXXXXXX
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid XXXX
!
ssid XXXX
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip helper-address 10.16.1.21
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
ip helper-address 10.16.1.21
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
!
hostname ESSAP11
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name XXXXXX
!
!
!
dot11 syslog
dot11 vlan-name XXXX vlan 1001
!
dot11 ssid XXXX
authentication open
!
dot11 ssid XXXX
vlan 1001
band-select
authentication open
guest-mode
mobility network-id 1001
!
!
dot11 network-map
crypto pki token default removal timeout 0
!
!
username Cisco password 7 XXXXXX
username XXXX privilege 15 password 7 XXXXXXXXX
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid XXXX
!
ssid XXXX
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip helper-address 10.16.1.21
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
ip helper-address 10.16.1.21
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
you should put ip helper-address 10.16.1.21 at the BVI1 interface I guess.
ASKER
Thank you Henk, I have added IP helper-address 10.16.1.21 to the BVI1 interface, still cannot connect to the AP.
when you give your client a fixed IP address can you connect to your AP and ping the AP?
why your radio interface is shutdown?
can you try this config:
!
! Last configuration change at 00:39:50 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP-01
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
!
!
!
dot11 syslog
!
dot11 ssid Office
vlan 1001
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 0 wifipassword
!
!
!
crypto pki token default removal timeout 0
!
!
username ap_admin privilege 15 secret 0 ap_password
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 1001 mode ciphers aes-ccm
!
!
ssid Office
!
antenna gain 0
stbc
beamform ofdm
mbssid
station-role root
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1001 mode ciphers aes-ccm
!
!
ssid Office
!
antenna gain 0
no dfs band block
stbc
beamform ofdm
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.1001
encapsulation dot1Q 1001
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
ok..one more point check you have enabled dhcp services:
run the command form global configuration mode:
service dhcp
run the command form global configuration mode:
service dhcp
I see you have not enabled it...just do it..it should work
Sandeep Gupta: The topic starter wants to get an IP address from the Windows DHCP Server. You are referring to the DHCP service on the Access Point itself! I think there is something else wrong, that is why I put my config there so the TS can check if it is something else.
Henk, as far as I know ....user want to get IP address for MS server and thus he should apply "ip helper-address <<ms server ip>". Such kind of service can work if "service dhcp' is enabled...
if still he is not able to get IP then you are correct there might be some another problem.
if still he is not able to get IP then you are correct there might be some another problem.
You don't need to attach the IP helper at all - the helper needs to be on the router that serves VLAN 1001, unless the DHCP server is in VLAN 1001 - in that case no helper is needed at all.
Option 43 is used to tell the AP what the controller IP is. You're using autonomous APs here so Option 43 is not required.
The issue is the interface configuration by the look of it. I don't think you're configuring via the GUI as the first SSID isn't attached to a VLAN and you HAVE to attach all SSIDs to VLANs when you enable VLANs - you can't have one SSID with a VLAN but another SSID with no VLAN. If you log in via the GUI and go to the SSID Manager page you will get a popup moaning at you and the radio interfaces will go down.
Did you post the whole config from the AP with only SSIDs and passwords stripped?
Option 43 is used to tell the AP what the controller IP is. You're using autonomous APs here so Option 43 is not required.
The issue is the interface configuration by the look of it. I don't think you're configuring via the GUI as the first SSID isn't attached to a VLAN and you HAVE to attach all SSIDs to VLANs when you enable VLANs - you can't have one SSID with a VLAN but another SSID with no VLAN. If you log in via the GUI and go to the SSID Manager page you will get a popup moaning at you and the radio interfaces will go down.
Did you post the whole config from the AP with only SSIDs and passwords stripped?
ASKER
Hi Craigbeck,
Thank you for your comments. I have removed the SSID with no VLAN but still have the same issue, I can see the SSID 'ESSWifi' but cannot connect to it. I tried to remove the ip helper-address from all interfaces but seems I was not successful. Please find following the current interface with only my passwords stripped. Would appreciate any further advice.
!
hostname ESSAP11
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name ess-gabon
!
!
!
dot11 syslog
dot11 vlan-name ESSHQ vlan 1001
!
dot11 ssid ESSWifi
vlan 1001
band-select
authentication open
guest-mode
mobility network-id 1001
!
!
dot11 network-map
crypto pki token default removal timeout 0
!
!
username Cisco password 7 xxxxxx
username admin privilege 15 password 7 xxxxxx
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid ESSWifi
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip helper-address 10.16.1.21
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
ip helper-address 10.16.1.21
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
Thank you for your comments. I have removed the SSID with no VLAN but still have the same issue, I can see the SSID 'ESSWifi' but cannot connect to it. I tried to remove the ip helper-address from all interfaces but seems I was not successful. Please find following the current interface with only my passwords stripped. Would appreciate any further advice.
!
hostname ESSAP11
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name ess-gabon
!
!
!
dot11 syslog
dot11 vlan-name ESSHQ vlan 1001
!
dot11 ssid ESSWifi
vlan 1001
band-select
authentication open
guest-mode
mobility network-id 1001
!
!
dot11 network-map
crypto pki token default removal timeout 0
!
!
username Cisco password 7 xxxxxx
username admin privilege 15 password 7 xxxxxx
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid ESSWifi
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip helper-address 10.16.1.21
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
ip helper-address 10.16.1.21
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
ASKER
Hello,
I need to revive this issue again and I am still facing the same problem. Can anybody tell me why I am not seeing the MS Server DHCP?
Really appreciate any help.
Thank you,
Matt
I need to revive this issue again and I am still facing the same problem. Can anybody tell me why I am not seeing the MS Server DHCP?
Really appreciate any help.
Thank you,
Matt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, I ran as requested but still not seeing the DHCP server. Please note that I removed the ESSHQ ssid. The current config is below, have I missed something?
!
hostname ESSAP11
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name ess-gabon
!
!
!
dot11 syslog
!
dot11 ssid ESSWifi
vlan 1001
authentication open
mobility network-id 1001
!
!
crypto pki token default removal timeout 0
!
!
username XXXX password XXXXXXXXXXXX
username XXXX privilege 15 password XXXXXXXXXXXXXXXXXXXX
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid ESSWifi
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip helper-address 10.16.1.21
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
!
hostname ESSAP11
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
ip domain name ess-gabon
!
!
!
dot11 syslog
!
dot11 ssid ESSWifi
vlan 1001
authentication open
mobility network-id 1001
!
!
crypto pki token default removal timeout 0
!
!
username XXXX password XXXXXXXXXXXX
username XXXX privilege 15 password XXXXXXXXXXXXXXXXXXXX
!
!
ip ssh version 1
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 AD267B074B62 transmit-key
encryption mode wep mandatory
!
encryption vlan 1001 key 1 size 40bit 7 047A5F14383E transmit-key
encryption vlan 1001 mode wep optional
!
ssid ESSWifi
!
antenna gain 0
traffic-metrics aggregate-report
stbc
beamform ofdm
power local 10
channel 2462
station-role root
dot11 dot11r pre-authentication over-air
!
interface Dot11Radio0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip helper-address 10.16.1.21
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1001
encapsulation dot1Q 1001 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.16.1.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
ASKER
Also, incidentally, I cannot connect to ssid ESSWifi using a static IP and the ssid is showing as 'Hidden Network'
Ok, I asked you to change what I pasted into my post, but you changed something else.
Can you please do what I suggested, then try again?
The SSID was being broadcast before you removed the guest-mode command from the SSID. I didn't ask you to do that. Also, the mobility VLAN ID is still in the config.
Can you please do what I suggested, then try again?
The SSID was being broadcast before you removed the guest-mode command from the SSID. I didn't ask you to do that. Also, the mobility VLAN ID is still in the config.
ASKER
Thank you for your help craigbeck, I finally got there, all connecting fine now.