cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
10
Helpful
10
Replies

857w need help in configuring radio interface

kayasaman
Level 1
Level 1

Hi,

I've tried many times to get help for my 857W as the NAT keeps crashing on me in fact once per day! Yes it really is that severe as I run servers behind it which need to be accessable by the web.

I think the cause of the problem was that I used SDM Express to bridge the Wireless interface with Vlan1?

I am in the process of regenerating the config only I haven't managed to find any documentation through Google in setting up the wireless interface properly.

I'm guessing that bridging it with VLan1 is not the way to go?

I have attached the config I've got so far, if anyone sees anything wrong with it please let me know as I think I've configured the NAT correctly now but I'm not certain. And also if someone could help me with the wireless config too that would be brilliant.

I am running IOS 12.4(15)T

I would be really greatfull for any ideas!

1 Accepted Solution

Accepted Solutions

Hello Kaya,

I knew of a limit of up to 2 vlans in this class of small of routers for this I have suggested to use two vlans.

anyway a L3 object vlan will goes up when at least one physical port associated to it is up/up.

you have configured bridge-group 2

you need to apply bridge-group 2 under vlan1 or you need to configure a radio subinterface that uses dot1q 2 and to apply bridge-group 2 to vlan2

Edit:

please change the following:

interface Dot11Radio0.2

encapsulation dot1Q 1 native

in

interface Dot11Radio0.2

encapsulation dot1Q 2 native

the real vlan number is the the dot1q vlan-id not the subinterface index that actually can be arbitrary.

For this reason you have no port in vlan2 and for this reason vlan2 SVI (L3 interface) is not up.

Hope to help

Giuseppe

View solution in original post

10 Replies 10

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello,

according to this configuration guide you can bridge between wireless lan and vlan

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/857sg_bk.pdf

Your current configuration doesn't provide a L3 exit point for wireless users because vlan 1 is shut down.

You can use integrated routing and bridging

int BVI X

ip address 192.168.2.1 255.255.255.0

ip nat inside

int vlan X

no ip address

bridge-group X

+

iinterface Dot11Radio0.X

encapsulation dot1Q X

bridge-group X

bridge-group X subscriber-loop-control

bridge-group X spanning-disabled

bridge-group X block-unknown-source

no bridge-group X source-learning

no bridge-group X unicast-flooding

!

access-list 11 permit 192.168.2.0 0.0.0.255

+ ip nat inside source list 11 int dialer0 overload

notice the additional specific bridge commands dor interface radio.

or you can choice not to use at all the wireless and you should be fine.

Hope to help

Giuseppe

Thank you for the reply!

I can see that the config you gave for the wireless is similar to the config I'm using currently which is crashing my NAT as severly as every day.

At the moment I'm using vlan1 but have read that Cisco do not recommend to use it.

I have included my current config which does contain the bridge elements but I don't know if it has gone too far by generating some very confusing and strange ACL's.

The question I have to ask now is, would a misconfigured bridge interface cause NAT issues? Or would the NAT issues be due to something else?

Hello Kaya,

your configuration looks like fine.

My suggestion was actually to use two different vlans one for wired ethernet and one for wireless lan.

the NAT configuration then may need to be changed to reflect but it is possible to have two NAT inside interfaces.

This would separate the two broadcast domains and can help.

>> would a misconfigured bridge interface cause NAT issues? Or would the NAT issues be due to something else?

bridging works at OSI layer 2, NAT works at OSI layer 3 to 5 (at least).

But it is difficult to say what is the problem without a detailed analysis.

Hope to help

Giuseppe

Many thanks again!

If I changed my config for the wireless to use say Vlan2, on network 192.168.0.1 255.255.255.0 would that still be able to communicate with the 192.168.1.0/24 network on Vlan1? Or would I need to use inter vlan switching for it as I'm not sure how to do this?

The output of show dsl interface is:

ATM0

Alcatel 20190 chipset information

ATU-R (DS) ATU-C (US)

Modem Status: Showtime (DMTDSL_SHOWTIME)

DSL Mode: ITU G.992.5 (ADSL2+) Annex A

ITU STD NUM: 0x03 0x2

Chip Vendor ID: 'STMI' 'GSPN'

Chip Vendor Specific: 0x0000 0x0010

Chip Vendor Country: 0x0F 0xFF

Modem Vendor ID: 'CSCO' 'GSPN'

Modem Vendor Specific: 0x0000 0x1000

Modem Vendor Country: 0xB5 0xFF

Serial Number Near: FCZ111840K1

Serial Number Far:

Modem VersChip ID: C196 (0)

DFE BOM: DFE3.0 Annex A (1)

Chip ID: C196 (0)

DFE BOM: DFE3.0 Annex A (1)

Capacity Used: 99% 95%

Noise Margin: 11.0 dB 9.0 dB

Output Power: 20.0 dBm 9.5 dBm

Attenuation: 19.5 dB 7.0 dB

Defect Status: None None

Last Fail Code: None

Watchdog Counter: 0xC6

Watchdog Resets: 0

Selftest Result: 0x00

Subfunction: 0x00

Interrupts: 45209 (0 spurious)

PHY Access Err: 0

Activations: 11

LED Status: ON

LED On Time: 100

LED Off Time: 100

Init FW: init_3.0.33_nobist.bin

Operation FW: AMR-3.0.033.bin

FW Source: external

FW Version: 3.0.33

DS Channel1 DS Channel0 US Channel1 US Channel0

Speed (kbps): 0 16689 0 798

Cells: 0 30017316 0 42241457

Reed-Solomon EC: 0 0 0 0

CRC Errors: 0 37786 0 0

Header Errors: 0 29496 0 0

Total BER: 0E-0 3435E-7

Leakage Average BER: 0E-0 7918E-10

Interleave Delay: 0 20 0 52

ATU-R (DS) ATU-C (US)

Bitswap: enabled enabled

Bitswap success: 0 0

Bitswap failure: 0 0

LOM Monitoring : Enabled

LOM watch configured for 200 times

LOM appeared continuously for 0 times

[...]

DSL: Training log buffer capability is not enabled

The error for crc, header and BER values look pretty high is that normal with a dsl line?

Or should a post bakc with a show tech once the system crashes again?

Hello Kaya,

a router when the command

ip routing is configured does its job: that is at least to route traffic between the different connected subnets.

So there shouldn't be problems but only advantages in using two different subnets

About DSL :

the error rate is given by:

37786 / 30017316 = 1,25 10^-3

is actually high

Hope to help

Giuseppe

Thank you!

So now I will deploy a second Vlan for my wireless interface.

Regarding the error rate, that would be caused by the line wouldn't it perhaps by the DSLAM not being provisioned properly?

Should I go and contact my ISP with this and see if they can aleviate the issue?

I mean as long as it's not my box then I know who to contact. Otherwise if it induced by my config somewhere then I will need to sort that.

Oh my I've just learned that the 857 will only support one wired vlan.

Ontop of trying to configure another one.

I'm sorry to have to ask this but would you be able to assist me?

So far I have added:

interface Dot11Radio0

no ip address

!

encryption vlan 2 key 1 size 40bit xxx transmit-key

encryption vlan 2 mode ciphers wep40

interface Dot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 spanning-disabled

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

interface Vlan2

no ip address

interface BVI2

description Bridge between Vlan20 and Dot11Radio0.1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

access-list 1 permit 192.168.0.0 0.0.0.255

bridge 2 protocol ieee

bridge 2 route ip

althuogh it doesn't seem to be working as vlan2 doesn't come up?

Based on this link:

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html

I have attached what I have got so far which doesn't work?

The radio interface doesn't come up?

I am assuming that it is because I haven't got vlan1 configured in a bridge group to interface dot11radio0.1?

Hello Kaya,

I knew of a limit of up to 2 vlans in this class of small of routers for this I have suggested to use two vlans.

anyway a L3 object vlan will goes up when at least one physical port associated to it is up/up.

you have configured bridge-group 2

you need to apply bridge-group 2 under vlan1 or you need to configure a radio subinterface that uses dot1q 2 and to apply bridge-group 2 to vlan2

Edit:

please change the following:

interface Dot11Radio0.2

encapsulation dot1Q 1 native

in

interface Dot11Radio0.2

encapsulation dot1Q 2 native

the real vlan number is the the dot1q vlan-id not the subinterface index that actually can be arbitrary.

For this reason you have no port in vlan2 and for this reason vlan2 SVI (L3 interface) is not up.

Hope to help

Giuseppe

Thank you for all your help, Giuseppe!

I really appreciate it. Everything is working fine now, although I think I need to upgrade to a larger router as it seems that I've out grown this one but hopefully when I have the budget for it things will be ok. :))

Best Regards

Kaya

Review Cisco Networking for a $25 gift card