cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2390
Views
5
Helpful
3
Replies

Unable To Ping across subinterface on 1941w

pugs17211721
Beginner
Beginner

I am currently working on a 1941w router. The problem that I am having is that I am unable to ping the switch that is directly connected to it and I am unable to ping from the switch to the router. If I take the address off of vlan 1 and move it to gi0/0.1 the pings work, but then client traffic on the wireless ap inside the 1941w fails. Can someone please help ? Thanks

Here is the releveant config off of the 1941w

version 15.0

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname SATX-1941W-001

!

boot-start-marker

boot-end-marker

!

logging buffered 16384 notifications

enable secret 5 $1$kGmQ$r2bXwOVZ8ffF0A0i.T8j6.

!

no aaa new-model

!

!

!

memory-size iomem 10

clock timezone EST -5

service-module wlan-ap 0 bootimage autonomous

!

no ipv6 cef

ip source-route

ip cef

!

!

ip dhcp database CLIENT write-delay 120 timeout 60

ip dhcp excluded-address 10.11.12.1

ip dhcp excluded-address 172.21.18.1 172.21.18.99

ip dhcp excluded-address 172.21.18.200 172.21.18.254

!

ip dhcp pool VLAN2

   import all

   network 10.11.12.0 255.255.255.0

   dns-server 192.69.21.200 206.51.156.28

   default-router 10.11.12.1

!

ip dhcp pool CLIENT

   import all

   network 172.21.18.0 255.255.255.0

   default-router 172.21.18.1

   domain-name us.crownlift.net

   dns-server 172.20.62.208 192.69.21.200

   lease 365

!

!

no ip domain lookup

ip domain name dicke.com

ip name-server 192.69.21.200

!

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1941W-A/K9 sn FTX152884V7

hw-module ism 0

!

!

!

archive

log config

  hidekeys

username (removed) privilege 15 secret 5 (removed)

!

redundancy

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key (FLOH-IPSEC-KEY) address (FLOH-VPN-TARGET)

crypto isakmp key (NBOH-IPSEC-KEY) address (NBOH-VPN-TARGET)

!

!

crypto ipsec transform-set DES-3SHA esp-3des esp-sha-hmac

!

crypto map 108T-FA000 local-address FastEthernet0/0/0

crypto map 108T-FA000 30 ipsec-isakmp

set peer (NBOH-VPN-TARGET)

set transform-set DES-3SHA

match address NBOH

!

crypto map 108T-GI01 local-address GigabitEthernet0/1

crypto map 108T-GI01 31 ipsec-isakmp

set peer (FLOH-VPN-TARGET)

set transform-set DES-3SHA

match address FLOH

!

bridge irb

!

!

!

!

interface Loopback0

ip address 172.21.100.18 255.255.255.255

!

!

interface Tunnel30

description T-NBOH

ip address 172.20.255.102 255.255.255.252

ip mtu 1500

ip flow ingress

keepalive 10 3

tunnel source 172.21.100.18

tunnel destination 172.20.240.2

!

!

interface Tunnel31

description T-FtLoramie-Family

ip address 172.20.255.98 255.255.255.252

ip mtu 1500

ip flow ingress

keepalive 10 3

tunnel source 172.21.100.18

tunnel destination 172.20.240.31

!

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

!

!

interface GigabitEthernet0/0

no ip address

ip flow ingress

duplex auto

speed auto

no mop enabled

!

!

interface GigabitEthernet0/0.1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

encapsulation dot1Q 1 native

ip flow ingress

ip virtual-reassembly

bridge-group 1

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 2

ip flow ingress

ip nat inside

ip virtual-reassembly

bridge-group 2

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

arp timeout 0

no mop enabled

no mop sysid

!

!

interface GigabitEthernet0/1

description $ES_WAN$$FW_OUTSIDE$

ip address (CABLE-MODEM-IP) 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

crypto map 108T-GI01

!

!

interface FastEthernet0/0/0

description $ES_WAN$$FW_OUTSIDE$

ip address (DSL-MODEM-IP) 255.255.255.248

ip access-group LetIn in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

crypto map 108T-FA000

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

ip address 172.21.18.1 255.255.255.0

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no autostate

!

!

interface Vlan2

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

ip address 10.11.12.1 255.255.255.0

ip flow ingress

ip tcp adjust-mss 1452

no autostate

bridge-group 2

!

!

ip default-gateway (DSL-MODEM-GW)

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-export source Tunnel31

ip flow-export version 5

ip flow-export destination 172.20.62.245 6343

!        

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip nat inside source list 2 interface FastEthernet0/0/0 overload

ip route 0.0.0.0 0.0.0.0 (DSL-MODEM-GW)

ip route 0.0.0.0 0.0.0.0 (CABLE-MODEM-GW) 20

ip route 172.20.0.0 255.255.0.0 Tunnel31

ip route 172.20.0.0 255.255.0.0 172.20.255.97

ip route 172.20.0.0 255.255.0.0 172.20.255.101 20

ip route 172.20.0.0 255.255.0.0 Tunnel30 20

ip route 172.20.240.2 255.255.255.255 (DSL-MODEM-GW)

ip route 172.20.240.31 255.255.255.255 (CABLE-MODEM-GW)

ip route (NBOH-VPN-TARGET) 255.255.255.255 (DSL-MODEM-GW)

ip route (FLOH-VPN-TARGET) 255.255.255.255 (CABLE-MODEM-GW)

1 Accepted Solution

Accepted Solutions

paolo bevilacqua
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

You should have that address on BVI1 interface. Put vlan1 and g0/0.1 in bridge-group 1.

Also need bridge-group 1 route ip.

View solution in original post

3 Replies 3

pugs17211721
Beginner
Beginner

Also here is the embedded ap config as well.

version 12.4

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname SATX-1941WAP-001

!

enable secret 5 $1$VTeU$/NaH66RuXZYkJBnwgce4f1

!

aaa new-model

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT date Mar 11 2007 2:00 Nov 4 2007 2:00

ip name-server 172.20.62.208

ip name-server 172.20.108.123

!

!

dot11 syslog

!

dot11 ssid Gadget2

   vlan 1

   authentication open

   authentication key-management wpa

   guest-mode

   mbssid guest-mode

   wpa-psk ascii 7 08025E411E1726181C1F1E0B263875716760

!

dot11 ssid Gizmo

   vlan 2

   authentication open

   mbssid guest-mode

!

!

!

username (removed) privilege 15 secret 5 (removed)

!       

bridge irb

!        

!        

interface Dot11Radio0

no ip address

no ip route-cache

!       

encryption vlan 1 mode ciphers aes-ccm

!       

encryption vlan 2 key 1 size 40bit 7 80E035FA9F96 transmit-key

encryption vlan 2 mode ciphers tkip wep40

!       

ssid Gadget2

!       

ssid Gizmo

!       

antenna gain 0

mbssid  

speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2412

station-role root

no cdp enable

!        

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!        

interface Dot11Radio0.2

encapsulation dot1Q 2

ip helper-address 10.11.12.1

no ip route-cache

no cdp enable

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!        

interface Dot11Radio1

no ip address

no ip route-cache

!       

encryption vlan 1 mode ciphers aes-ccm

!       

encryption vlan 2 key 1 size 40bit 7 80E035FA9F96 transmit-key

encryption vlan 2 mode ciphers tkip wep40

!       

ssid Gadget2

!       

ssid Gizmo

!       

antenna gain 0

dfs band 3 block

mbssid  

channel dfs

station-role root

!        

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!        

interface Dot11Radio1.2

encapsulation dot1Q 2

ip helper-address 10.11.12.1

no ip route-cache

no cdp enable

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!        

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!        

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!        

interface GigabitEthernet0.2

encapsulation dot1Q 2

ip helper-address 10.11.12.1

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!        

interface BVI1

ip address 172.21.18.10 255.255.255.0

no ip route-cache

!        

ip default-gateway 172.21.18.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

logging 172.20.62.158

logging 172.20.62.110

access-list 61 permit 172.20.62.100

access-list 61 deny   any

snmp-server community crownsee RO

snmp-server community C$0w^W$1T# RW 61

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps entity

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps switch-over

snmp-server enable traps rogue-ap

snmp-server enable traps wlan-wep

snmp-server enable traps config

snmp-server enable traps aaa_server

snmp-server host 172.20.61.7 SNMPv2

snmp-server host 172.20.62.100 SNMPv2

snmp-server host 172.20.1.164 s8n1mp

bridge 1 route ip

!

!

line con 0

privilege level 15

no activation-character

line vty 5 15

!

sntp server 172.20.100.1

sntp server 172.20.100.2

cns dhcp

end

paolo bevilacqua
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

You should have that address on BVI1 interface. Put vlan1 and g0/0.1 in bridge-group 1.

Also need bridge-group 1 route ip.

That worked, thanks for your help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers