09-06-2011 09:37 AM - edited 03-04-2019 01:31 PM
I have a 1941W router that I've been configuring for a while now! From the router, I can ping internal and external ip addresses (e.g. 4.2.2.2). But any device connected through the wireless ap cannot ping anything.
My network is configured as follows (brief):
Copper over ethernet connected to Adtran 908e connected to ASA 5505 (port: 192.168.150.254) connected to 1941W (GiE0/0).
If anyone can help me with this configuration i would be very grateful.
Attached is my current config. Thanks
Sterling#sh run
Building configuration...
Current configuration : 2245 bytes
!
! Last configuration change at 16:03:06 UTC Tue Sep 6 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Sterling
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.150.1 192.168.150.10
ip dhcp excluded-address 192.168.151.1
ip dhcp excluded-address 192.168.150.1 192.168.150.254
!
ip dhcp pool LAN-POOL
network 192.168.151.0 255.255.255.0
default-router 192.168.151.1
dns-server 4.2.2.2
lease 7
!
ip dhcp pool Sterling
!
ip dhcp pool lan-pool
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-A/K9 sn FTX140580W4
!
!
!
!
!
!
!
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
!
interface GigabitEthernet0/0
ip address dhcp
ip access-group to-lan in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface wlan-ap0
description internal switch int connecting to the embedded ap
ip address 192.168.152.1 255.255.255.0
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
ip address 192.168.153.1 255.255.255.0
ip access-group from-lan in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.151.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 192.168.150.254
ip route 192.0.0.0 255.255.255.0 192.168.150.1
!
ip access-list extended nat-list
permit ip 192.0.0.0 0.255.255.255 any
permit icmp 192.0.0.0 0.255.255.255 any
permit icmp any any
permit ip any any
!
!
!
!
control-plane
!
banner motd ^CNo Unauthorized Personel Allowed^C
!
line con 0
logging synchronous
line aux 0
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
logging synchronous
login
!
scheduler allocate 20000 1000
end
Sterling#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.150.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.150.254
is directly connected, GigabitEthernet0/0
S 192.0.0.0/24 [1/0] via 192.168.150.1
192.168.150.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.150.0/24 is directly connected, GigabitEthernet0/0
L 192.168.150.153/32 is directly connected, GigabitEthernet0/0
192.168.151.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.151.0/24 is directly connected, Vlan1
L 192.168.151.1/32 is directly connected, Vlan1
192.168.152.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.152.0/24 is directly connected, wlan-ap0
L 192.168.152.1/32 is directly connected, wlan-ap0
Sterling#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Wlan-GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0 192.168.150.153 YES DHCP up up
wlan-ap0 192.168.152.1 YES manual up up
GigabitEthernet0/1 192.168.153.1 YES manual down down
Vlan1 192.168.151.1 YES manual up up
NVI0 192.168.150.153 YES unset up up
Sterling#session ????????????rvice -module wlan-ap0 session
Trying 192.168.152.1, 2067 ... Open
Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt
No Unauthorized Personel Allowed
ap>enable
Password:
ap#sh run
Building configuration...
Current configuration : 3495 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 ??????????
enable password 7 ??????????
!
no aaa new-model
no ip domain lookup
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.155.1 192.168.155.10
!
ip dhcp pool lan-pool
network 192.168.150.0 255.255.255.0
default-router 192.168.151.1
dns-server 4.2.2.2
lease 7
!
!
dot11 syslog
!
dot11 ssid SterlingAcces
!
dot11 ssid SterlingAccess
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 ??????????
!
dot11 ssid StrerlingAccess
!
!
!
username Sterling????
username ?????????? password 7 ??????????
!
!
bridge irb
!
!
interface Dot11Radio0
description 802.11bgn radio
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key change 3600
!
!
ssid SterlingAccess
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
power local 14
station-role root access-point
no cdp enable
bridge-group 21
bridge-group 21 subscriber-loop-control
bridge-group 21 block-unknown-source
no bridge-group 21 source-learning
no bridge-group 21 unicast-flooding
bridge-group 21 spanning-disabled
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
mac-address 001c.58c1.c3e0
bandwidth 10000000
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers tkip
!
broadcast-key change 3600
!
antenna gain 0
no dfs band block
channel dfs
station-role root
payload-encapsulation dot1h
infrastructure-client
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded gigabitethernet 0 is an internal int connecting ap with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.21
description 802.11bgn bridge
encapsulation dot1Q 21
no ip route-cache
bridge-group 21
bridge-group 21 subscriber-loop-control
bridge-group 21 block-unknown-source
no bridge-group 21 source-learning
no bridge-group 21 unicast-flooding
bridge-group 21 spanning-disabled
!
interface BVI1
ip address 192.168.150.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
ip access-list extended nat-list
permit tcp 192.168.151.0 0.0.0.255 any
permit ip 192.168.153.0 0.0.0.255 any
bridge 1 route ip
!
!
alias exec dot11radio service-module wlan-ap0 session
!
line con 0
no activation-character
line vty 0 4
login local
no activation-character
no exec
transport preferred none
transport input all
!
end
ap#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide