wlan-ap clients, cannot access external resources

eldin.didic · ‎04-08-2013

Hi Guys,

Just configured this 887VA-W for the first time using CLI and am having an understanding issue regarding communcation between wlan clients and external resources.

Configured the AP successfully as far as connecting and authentication goes. Communication works to and from the AP clients on the LAN side, but the issue appears to be communication between the AP clients and the internet. I cannot ping 8.8.8.8 from the AP clients.

I read through gone over external configuration examples, but just cannot seem to get this part correct. Perhaps I have not been persistent enough with it, but I have spent the last two days trying to figure it out. Some help would do wonders on my end obviously.

Here are both configs from the router and ap.

ROUTER Config:

hostname <ourgatewayname>

!

boot-start-marker

boot-end-marker

!

logging buffered informational

no logging console

enable secret 4 <removed for posting purposes>

!

aaa new-model

!

aaa session-id common

clock timezone UTC 10 0

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2776889875

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2776889875

revocation-check none

rsakeypair TP-self-signed-2776889875

!

crypto pki certificate chain TP-self-signed-2776889875

certificate self-signed 01

quit

ip source-route

ip cef

!

ip domain name <our-internal-domain-name>

ip name-server 192.168.2.15

ip name-server 192.168.2.16

ip name-server 192.168.3.11

ip name-server 8.8.8.8

no ipv6 cef

!

license udi pid C887VA-W-A-K9

!

username administrator privilege 15 secret 4 <thepassword>

!

controller VDSL 0

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

ip flow ingress

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.2.2 255.255.255.0

ip access-group vlan-control in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer1

description ADSL WAN Dialer

ip address<removed for posting purposes> 255.255.255.0

ip access-group dialer-acl in

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname <theusername>

ppp chap password 0 <thepassword>

ppp pap sent-username <theusername> password 0 <thepassword>

ppp ipcp route default

no cdp enable

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip dns server

ip nat <removed for posting purposes>

ip route <removed for posting purposes>

!

ip access-list extended dialer-acl

ip access-list extended internal-nat-list

ip access-list extended terminal-acl

ip access-list extended vlan-control

!

logging trap debugging

dialer-list 1 protocol ip permit

no cdp run

AP Config:

dot11 syslog

!

dot11 ssid drh-corp

vlan 1

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 0 <thessidpassword>

!

username administrator privilege 15 secret 5 <thepassword>

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm tkip

!

encryption mode ciphers aes-ccm tkip

!

ssid drh-corp

!

antenna gain 0

speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

station-role root

world-mode dot11d country-code AU indoor

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.2.245 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.2.2

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

Thanks...

eldin.didic · ‎04-09-2013

Hi,

I found the problem. The issue is that I am using an internal DHCP server to assign client IP configuration.

What I need to know now is there a way I can force this AP to continue using the internal DHCP server for IP configuration but force an alternative default gateway instead of the DHCP assigned gateway?

I need 192.168.2.2 as the default gateway for the AP connected clients instead of 192.168.2.1 default gateway that the DHCP server assigns.

This would save me creating reservations on the DHCP server and manually overriding the default gateway for all AP connected clients.

I need an override DHCP option.

Thanks...