09-19-2011 06:46 AM - edited 03-04-2019 01:39 PM
Hi
I have a copper over ethernet connected to an adtran 908e connected to an ASA 5505 with a port 192.168.150.254 connected to the router on the Gigabitethernet 0/0
I can ping to internal and external ip addresses but when a device is connected through the wireless signal then the device cannot ping anything;
Any thoughts what could be stopping the device from pinging any ip addresses internal and external?
I posted my current config for the router and ap:
Router:
Current configuration : 2245 bytes
!
! Last configuration change at 16:03:06 UTC Tue Sep 6 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CivilTech
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.150.1 192.168.150.10
ip dhcp excluded-address 192.168.151.1
ip dhcp excluded-address 192.168.150.1 192.168.150.254
!
ip dhcp pool LAN-POOL
network 192.168.151.0 255.255.255.0
default-router 192.168.151.1
dns-server 4.2.2.2
lease 7
!
ip dhcp pool CivilTech
!
ip dhcp pool lan-pool
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-A/K9 sn FTX140580W4
!
!
!
!
!
!
!
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
!
interface GigabitEthernet0/0
ip address dhcp
ip access-group to-lan in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface wlan-ap0
description internal switch int connecting to the embedded ap
ip address 192.168.152.1 255.255.255.0
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
ip address 192.168.153.1 255.255.255.0
ip access-group from-lan in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.151.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 192.168.150.254
ip route 192.0.0.0 255.255.255.0 192.168.150.1
!
ip access-list extended nat-list
permit ip 192.0.0.0 0.255.255.255 any
permit icmp 192.0.0.0 0.255.255.255 any
permit icmp any any
permit ip any any
!
!
!
!
control-plane
!
banner motd ^CNo Unauthorized Personel Allowed^C
!
line con 0
logging synchronous
line aux 0
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
logging synchronous
login
!
scheduler allocate 20000 1000
end
Sterling#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.150.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.150.254
is directly connected, GigabitEthernet0/0
S 192.0.0.0/24 [1/0] via 192.168.150.1
192.168.150.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.150.0/24 is directly connected, GigabitEthernet0/0
L 192.168.150.153/32 is directly connected, GigabitEthernet0/0
192.168.151.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.151.0/24 is directly connected, Vlan1
L 192.168.151.1/32 is directly connected, Vlan1
192.168.152.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.152.0/24 is directly connected, wlan-ap0
L 192.168.152.1/32 is directly connected, wlan-ap0
Sterling#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Wlan-GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0 192.168.150.153 YES DHCP up up
wlan-ap0 192.168.152.1 YES manual up up
GigabitEthernet0/1 192.168.153.1 YES manual down down
Vlan1 192.168.151.1 YES manual up up
NVI0 192.168.150.153 YES unset up up
AP:
ap>enable
Password:
ap#sh run
Building configuration...
Current configuration : 3495 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 ??????????
enable password 7 ??????????
!
no aaa new-model
no ip domain lookup
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.155.1 192.168.155.10
!
ip dhcp pool lan-pool
network 192.168.150.0 255.255.255.0
default-router 192.168.151.1
dns-server 4.2.2.2
lease 7
!
!
dot11 syslog
!
dot11 ssid CivilTechAccess
!
dot11 ssid CivilTechAccess
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 ??????????
!
dot11 ssid CivilTechAccess
!
!
!
username CivilTech
username ?????????? password 7 ??????????
!
!
bridge irb
!
!
interface Dot11Radio0
description 802.11bgn radio
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key change 3600
!
!
ssid CivilTechAccess
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
power local 14
station-role root access-point
no cdp enable
bridge-group 21
bridge-group 21 subscriber-loop-control
bridge-group 21 block-unknown-source
no bridge-group 21 source-learning
no bridge-group 21 unicast-flooding
bridge-group 21 spanning-disabled
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
mac-address 001c.58c1.c3e0
bandwidth 10000000
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers tkip
!
broadcast-key change 3600
!
antenna gain 0
no dfs band block
channel dfs
station-role root
payload-encapsulation dot1h
infrastructure-client
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded gigabitethernet 0 is an internal int connecting ap with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.21
description 802.11bgn bridge
encapsulation dot1Q 21
no ip route-cache
bridge-group 21
bridge-group 21 subscriber-loop-control
bridge-group 21 block-unknown-source
no bridge-group 21 source-learning
no bridge-group 21 unicast-flooding
bridge-group 21 spanning-disabled
!
interface BVI1
ip address 192.168.150.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
ip access-list extended nat-list
permit tcp 192.168.151.0 0.0.0.255 any
permit ip 192.168.153.0 0.0.0.255 any
bridge 1 route ip
!
!
alias exec dot11radio service-module wlan-ap0 session
!
line con 0
no activation-character
line vty 0 4
login local
no activation-character
no exec
transport preferred none
transport input all
!
end
ap#
09-24-2011 02:14 PM
Jessica,
though I have never been touching any APs, to this excerpt looks not good:
ip dhcp pool lan-pool
network 192.168.150.0 255.255.255.0
default-router 192.168.151.1
dns-server 4.2.2.2
lease 7
basically, the default-gateway is on different subnet compared to the scope being defined. I guess when you have an active device on that AP, it can't ping the AP itself?
Could you please check that?
Thanks,
Ivan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide