cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1397
Views
9
Helpful
20
Replies

Can't turn up wireless interface on C870

nasdriver
Level 1
Level 1

Hi,

I can't figure out why the wireless interface is not comming up, or the SSID can't be found.

The current config:

THE CONNECTION TO THE SWITCH

interface FastEthernet4

description secondary-TO_SW

no ip address

no ip route-cache

duplex auto

speed 100

no cdp enable

!

interface FastEthernet4.109

encapsulation dot1Q 109

ip address 192.168.71.4 255.255.255.0

no ip route-cache

!

THE INTERFACE

R#sh run int dot11Radio 0

Building configuration...

Current configuration : 299 bytes

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 mode ciphers tkip

!

broadcast-key vlan 10 change 45

!

!

ssid MY SSID

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

rts threshold 2312

end

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 mode ciphers tkip

!

broadcast-key vlan 10 change 45

!

!

ssid MY SSID

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

rts threshold 2312

What am I missing?

Thank you

20 Replies 20

John Blakley
VIP Alumni
VIP Alumni

Under your ssid config, you need to set it to guest-mode to broadcast.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

I need it to be secure, and I've read:

"The access point includes the guest SSID in its beacon.

However, if the network must be secure, do not create a guest mode SSID on the access point.

"

ref: Cisco doc

is there any other way to bring it up?

John Blakley
VIP Alumni
VIP Alumni

If you don't want to broadcast, that's fine but you'll need to manually create an profile for your laptop to connect to it.

Not broadcasting the ssid isn't a good security measure by the way. Anyone can still capture wireless packets of someone connected to your ssid via configured profile and still get the ssid in the handshake between another user and their connection.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

I missunderstood that then.

I want to broadcast it as it will be used for the office guests anyway, and will set a password/

ok,

I got this:

R(config)#dot11 ssid MY SSID

R(config-ssid)#guest-mode

R(config-ssid)#

*Mar  5 12:08:16.833: %DOT11-4-NO_SSID: No SSID configured. Dot11Radio0 not started.

R(config-ssid)#

But the SSID is configured:

-------------------------------------------------------

R#sh run ssid MY SSID

Building configuration...

Current configuration:

dot11 ssid

MY SSID

vlan 10

authentication open

authentication network-eap eap_methods

authentication key-management wpa

guest-mode

end

R#

-------------------------------------------------------

R#sh run int dot11Radio 0

Building configuration...

Current configuration : 299 bytes

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 mode ciphers tkip

!

broadcast-key vlan 10 change 45

!

!

ssid MY SSID

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

rts threshold 2312

end

-------------------------------------------------------

Please post the complete ssid config and dot11 interface configuration.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

R#sh run ssid MY SSID

Building configuration...

Current configuration:

dot11 ssid MY SSID

vlan 10

authentication open

authentication network-eap eap_methods

authentication key-management wpa

guest-mode

end

R#sh run int dot11Radio 0

Building configuration...

Current configuration : 299 bytes

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 mode ciphers tkip

!

broadcast-key vlan 10 change 45

!

!

ssid MY SSID

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

rts threshold 2312

end

= =  =

I also added the following (in bold):

bridge irb

!

interface Vlan109 <----- The VLAN used on the F4 with the internet switch

no ip address

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

no ip address

!

bridge 1 route ip

!

Okay, let's start from the top. Did you create vlan 10 on the router? To verify this, you should be able to do "show vlan-switch". I don't have an 870 handy to look at, so this is almost like the blind leading the blind. On a normal AP, you have to tie a subinterface to a vlan. When you start creating vlans outside of the native, you have to tell the AP what vlan to attach to with subinterfaces. You may have to do that with this as well.

Try this. Keep your current ssid on d0. Then add the following:

int d0.10

encaps dot1 10

bridge-group 10

int fa0.10

encaps dot1q 10

bridge-group 10

int bvi1

ip address

Try to bring up the interface and see if it works. Let me know the outcome. This config could change if you have an integrated wireless adapter in the router.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

yes, the vlan is created on the switch:

R#show vlan-switch

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0, Fa1, Fa2, Fa3

10   VLAN0010                         active

109  VLAN0109                         active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        1002   1003

10   enet  100010     1500  -      -      -        -    -        0      0

109  enet  100109     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        1      1003

1003 tr    101003     1500  1005   0      -        -    srb      1      1002

1004 fdnet 101004     1500  -      -      1        ibm  -        0      0

1005 trnet 101005     1500  -      -      1        ibm  -        0      0

R#

after issuing:

int d0.10

encaps dot1 10

bridge-group 10

the interface came up, yes!

The next command I don't get it:

int fa0.10  <------------- Which sub interface is that?

encaps dot1q 10

bridge-group 10

There are two main interfaces involved;

The F4 to the switch and the interface Dot11Radio0

, please correct me if Im wrong?

Right now I can see the SSID, but it says that is secured with 802.1x instead of WPA, but this its the SSID config:

dot11 ssid MY SSID

vlan 10

authentication open

authentication network-eap eap_methods

authentication key-management wpa < -------------------------------

guest-mode

and when trying to define the key it says:

R(config-ssid)#wpa-psk ascii ***********

Error: WPA-PSK not supported with EAP/LEAP, with WPA mandatory

Yes, you have it configured with eap authentication with your "authentication network-eap" line under the ssid. Remove that line and then add "wpa-psk ascii "

For normal APs, you need the fa0.10 interface to bind to the d0 interface that attaches to the svi. You may not need it here though since you have the bvi interface and a vlan interface. Test without it first and see how it goes.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

ok,

its authenticating on the wifi client, but it get stuck on the "get ip", and the router cli shows:

*Mar  5 17:35:05.214: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station ac22.0b64.ca6c Reason: Sending station has left the BSS SSID[MY_SSID]

should add the DHCP pool, right?

something like:

ip dhcp pool WIRELESS

   network 10.10.1.0 255.255.255.0

   default-router 192.168.71.1  (the interface F4 default gateway, right?)

   dns-server ***.***.***.*** ***.***.***.*** (the ones provided my provider?)

!

router has:

ip default-gateway 192.168.71.1

one other dumb question?

How does it associates the dhcp pool to the wireless interface?

No, this is where your bvi comes in at. You'd add a pool for wireless:

ip dhcp pool WIRELESS

   network 10.10.1.0 255.255.255.0

   default-router 10.10.1.1  (the bvi interface)

   dns-server ***.***.***.*** ***.***.***.*** (the ones provided my provider?)

Create that with:

int bvi1

ip address 10.10.1.1 255.255.255.0

Oh, it associates dhcp to the wireless by seeing what the ssid is bound to. Since you have the ssid on d0, d0.10 is bound to the bvi. Anything that attaches to the ssid will show that it's coming from 10.10.1.0/24 and will associate to the pool on the router.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

still getting the following on the CLI when the tablet tries to get an IP:

18:08:56.487: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   ac22.0b64.ca6c Associated SSID[MY_SSID

] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]

*Mar  5 18:09:27.131: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station ac22.0b64.ca6c Reason: Sending station has left the BSS SSID[MY_SSID]

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: