cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1174
Views
0
Helpful
1
Replies

Help needed - missing something simple(?) with 857W config

jasonwoollard
Level 1
Level 1

Hi All,

I have an 857W (c850-advsecurityk9-mz.124-15.T12) and want to use it to allow clients connected via wireless to browse the web.

ATM0.1 comes up and gets an IP address from my ISP
Clients connect over wireless to the router and get an IP from the DHCP pool after inputting the WEP key

However at no point (in my 4 evenings of trying!) have I got the client PC to ping an external address!

The whole config is below, after getting the wireless going my checklist was basically:
- Set default route = ATM0.1
- Allow NAT such that internal 192.168.1.0 can share the ATM0.1 address
- Add an ACL so 192.168.1.0 hosts can get out to 'any'

If I add 'no ip routing' to the config below I can resolve names and ping external hosts - so the router is connected to the internet at that point.

I've never used wireless with Cisco before so suspect my understanding of the bridging could be part of the problem... any hints will be gratefully recieved.

Thank-You, Jason

####################################################
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C857W
!
boot-start-marker
boot system flash c850-advsecurityk9-mz.124-15.T12.bin
boot-end-marker
!
enable secret 5 $1$xQCU$xxxxxxxxxx
enable password 7 072E344xxxxxxxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
clock timezone London 0
!
!
dot11 syslog
!
dot11 ssid runlevel5
   authentication open
   guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.20
!
ip dhcp pool lan-pool
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 94.192.119.254 94.192.119.253
   default-router 192.168.1.1
   lease 0 12
!
ip dhcp pool zulu
   host 192.168.1.4 255.255.255.0
   client-identifier 0100.1150.3e30.0e
   dns-server 94.192.119.254 94.192.119.253
   default-router 192.168.1.1
!
!
ip cef
ip name-server 94.192.119.254
ip name-server 94.192.119.253
ip ddns update method dyndns
HTTP
  add http://xxxxxxxxx:xxxxxxxxx%40members.dyndns.org/nic/update%3Fsystem=dyndns&hostname=<h>&myip=<a>
interval maximum 1 0 0 0
!
!
!
!
username jason privilege 15 password 7 13081247xxxxxxxxxE
username admin privilege 15 password 7 1214004xxxxxxxx57F
!
!
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description ADSL2+ isp
ip ddns update hostname xxxx.gotdns.com
ip access-group 102 out
ip ddns update dyndns
ip address dhcp
ip nat outside
ip virtual-reassembly
atm route-bridged ip
pvc 0/101
  oam-pvc manage
  encapsulation aal5snap
!
!
interface FastEthernet0
shutdown
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 128bit 7 E83EE2xxxxxxxxxxxxxBBEBDC1 transmit-key
encryption mode wep mandatory
!
ssid hillcrest
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
rts threshold 2312
world-mode dot11d country GB indoor
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
no ip http secure-server
ip dns server
! Allow ssh to zulu from outside
ip nat inside source static tcp 192.168.1.4 22 interface ATM0.1 22
! Allow outbound hosts to share external ip
ip nat inside source list 1 interface ATM0.1 overload
!
access-list 1 permit 192.168.1.0
access-list 102 permit ip 192.168.1.0 0.0.0.255 any

snmp-server community Hillcrest RO
no cdp run
!
control-plane
!
bridge 1 protocol ieee
! Do I need this?
bridge 1 route ip
!
line con 0
no modem enable
transport preferred none
line aux 0
line vty 0 4
password 7 04560E53xxxxxxxxx
transport preferred none
transport input telnet ssh
!
scheduler max-task-time 5000
end

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jason,

bridge 1 route ip

is a key command

see this example from configuration guide:

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/sampconf.html

Edit:

you may need to use a subinterface in the radio part pointing to vlan 1 as explained in the above example

interface Dot11Radio0.1
     description Cisco Open
     encapsulation dot1Q 1 native
     no cdp enable
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding

I would try doing this and adding cypher commands under this subinterface.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: