10-11-2011 01:54 PM - edited 03-04-2019 01:53 PM
I am currently working on a 1941w router. The problem that I am having is that I am unable to ping the switch that is directly connected to it and I am unable to ping from the switch to the router. If I take the address off of vlan 1 and move it to gi0/0.1 the pings work, but then client traffic on the wireless ap inside the 1941w fails. Can someone please help ? Thanks
Here is the releveant config off of the 1941w
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname SATX-1941W-001
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 notifications
enable secret 5 $1$kGmQ$r2bXwOVZ8ffF0A0i.T8j6.
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone EST -5
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp database CLIENT write-delay 120 timeout 60
ip dhcp excluded-address 10.11.12.1
ip dhcp excluded-address 172.21.18.1 172.21.18.99
ip dhcp excluded-address 172.21.18.200 172.21.18.254
!
ip dhcp pool VLAN2
import all
network 10.11.12.0 255.255.255.0
dns-server 192.69.21.200 206.51.156.28
default-router 10.11.12.1
!
ip dhcp pool CLIENT
import all
network 172.21.18.0 255.255.255.0
default-router 172.21.18.1
domain-name us.crownlift.net
dns-server 172.20.62.208 192.69.21.200
lease 365
!
!
no ip domain lookup
ip domain name dicke.com
ip name-server 192.69.21.200
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-A/K9 sn FTX152884V7
hw-module ism 0
!
!
!
archive
log config
hidekeys
username (removed) privilege 15 secret 5 (removed)
!
redundancy
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key (FLOH-IPSEC-KEY) address (FLOH-VPN-TARGET)
crypto isakmp key (NBOH-IPSEC-KEY) address (NBOH-VPN-TARGET)
!
!
crypto ipsec transform-set DES-3SHA esp-3des esp-sha-hmac
!
crypto map 108T-FA000 local-address FastEthernet0/0/0
crypto map 108T-FA000 30 ipsec-isakmp
set peer (NBOH-VPN-TARGET)
set transform-set DES-3SHA
match address NBOH
!
crypto map 108T-GI01 local-address GigabitEthernet0/1
crypto map 108T-GI01 31 ipsec-isakmp
set peer (FLOH-VPN-TARGET)
set transform-set DES-3SHA
match address FLOH
!
bridge irb
!
!
!
!
interface Loopback0
ip address 172.21.100.18 255.255.255.255
!
!
interface Tunnel30
description T-NBOH
ip address 172.20.255.102 255.255.255.252
ip mtu 1500
ip flow ingress
keepalive 10 3
tunnel source 172.21.100.18
tunnel destination 172.20.240.2
!
!
interface Tunnel31
description T-FtLoramie-Family
ip address 172.20.255.98 255.255.255.252
ip mtu 1500
ip flow ingress
keepalive 10 3
tunnel source 172.21.100.18
tunnel destination 172.20.240.31
!
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
!
interface GigabitEthernet0/0
no ip address
ip flow ingress
duplex auto
speed auto
no mop enabled
!
!
interface GigabitEthernet0/0.1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
encapsulation dot1Q 1 native
ip flow ingress
ip virtual-reassembly
bridge-group 1
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip flow ingress
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address (CABLE-MODEM-IP) 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map 108T-GI01
!
!
interface FastEthernet0/0/0
description $ES_WAN$$FW_OUTSIDE$
ip address (DSL-MODEM-IP) 255.255.255.248
ip access-group LetIn in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map 108T-FA000
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 172.21.18.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no autostate
!
!
interface Vlan2
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.11.12.1 255.255.255.0
ip flow ingress
ip tcp adjust-mss 1452
no autostate
bridge-group 2
!
!
ip default-gateway (DSL-MODEM-GW)
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source Tunnel31
ip flow-export version 5
ip flow-export destination 172.20.62.245 6343
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list 2 interface FastEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 (DSL-MODEM-GW)
ip route 0.0.0.0 0.0.0.0 (CABLE-MODEM-GW) 20
ip route 172.20.0.0 255.255.0.0 Tunnel31
ip route 172.20.0.0 255.255.0.0 172.20.255.97
ip route 172.20.0.0 255.255.0.0 172.20.255.101 20
ip route 172.20.0.0 255.255.0.0 Tunnel30 20
ip route 172.20.240.2 255.255.255.255 (DSL-MODEM-GW)
ip route 172.20.240.31 255.255.255.255 (CABLE-MODEM-GW)
ip route (NBOH-VPN-TARGET) 255.255.255.255 (DSL-MODEM-GW)
ip route (FLOH-VPN-TARGET) 255.255.255.255 (CABLE-MODEM-GW)
Solved! Go to Solution.