1941w - 2 ssid's 2 vlans and 2 bvi interfaces - routing issue

richardbowden · ‎10-09-2011

Hello All,

I have been given the 1941w to configure for our office, done some cisco work in the past, but nothing like this....i have it 99% configured apart from the liitle issue.

This is what I have configured, attached are the config files for the router and ap.

gig 0/0 is internet access

FOR LAN ACCESS

dhcp pool 172.16.0.0/24

gig 0/1 is lan (vlan 1 and in bvi 1)

wireless ssid 00110101 (vlan 1 and bvi 1)

FOR WIRELESS GUEST ACCESS ONLY

dhcp pool 172.16.1.0/24

wireless ssid cloudyguest (vlan 2 and bvi 2)

both wireless and lan can access the internet ok through gig 0/0 using ip's on their own subnet's

Please may i ask, would some one be kind enough to go over my config as although it works is it the correct way to do things, i have used the cisco doc's a lot to get it this far.

Also my problem, although i have not speccified to route between vlan 1 and 2 i can ping ip's on either side and access file shares for example on both sides, ideally the lan and lan wifi should be able to talk to each other and get internet, and guest wifi cloudyguest internet only...not sure how to do the last bit, i did try adding a acl to to each bvi interface for 172.16.0.0 0.0.255.255...this kind of worked but was not able to ping the gateway ip for each subnet.

thanks in advance

best regards

richard

dddcooke1 · ‎12-14-2020

Hi Richard, Did you every get this resolved? I'm having similar issue.

3 Vlans 3 SSIDs

ssid SMH-NATIVE VLAN 1 192.168.10.0/24
ssid SMH-Employees VLAN 2 192.168.20.0/24
ssid SMH-VOIP VLAN 4 192.168.40.0/24

On the wired side I can ping devices on different VLANs across the wire.

On the WiFi I can only ping devices on vlan1 and get a DHCP assignment. Vlan 2 & 3 can not ping and no DHCP.

Thanks for looking

AP Config

Current configuration : 3206 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$YkUa$k/lBfSWQHoM2uh/VsFgdb.
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid SMH-Employees
vlan 2
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 096D63272924242159
!
dot11 ssid SMH-NATIVE
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 1128342B2733383F55
!
dot11 ssid SMH-VOIP
vlan 4
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 14363F253C25191877
!
!
!
username Cisco password 7 047802150C2E
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 4 mode ciphers aes-ccm
!
ssid SMH-Employees
!
ssid SMH-NATIVE
!
ssid SMH-VOIP
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
!
interface GigabitEthernet0.4
encapsulation dot1Q 4
no ip route-cache
!
interface BVI1
ip address 192.168.10.2 255.255.255.0
no ip route-cache
!
interface BVI2
ip address 192.168.20.2 255.255.255.0
no ip route-cache
!
interface BVI4
ip address 192.168.40.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.20.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
no activation-character
line vty 0 4
login local
!

Router Config

Building configuration...

Current configuration : 3235 bytes
!
! Last configuration change at 20:19:17 UTC Mon Dec 14 2020
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.30
ip dhcp excluded-address 192.168.20.1 192.168.20.30
ip dhcp excluded-address 192.168.40.1 192.168.40.30
!
ip dhcp pool SMH-NATIVE
network 192.168.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.10.1
!
ip dhcp pool SMH-Employees
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
!
ip dhcp pool SMH-VOIP
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
dns-server 8.8.8.8
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941W-A/K9 sn FTX161683ET
license boot module c1900 technology-package securityk9
hw-module ism 0
!
!
!
vtp domain Houston
vtp mode transparent
!
redundancy
!
!
!
!
vlan 2-4
!
vlan 7
name 104F-Primary
!
vlan 8
name 104F-IOT
!
vlan 9
name 104F-GUEST
!
vlan 10
name WIFI
!
vlan 11,13
!
vlan 20
name home
!
vlan 30
name comcast
!
vlan 70
name WIFI70
!
vlan 80
name WIFI80
!
vlan 100
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Wlan-GigabitEthernet0/0
description uplink to AP
switchport mode trunk
no ip address
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
switchport access vlan 2
no ip address
!
interface Vlan1
description SMH-NATIVE
ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
description SMH-Employees
ip address 192.168.20.1 255.255.255.0
!
interface Vlan4
description SMH-VOIP
ip address 192.168.40.1 255.255.255.0
!
!
router eigrp 10
network 0.0.0.0