10-11-2011 01:54 PM - edited 03-04-2019 01:53 PM
I am currently working on a 1941w router. The problem that I am having is that I am unable to ping the switch that is directly connected to it and I am unable to ping from the switch to the router. If I take the address off of vlan 1 and move it to gi0/0.1 the pings work, but then client traffic on the wireless ap inside the 1941w fails. Can someone please help ? Thanks
Here is the releveant config off of the 1941w
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname SATX-1941W-001
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 notifications
enable secret 5 $1$kGmQ$r2bXwOVZ8ffF0A0i.T8j6.
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone EST -5
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp database CLIENT write-delay 120 timeout 60
ip dhcp excluded-address 10.11.12.1
ip dhcp excluded-address 172.21.18.1 172.21.18.99
ip dhcp excluded-address 172.21.18.200 172.21.18.254
!
ip dhcp pool VLAN2
import all
network 10.11.12.0 255.255.255.0
dns-server 192.69.21.200 206.51.156.28
default-router 10.11.12.1
!
ip dhcp pool CLIENT
import all
network 172.21.18.0 255.255.255.0
default-router 172.21.18.1
domain-name us.crownlift.net
dns-server 172.20.62.208 192.69.21.200
lease 365
!
!
no ip domain lookup
ip domain name dicke.com
ip name-server 192.69.21.200
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-A/K9 sn FTX152884V7
hw-module ism 0
!
!
!
archive
log config
hidekeys
username (removed) privilege 15 secret 5 (removed)
!
redundancy
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key (FLOH-IPSEC-KEY) address (FLOH-VPN-TARGET)
crypto isakmp key (NBOH-IPSEC-KEY) address (NBOH-VPN-TARGET)
!
!
crypto ipsec transform-set DES-3SHA esp-3des esp-sha-hmac
!
crypto map 108T-FA000 local-address FastEthernet0/0/0
crypto map 108T-FA000 30 ipsec-isakmp
set peer (NBOH-VPN-TARGET)
set transform-set DES-3SHA
match address NBOH
!
crypto map 108T-GI01 local-address GigabitEthernet0/1
crypto map 108T-GI01 31 ipsec-isakmp
set peer (FLOH-VPN-TARGET)
set transform-set DES-3SHA
match address FLOH
!
bridge irb
!
!
!
!
interface Loopback0
ip address 172.21.100.18 255.255.255.255
!
!
interface Tunnel30
description T-NBOH
ip address 172.20.255.102 255.255.255.252
ip mtu 1500
ip flow ingress
keepalive 10 3
tunnel source 172.21.100.18
tunnel destination 172.20.240.2
!
!
interface Tunnel31
description T-FtLoramie-Family
ip address 172.20.255.98 255.255.255.252
ip mtu 1500
ip flow ingress
keepalive 10 3
tunnel source 172.21.100.18
tunnel destination 172.20.240.31
!
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
!
interface GigabitEthernet0/0
no ip address
ip flow ingress
duplex auto
speed auto
no mop enabled
!
!
interface GigabitEthernet0/0.1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
encapsulation dot1Q 1 native
ip flow ingress
ip virtual-reassembly
bridge-group 1
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip flow ingress
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address (CABLE-MODEM-IP) 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map 108T-GI01
!
!
interface FastEthernet0/0/0
description $ES_WAN$$FW_OUTSIDE$
ip address (DSL-MODEM-IP) 255.255.255.248
ip access-group LetIn in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map 108T-FA000
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 172.21.18.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no autostate
!
!
interface Vlan2
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.11.12.1 255.255.255.0
ip flow ingress
ip tcp adjust-mss 1452
no autostate
bridge-group 2
!
!
ip default-gateway (DSL-MODEM-GW)
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source Tunnel31
ip flow-export version 5
ip flow-export destination 172.20.62.245 6343
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list 2 interface FastEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 (DSL-MODEM-GW)
ip route 0.0.0.0 0.0.0.0 (CABLE-MODEM-GW) 20
ip route 172.20.0.0 255.255.0.0 Tunnel31
ip route 172.20.0.0 255.255.0.0 172.20.255.97
ip route 172.20.0.0 255.255.0.0 172.20.255.101 20
ip route 172.20.0.0 255.255.0.0 Tunnel30 20
ip route 172.20.240.2 255.255.255.255 (DSL-MODEM-GW)
ip route 172.20.240.31 255.255.255.255 (CABLE-MODEM-GW)
ip route (NBOH-VPN-TARGET) 255.255.255.255 (DSL-MODEM-GW)
ip route (FLOH-VPN-TARGET) 255.255.255.255 (CABLE-MODEM-GW)
Solved! Go to Solution.
10-11-2011 02:02 PM
You should have that address on BVI1 interface. Put vlan1 and g0/0.1 in bridge-group 1.
Also need bridge-group 1 route ip.
10-11-2011 02:01 PM
Also here is the embedded ap config as well.
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname SATX-1941WAP-001
!
enable secret 5 $1$VTeU$/NaH66RuXZYkJBnwgce4f1
!
aaa new-model
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT date Mar 11 2007 2:00 Nov 4 2007 2:00
ip name-server 172.20.62.208
ip name-server 172.20.108.123
!
!
dot11 syslog
!
dot11 ssid Gadget2
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 08025E411E1726181C1F1E0B263875716760
!
dot11 ssid Gizmo
vlan 2
authentication open
mbssid guest-mode
!
!
!
username (removed) privilege 15 secret 5 (removed)
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 key 1 size 40bit 7 80E035FA9F96 transmit-key
encryption vlan 2 mode ciphers tkip wep40
!
ssid Gadget2
!
ssid Gizmo
!
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
ip helper-address 10.11.12.1
no ip route-cache
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 key 1 size 40bit 7 80E035FA9F96 transmit-key
encryption vlan 2 mode ciphers tkip wep40
!
ssid Gadget2
!
ssid Gizmo
!
antenna gain 0
dfs band 3 block
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.2
encapsulation dot1Q 2
ip helper-address 10.11.12.1
no ip route-cache
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
ip helper-address 10.11.12.1
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 172.21.18.10 255.255.255.0
no ip route-cache
!
ip default-gateway 172.21.18.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging 172.20.62.158
logging 172.20.62.110
access-list 61 permit 172.20.62.100
access-list 61 deny any
snmp-server community crownsee RO
snmp-server community C$0w^W$1T# RW 61
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps aaa_server
snmp-server host 172.20.61.7 SNMPv2
snmp-server host 172.20.62.100 SNMPv2
snmp-server host 172.20.1.164 s8n1mp
bridge 1 route ip
!
!
line con 0
privilege level 15
no activation-character
line vty 5 15
!
sntp server 172.20.100.1
sntp server 172.20.100.2
cns dhcp
end
10-11-2011 02:02 PM
You should have that address on BVI1 interface. Put vlan1 and g0/0.1 in bridge-group 1.
Also need bridge-group 1 route ip.
10-12-2011 05:35 AM
That worked, thanks for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: