08-08-2012 10:52 PM - edited 03-04-2019 05:13 PM
Hello,
We let cisco professional to configure 1941w router with EHWIC-3G card. So the Gig 0/0 and wlan clients could communicate the internet over 3G.
So we bought another 1941w and copied the config over to new one. Can ping from console but not from client pc.
The only differents between old and new is "ip source-nat" line. New router just don't save it to running-conf. No errors also.
Router#show run
Building configuration...
Current configuration : 3238 bytes
!
! No configuration change since last restart
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.1.31
!
ip dhcp pool sise
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 194.204.0.1
!
ip dhcp pool wifi
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
dns-server 194.204.0.1
!
!
ip cef
multilink bundle-name authenticated
!
chat-script gsm0 "" "ATDT*99*3#" TIMEOUT 60 "CONNECT"
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941W-E/K9 sn xxxxxxxxxxxxxx
hw-module ism 0
!
!
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
controller Cellular 0/0
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer string gsm0
dialer-group 1
async mode interactive
ppp chap hostname elisa
ppp chap password 0 elisa
ppp ipcp dns request
!
interface Cellular0/0/1
no ip address
encapsulation ppp
!
interface Vlan1
ip address 10.10.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description WiFi
ip address 10.10.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list natlist interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
!
ip access-list extended natlist
permit ip 10.10.1.0 0.0.0.255 any
permit ip 10.10.2.0 0.0.0.255 any
permit ip 10.10.3.0 0.0.0.255 any
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
script dialer gsm0
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
exec-timeout 0 0
script dialer gsm0
modem InOut
no exec
transport input all
transport output all
rxspeed 7200000
txspeed 5760000
line 0/0/1
no exec
rxspeed 7200000
txspeed 5760000
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
Please help.
Thank You
08-09-2012 05:22 AM
I noticed one difference.
Old router config was starting with line "version 15.1"
But now is 15.2.
Should i downgrade to 15.1?
08-09-2012 08:57 AM
Andri,
don't downgrade your router unless strange IOS behaviour and find out why the ip source nat command line does not come up in your config. With no NAT all the private IP (like your host) won't go in anywhere while the router possibly is chosing a public IP to encapsulate the ongoing packet. try this:
ping Internet_IP source 10.10.11.1
you should not get any echo-reply also if you do this from console. if i am right you definitely need to write down the line code for NAT on the new 1941w.
HTH
Alessio
08-09-2012 09:03 AM
I'm not an expert - thats why i cant write new code.
So far i have progress. Downgraded to 15.1 and the nat is working now.
But there is new problem. Wireless clients cant get their ip from dhcp.
Here is AP config:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 xxxxxxxxxxxxxx
!
no aaa new-model
no ip domain lookup
!
!
dot11 syslog
!
dot11 ssid kbv
vlan 2
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxx
!
!
!
username tester privilege 15 secret 5 xxxxxxxxxxxxxx
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
broadcast-key vlan 2 change 3600
!
!
ssid kbv
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
broadcast-key vlan 2 change 3600
!
!
ssid kbv
!
antenna gain 0
no dfs band block
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 10.10.3.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.3.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
no activation-character
line vty 0 4
login local
!
end
08-09-2012 09:09 AM
Hi Andri,
you did not write any dhcp pool so you can't provide IPs to your wireless clients. If the dhcp server is not the router but a server in another point of the network possibly you want to implemen on the vlan of your clients the ip helper-address command to point to the dhcp server ip address.
Alessio
PS: very few in this forum are real experts (me EXcluded)
08-09-2012 09:13 AM
On the router side there are dhcp pool for wlan. On the first router it did work.
ip dhcp pool wifi
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
dns-server 194.204.0.1
08-09-2012 09:28 AM
Set the excluded ip addresses in the pool
Alessio
08-09-2012 10:45 AM
Added it, but still nothing.
Now it looks following:
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.1.31
ip dhcp excluded-address 10.10.2.1 10.10.2.31
!
ip dhcp pool sise
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 194.204.0.1
!
ip dhcp pool wifi
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
dns-server 194.204.0.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide