Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1824
Views
0
Helpful
6
Replies

Cisco Series 881W VLAN Wireless

stanislav.tsvetajev
Level 1
Level 1

‎01-25-2011 01:13 AM - edited ‎03-04-2019 11:11 AM

Hello, the prolem is that i can not activate mbssid guest, the company wifi is working but the guest not. when i connect to guest it getting no ip address. Conf is here:

Current configuration : 3836 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname accespoint
!
enable secret 5 $1$SIp1$ZfFK7NIkfRRLiijGi/kNw.
!
no aaa new-model
ip dhcp use vrf connected
!
ip dhcp pool kylaline
   network 192.168.15.0 255.255.255.0
   default-router 192.168.15.1
   dns-server 192.168.15.1
   lease 25
!
!
dot11 syslog
dot11 vlan-name kylaline vlan 3
dot11 vlan-name lamp_1 vlan 1
!
dot11 ssid kylaline
   vlan 3
   authentication open
   mbssid guest-mode
!
dot11 ssid lamp_1
   vlan 1
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 0 M1da5@v33l
!
!
crypto pki trustpoint TP-self-signed-158797628
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-158797628
revocation-check none
rsakeypair TP-self-signed-158797628
!
!
crypto pki certificate chain TP-self-signed-158797628
certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353837 39373632 38301E17 0D313031 31303431 34333434
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3135 38373937
  36323830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C50705E9 B8F491FA 84AEC173 FB036BA7 6F58AF0F 9FED4F16 9FCE3C76 60ECFBC3
  4A5D584D 89244DD8 E038AC5E 281708E6 F3CCAC0A 8EE01B57 2762DB45 C278F3D8
  6E895289 C19602C0 FF80E3F9 6A53412D C95A123D E59A6C39 0ADA1E21 4145F968
  3693105E 9EA1950B 71A48DA2 CE838B7A 2C881476 C09729F1 BB124A9B AF2AD923
  02030100 01A36A30 68300F06 03551D13 0101FF04 05300301 01FF3015 0603551D
  11040E30 0C820A61 63636573 706F696E 74301F06 03551D23 04183016 80146978
  CADB901F ACB37924 5809F57B 5EF42B93 29AE301D 0603551D 0E041604 146978CA
  DB901FAC B3792458 09F57B5E F42B9329 AE300D06 092A8648 86F70D01 01040500
  03818100 9D67B90C 74C00C62 2AD5B16F 68C2C7BC 26DE2836 3478F3CF 200ED846
  A1E8B412 5B32EDA1 8D02F4DE E104C236 179047DC DF383AE0 D854329D E5EC8B19
  C6F3A7BB 884A4AAA DB151730 894900A6 422C6B58 2DC95F9C 5228435B E2A7D0DD
  B259E42B 16F7C736 91CEC9BC A4F1CFFA DD8CA08C 089DD50B E4DFCBCA 4061DD94 72632A55
  quit
username stanislav privilege 15 secret 5 $1$A2KE$Ndl2sPaFkO055UCgeqnY4/
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
ssid kylaline
!
ssid lamp_1
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface GigabitEthernet0
description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
no ip address
no ip route-cache
!
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
bridge 3 protocol ieee
!
!
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
cns dhcp
end

I tried to add bridge 3 route ip but i gives me the error: %command not allowed, route ip only allowed on bridge group 1

Labels:
0 Helpful
6 Replies 6

Laurent Aubert
Cisco Employee
Cisco Employee

‎01-25-2011 09:45 AM

Hi,

You don't need bridge 1 route ip as your L3 interface is on the router and not the access point. Be sure you have interface VLAN 1 and VLAN3 configured on the router with your DHCP settings. Also check on the router, interface Wlan-GigabitEthernet0 is configured as a L2 trunk with those two VLANs allowed.

HTH

Laurent.

0 Helpful

stanislav.tsvetajev
Level 1
Level 1
In response to Laurent Aubert

‎01-25-2011 11:44 AM

hello,

thax for answer. but problem is i have on router the vlan and dhcp. i dried to give wlan-gig 0 commands and its giving me the error:

console(config-if)#switchport trunk native vlan 1
console(config-if)#switchport trunk allowed vlan 1,3
Command rejected: Bad VLAN allowed list. You have to include all default vlans,

i haved made result in google and tried this link: http://www.cisco.com/en/US/products/hw/modules/ps2797/products_configuration_example09186a00808066b8.shtml#step2

it dident work.

0 Helpful

Laurent Aubert
Cisco Employee
Cisco Employee
In response to stanislav.tsvetajev

‎01-25-2011 02:39 PM

I have a 891W running similar config with two VLANs and it's working. Here is my config:

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

!

if you run some DHCP debug on the router, do you see the request send by the DHCP client ?

Please post the entire config of the router and the AP.

Thanks,

Laurent.

0 Helpful

stanislav.tsvetajev
Level 1
Level 1
In response to Laurent Aubert

‎01-26-2011 01:20 AM

#Router

Building configuration...

Current configuration : 6991 bytes
!
! Last configuration change at 09:00:44 UTC Wed Jan 26 2011 by root
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname console
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-1250669336
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1250669336
revocation-check none
rsakeypair TP-self-signed-1250669336
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.15.1
ip dhcp excluded-address 192.168.15.100 192.168.15.254
!
ip dhcp pool sisevork
   network 192.168.0.0 255.255.255.0
   dns-server 192.168.0.100 192.168.65.100
   default-router 192.168.0.1
!
ip dhcp pool kylaline
   network 192.168.15.0 255.255.255.0
   dns-server 192.168.15.1
   default-router 192.168.15.1
!
!
ip cef
ip domain name avaron.lan
ip host avarondc.avaron.lan 192.168.65.100
no ipv6 cef
!
!
license udi pid CISCO881W-GN-E-K9 sn FCZ1441C2MR
!
!
username root privilege 15 secret 5 $1$2O..$NUeS1vfJfyPMVtXTG7jQV.
!
!
!
!
crypto isakmp policy 2
authentication pre-share
crypto isakmp key xxxxx23 address xx.xxx.225.178
!
!
crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer xx.xxx.225.178
set transform-set ASA-IPSEC
match address 100
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description outside$ES_WAN$
ip address dhcp client-id FastEthernet4
ip access-group 103 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description trunk
switchport mode trunk
!
interface Vlan1
description inside
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan3
description kylaline
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 192.168.0.100 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.0.100 3389 interface FastEthernet4 3389
ip nat inside source list 110 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.131 3389 interface FastEthernet4 3390
ip route 0.0.0.0 0.0.0.0 80.235.55.129
ip route xx.xxx.225.0 255.255.255.0 80.235.55.129
ip route 192.168.65.0 255.255.255.0 80.235.55.129
!
ip access-list extended guestaccess
deny   ip any 192.168.0.0 0.0.0.255
permit ip any any
!
access-list 23 permit any
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.65.0 0.0.0.255
access-list 103 permit ip any any
access-list 103 permit icmp any any
access-list 103 permit gre any any
access-list 110 deny   ip 192.168.0.0 0.0.0.255 192.168.65.0 0.0.0.255
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
no cdp run

!
!
!
!
route-map nonnat permit 10
match ip address 110
!
!
control-plane
!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

#Accespoint

Current configuration : 3713 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname accespoint
!
enable secret 5 $1$SIp1$ZfFK7NIkfRRLiijGi/kNw.
!
no aaa new-model
ip dhcp use vrf connected
!
!
dot11 syslog
dot11 vlan-name kylaline vlan 3
dot11 vlan-name lamp_1 vlan 1
!
dot11 ssid kylaline
   vlan 3
   authentication open
   mbssid guest-mode
!
dot11 ssid lamp_1
   vlan 1
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 0 M1da5@v33l
!
!
crypto pki trustpoint TP-self-signed-158797628
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-158797628
revocation-check none
rsakeypair TP-self-signed-158797628
!
!
username stanislav privilege 15 secret 5 $1$A2KE$Ndl2sPaFkO055UCgeqnY4/
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
ssid kylaline
!
ssid lamp_1
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface GigabitEthernet0
description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
no ip address
no ip route-cache
!
no ip http server
no ip http secure-server
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
cns dhcp
end

0 Helpful

Laurent Aubert
Cisco Employee
Cisco Employee
In response to stanislav.tsvetajev

‎01-26-2011 09:39 AM

I don't see any obvious error in your config.

Do you see the DHCP Request on the router once your are connected via Wireless ? You can use debug ip dhcp server packet.

Also to check everything is in place, you can use sh vlan-switching and sh int Wlan-GigabitEthernet0 switchport commands.

HTH

Laurent.

0 Helpful

stanislav.tsvetajev
Level 1
Level 1
In response to Laurent Aubert

‎01-26-2011 10:30 AM


Name: Wl0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none

hears the show int wla-gig0 switchpo.

the resolution is meby software, image update?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card