03-17-2010 02:39 AM - edited 03-04-2019 07:50 AM
Hi All,
I have an 857W (c850-advsecurityk9-mz.124-15.T12) and want to use it to allow clients connected via wireless to browse the web.
ATM0.1 comes up and gets an IP address from my ISP
Clients connect over wireless to the router and get an IP from the DHCP pool after inputting the WEP key
However at no point (in my 4 evenings of trying!) have I got the client PC to ping an external address!
The whole config is below, after getting the wireless going my checklist was basically:
- Set default route = ATM0.1
- Allow NAT such that internal 192.168.1.0 can share the ATM0.1 address
- Add an ACL so 192.168.1.0 hosts can get out to 'any'
If I add 'no ip routing' to the config below I can resolve names and ping external hosts - so the router is connected to the internet at that point.
I've never used wireless with Cisco before so suspect my understanding of the bridging could be part of the problem... any hints will be gratefully recieved.
Thank-You, Jason
####################################################
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C857W
!
boot-start-marker
boot system flash c850-advsecurityk9-mz.124-15.T12.bin
boot-end-marker
!
enable secret 5 $1$xQCU$xxxxxxxxxx
enable password 7 072E344xxxxxxxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
clock timezone London 0
!
!
dot11 syslog
!
dot11 ssid runlevel5
authentication open
guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.20
!
ip dhcp pool lan-pool
import all
network 192.168.1.0 255.255.255.0
dns-server 94.192.119.254 94.192.119.253
default-router 192.168.1.1
lease 0 12
!
ip dhcp pool zulu
host 192.168.1.4 255.255.255.0
client-identifier 0100.1150.3e30.0e
dns-server 94.192.119.254 94.192.119.253
default-router 192.168.1.1
!
!
ip cef
ip name-server 94.192.119.254
ip name-server 94.192.119.253
ip ddns update method dyndns
HTTP
add http://xxxxxxxxx:xxxxxxxxx%40members.dyndns.org/nic/update%3Fsystem=dyndns&hostname=<h>&myip=<a>
interval maximum 1 0 0 0
!
!
!
!
username jason privilege 15 password 7 13081247xxxxxxxxxE
username admin privilege 15 password 7 1214004xxxxxxxx57F
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description ADSL2+ isp
ip ddns update hostname xxxx.gotdns.com
ip access-group 102 out
ip ddns update dyndns
ip address dhcp
ip nat outside
ip virtual-reassembly
atm route-bridged ip
pvc 0/101
oam-pvc manage
encapsulation aal5snap
!
!
interface FastEthernet0
shutdown
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 128bit 7 E83EE2xxxxxxxxxxxxxBBEBDC1 transmit-key
encryption mode wep mandatory
!
ssid hillcrest
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
rts threshold 2312
world-mode dot11d country GB indoor
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
no ip http secure-server
ip dns server
! Allow ssh to zulu from outside
ip nat inside source static tcp 192.168.1.4 22 interface ATM0.1 22
! Allow outbound hosts to share external ip
ip nat inside source list 1 interface ATM0.1 overload
!
access-list 1 permit 192.168.1.0
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
snmp-server community Hillcrest RO
no cdp run
!
control-plane
!
bridge 1 protocol ieee
! Do I need this?
bridge 1 route ip
!
line con 0
no modem enable
transport preferred none
line aux 0
line vty 0 4
password 7 04560E53xxxxxxxxx
transport preferred none
transport input telnet ssh
!
scheduler max-task-time 5000
end
03-17-2010 04:25 AM
Hello Jason,
bridge 1 route ip
is a key command
see this example from configuration guide:
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/sampconf.html
Edit:
you may need to use a subinterface in the radio part pointing to vlan 1 as explained in the above example
interface Dot11Radio0.1
description Cisco Open
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
I would try doing this and adding cypher commands under this subinterface.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: