Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2622
Views
5
Helpful
3
Replies

Unable To Ping across subinterface on 1941w

Go to solution
pugs17211721
Level 1
Level 1

‎10-11-2011 01:54 PM - edited ‎03-04-2019 01:53 PM

I am currently working on a 1941w router. The problem that I am having is that I am unable to ping the switch that is directly connected to it and I am unable to ping from the switch to the router. If I take the address off of vlan 1 and move it to gi0/0.1 the pings work, but then client traffic on the wireless ap inside the 1941w fails. Can someone please help ? Thanks

Here is the releveant config off of the 1941w

version 15.0

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname SATX-1941W-001

!

boot-start-marker

boot-end-marker

!

logging buffered 16384 notifications

enable secret 5 $1$kGmQ$r2bXwOVZ8ffF0A0i.T8j6.

!

no aaa new-model

!

!

!

memory-size iomem 10

clock timezone EST -5

service-module wlan-ap 0 bootimage autonomous

!

no ipv6 cef

ip source-route

ip cef

!

!

ip dhcp database CLIENT write-delay 120 timeout 60

ip dhcp excluded-address 10.11.12.1

ip dhcp excluded-address 172.21.18.1 172.21.18.99

ip dhcp excluded-address 172.21.18.200 172.21.18.254

!

ip dhcp pool VLAN2

   import all

   network 10.11.12.0 255.255.255.0

   dns-server 192.69.21.200 206.51.156.28

   default-router 10.11.12.1

!

ip dhcp pool CLIENT

   import all

   network 172.21.18.0 255.255.255.0

   default-router 172.21.18.1

   domain-name us.crownlift.net

   dns-server 172.20.62.208 192.69.21.200

   lease 365

!

!

no ip domain lookup

ip domain name dicke.com

ip name-server 192.69.21.200

!

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1941W-A/K9 sn FTX152884V7

hw-module ism 0

!

!

!

archive

log config

  hidekeys

username (removed) privilege 15 secret 5 (removed)

!

redundancy

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key (FLOH-IPSEC-KEY) address (FLOH-VPN-TARGET)

crypto isakmp key (NBOH-IPSEC-KEY) address (NBOH-VPN-TARGET)

!

!

crypto ipsec transform-set DES-3SHA esp-3des esp-sha-hmac

!

crypto map 108T-FA000 local-address FastEthernet0/0/0

crypto map 108T-FA000 30 ipsec-isakmp

set peer (NBOH-VPN-TARGET)

set transform-set DES-3SHA

match address NBOH

!

crypto map 108T-GI01 local-address GigabitEthernet0/1

crypto map 108T-GI01 31 ipsec-isakmp

set peer (FLOH-VPN-TARGET)

set transform-set DES-3SHA

match address FLOH

!

bridge irb

!

!

!

!

interface Loopback0

ip address 172.21.100.18 255.255.255.255

!

!

interface Tunnel30

description T-NBOH

ip address 172.20.255.102 255.255.255.252

ip mtu 1500

ip flow ingress

keepalive 10 3

tunnel source 172.21.100.18

tunnel destination 172.20.240.2

!

!

interface Tunnel31

description T-FtLoramie-Family

ip address 172.20.255.98 255.255.255.252

ip mtu 1500

ip flow ingress

keepalive 10 3

tunnel source 172.21.100.18

tunnel destination 172.20.240.31

!

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

!

!

interface GigabitEthernet0/0

no ip address

ip flow ingress

duplex auto

speed auto

no mop enabled

!

!

interface GigabitEthernet0/0.1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

encapsulation dot1Q 1 native

ip flow ingress

ip virtual-reassembly

bridge-group 1

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 2

ip flow ingress

ip nat inside

ip virtual-reassembly

bridge-group 2

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

arp timeout 0

no mop enabled

no mop sysid

!

!

interface GigabitEthernet0/1

description $ES_WAN$$FW_OUTSIDE$

ip address (CABLE-MODEM-IP) 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

crypto map 108T-GI01

!

!

interface FastEthernet0/0/0

description $ES_WAN$$FW_OUTSIDE$

ip address (DSL-MODEM-IP) 255.255.255.248

ip access-group LetIn in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

crypto map 108T-FA000

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

ip address 172.21.18.1 255.255.255.0

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no autostate

!

!

interface Vlan2

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

ip address 10.11.12.1 255.255.255.0

ip flow ingress

ip tcp adjust-mss 1452

no autostate

bridge-group 2

!

!

ip default-gateway (DSL-MODEM-GW)

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-export source Tunnel31

ip flow-export version 5

ip flow-export destination 172.20.62.245 6343

!        

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip nat inside source list 2 interface FastEthernet0/0/0 overload

ip route 0.0.0.0 0.0.0.0 (DSL-MODEM-GW)

ip route 0.0.0.0 0.0.0.0 (CABLE-MODEM-GW) 20

ip route 172.20.0.0 255.255.0.0 Tunnel31

ip route 172.20.0.0 255.255.0.0 172.20.255.97

ip route 172.20.0.0 255.255.0.0 172.20.255.101 20

ip route 172.20.0.0 255.255.0.0 Tunnel30 20

ip route 172.20.240.2 255.255.255.255 (DSL-MODEM-GW)

ip route 172.20.240.31 255.255.255.255 (CABLE-MODEM-GW)

ip route (NBOH-VPN-TARGET) 255.255.255.255 (DSL-MODEM-GW)

ip route (FLOH-VPN-TARGET) 255.255.255.255 (CABLE-MODEM-GW)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎10-11-2011 02:02 PM

You should have that address on BVI1 interface. Put vlan1 and g0/0.1 in bridge-group 1.

Also need bridge-group 1 route ip.

View solution in original post

3 Replies 3

Go to solution
pugs17211721
Level 1
Level 1

‎10-11-2011 02:01 PM

Also here is the embedded ap config as well.

version 12.4

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname SATX-1941WAP-001

!

enable secret 5 $1$VTeU$/NaH66RuXZYkJBnwgce4f1

!

aaa new-model

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT date Mar 11 2007 2:00 Nov 4 2007 2:00

ip name-server 172.20.62.208

ip name-server 172.20.108.123

!

!

dot11 syslog

!

dot11 ssid Gadget2

   vlan 1

   authentication open

   authentication key-management wpa

   guest-mode

   mbssid guest-mode

   wpa-psk ascii 7 08025E411E1726181C1F1E0B263875716760

!

dot11 ssid Gizmo

   vlan 2

   authentication open

   mbssid guest-mode

!

!

!

username (removed) privilege 15 secret 5 (removed)

!       

bridge irb

!        

!        

interface Dot11Radio0

no ip address

no ip route-cache

!       

encryption vlan 1 mode ciphers aes-ccm

!       

encryption vlan 2 key 1 size 40bit 7 80E035FA9F96 transmit-key

encryption vlan 2 mode ciphers tkip wep40

!       

ssid Gadget2

!       

ssid Gizmo

!       

antenna gain 0

mbssid  

speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2412

station-role root

no cdp enable

!        

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!        

interface Dot11Radio0.2

encapsulation dot1Q 2

ip helper-address 10.11.12.1

no ip route-cache

no cdp enable

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!        

interface Dot11Radio1

no ip address

no ip route-cache

!       

encryption vlan 1 mode ciphers aes-ccm

!       

encryption vlan 2 key 1 size 40bit 7 80E035FA9F96 transmit-key

encryption vlan 2 mode ciphers tkip wep40

!       

ssid Gadget2

!       

ssid Gizmo

!       

antenna gain 0

dfs band 3 block

mbssid  

channel dfs

station-role root

!        

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!        

interface Dot11Radio1.2

encapsulation dot1Q 2

ip helper-address 10.11.12.1

no ip route-cache

no cdp enable

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!        

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!        

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!        

interface GigabitEthernet0.2

encapsulation dot1Q 2

ip helper-address 10.11.12.1

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!        

interface BVI1

ip address 172.21.18.10 255.255.255.0

no ip route-cache

!        

ip default-gateway 172.21.18.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

logging 172.20.62.158

logging 172.20.62.110

access-list 61 permit 172.20.62.100

access-list 61 deny   any

snmp-server community crownsee RO

snmp-server community C$0w^W$1T# RW 61

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps entity

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps switch-over

snmp-server enable traps rogue-ap

snmp-server enable traps wlan-wep

snmp-server enable traps config

snmp-server enable traps aaa_server

snmp-server host 172.20.61.7 SNMPv2

snmp-server host 172.20.62.100 SNMPv2

snmp-server host 172.20.1.164 s8n1mp

bridge 1 route ip

!

!

line con 0

privilege level 15

no activation-character

line vty 5 15

!

sntp server 172.20.100.1

sntp server 172.20.100.2

cns dhcp

end

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎10-11-2011 02:02 PM

You should have that address on BVI1 interface. Put vlan1 and g0/0.1 in bridge-group 1.

Also need bridge-group 1 route ip.

Go to solution
pugs17211721
Level 1
Level 1
In response to paolo bevilacqua

‎10-12-2011 05:35 AM

That worked, thanks for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card