Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
0
Replies

Cisco 891 not assigning IP through wireless

BThresher
Level 1
Level 1

‎11-11-2011 06:51 AM - edited ‎03-07-2019 03:20 AM

I am currently configuring (10) Cisco 891 routers for our remote  users. For some reason, I have always had issues getting the wireless  running correctly. I currently CAN connect to the Guest SSID but I do  not recieve an IP address, just self assigned. Here's the config:

Router Side:

Current configuration : 8341 bytes
!
! Last configuration change at 13:21:43 UTC Tue Jul 26 2011
! NVRAM config last updated at 13:21:45 UTC Tue Jul 26 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Test
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa group server radius dot1x
server-private 172.20.0.157 auth-port 1812 acct-port 1813 key NBR3M0tE
aaa authentication dot1x default group dot1x
aaa authorization network default group dot1x
!
!
!
!
!
aaa session-id common
!
!
!
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-3622028497
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3622028497
revocation-check none
rsakeypair TP-self-signed-3622028497
!
!
crypto pki certificate chain TP-self-signed-3622028497
certificate self-signed 02
30820250 308201B9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363232 30323834 3937301E 170D3131 30373236 31323437
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323230
  32383439 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100AF9F 1707E4A8 9B6C5C65 4A15800B F1CF9C05 5C5F7D42 EFB9F095 B13E96DD
  1863D989 9753094A EBBB5D0C 750CBA5B D1C317A8 A067546D 412F372C E329CC78
  9A391BB0 4F937155 32E13481 64554EFC 1E555713 DFFDAD1D B564648E 35812437
  B64E1B84 0422DC42 DC97F02C 0006181B F1DC9273 9080509C E66CBB22 6245669C
  7E850203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
  551D1104 1C301A82 1864616E 70696E65 61752E79 6F757264 6F6D6169 6E2E636F
  6D301F06 03551D23 04183016 8014516F 3F5FD8BB 5CC066C8 8C80EAC5 6CB71DEC
  842E301D 0603551D 0E041604 14516F3F 5FD8BB5C C066C88C 80EAC56C B71DEC84
  2E300D06 092A8648 86F70D01 01040500 03818100 0DA9DD3C 6C017FA1 9A510968
  58393ECB D4C3AEEA 514EEA78 E1063542 D7175B51 1F54EC6E AECE0E89 0945A7A0
  D3AFD63B 0698F3FD 598B96EC F42C252E B3D203C0 E6107514 C7BDD087 F5E1599D
  8D5F6F13 8BFD5F19 E83495BE 439CC3FE 79BF6006 18755D18 A1BE26A7 F4CDCA1C
  F425B23D DB4205CE 6DDCC355 4F243BD5 83BD2853
      quit
ip source-route
!
!
ip dhcp excluded-address 192.168.55.1
ip dhcp excluded-address 192.168.55.2
ip dhcp excluded-address 192.168.33.1
!
ip dhcp pool NBGuest
   import all
   network 192.168.33.0 255.255.255.0
   default-router 192.168.33.1
!
ip dhcp pool NBCorporate
   import all
   network 192.168.55.0 255.255.255.0
   default-router 192.168.55.1
   option 150 ip 172.19.0.240
   dns-server 172.20.0.157
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip inspect name fwconf tcp
ip inspect name fwconf http
ip inspect name fwconf smtp
ip inspect name fwconf udp
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn FTX15278587
!
!
no username cisco
username admin privilege 15 secret 0 NBR3m0t3
!
!
!
class-map match-any voice-control
match ip precedence 3
match ip dscp af31
match ip dscp cs3
class-map match-any voice-bearer
match access-group 101
match ip dscp ef
match ip precedence 5
!
!
policy-map llq
class voice-bearer
    priority 640
class voice-control
    bandwidth 96
class class-default
    fair-queue
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key NBR3m0t3 address 204.126.80.51
!
!
crypto ipsec transform-set VPN-1 esp-3des esp-md5-hmac
!
crypto map VPN-TRANS 1 ipsec-isakmp
set peer 204.126.80.51
set transform-set VPN-1
match address 110
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
!
interface FastEthernet2
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
!
interface FastEthernet3
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
!
interface FastEthernet4
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
interface FastEthernet5
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
!
interface FastEthernet6
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
!
interface FastEthernet7
switchport voice vlan 11
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x reauthentication
dot1x guest-vlan 20
spanning-tree portfast
!
!
interface FastEthernet8
description Outside
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
arp timeout 0
crypto map VPN-TRANS
!
service-policy output llq
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
!
interface Vlan1
description Data VLAN
ip address 192.168.55.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip pim sparse-dense-mode
ip nat inside
ip inspect fwconf in
ip virtual-reassembly
ip tcp adjust-mss 1452
no autostate
!
!
interface Vlan11
description Voice VLAN
ip unnumbered Vlan1
ip access-group allow_skinny in
ip nbar protocol-discovery
ip inspect fwconf in
no autostate
!
!
interface Vlan20
description Guest VLAN
ip address 192.168.33.1 255.255.255.0
ip pim sparse-dense-mode
ip nat inside
ip inspect fwconf in
ip virtual-reassembly
no autostate
!
!
interface Async1
no ip address
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nonat interface FastEthernet8 overload
!
ip access-list extended allow_skinny
permit udp any any range bootps bootpc
permit udp any any eq domain
permit udp any any eq tftp
permit tcp any any eq 2000
permit udp any any eq 5445
permit udp any any range 2326 2373
permit udp any any range 16384 32764
permit ip 192.168.55.0 0.0.0.255 172.19.0.0 0.0.255.255
permit ip 192.168.55.0 0.0.0.255 172.20.0.0 0.0.255.255
permit ip 192.168.55.0 0.0.0.255 192.168.0.0 0.0.255.255
deny   ip any any log
ip access-list extended nonat
deny   ip 192.168.55.0 0.0.0.255 192.168.0.0 0.0.255.255
deny   ip 192.168.55.0 0.0.0.255 172.19.0.0 0.0.255.255
deny   ip 192.168.55.0 0.0.0.255 172.20.0.0 0.0.255.255
deny   ip 192.168.55.0 0.0.0.255 172.29.0.0 0.0.255.255
deny   ip 192.168.55.0 0.0.0.255 172.30.0.0 0.0.255.255
permit ip 192.168.55.0 0.0.0.255 any
permit ip 192.168.33.0 0.0.0.255 any
!
ip radius source-interface Vlan1
access-list 101 permit udp any any range 16384 32000
access-list 101 permit tcp any any eq 1720
access-list 110 permit ip 192.168.55.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.55.0 0.0.0.255 172.19.0.0 0.0.255.255
access-list 110 permit ip 192.168.55.0 0.0.0.255 172.20.0.0 0.0.255.255
access-list 110 permit ip 192.168.55.0 0.0.0.255 172.29.0.0 0.0.255.255
access-list 110 permit ip 192.168.55.0 0.0.0.255 172.30.0.0 0.0.255.255
access-list 110 deny   ip any any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end

Wireless AP:


Building configuration...

Current configuration : 2835 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ap.danpineau
!
!
aaa new-model
!
!
aaa group server radius dot1x
server-private 172.20.0.157 auth-port 1812 acct-port 1813 key NBR3M0tE
!
aaa authentication login eap group dot1x
aaa authentication login EAP-List group dot1x
aaa authorization exec defaut local
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid NBCorporate
   vlan 1
   authentication open eap EAP-List
   authentication key-management wpa optional
!
dot11 ssid NBGuest
   vlan 20
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 Gu35t551d
!
!
!
no username cisco
username admin privilege 15 secret 0 NBR3M0tE
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm tkip wep128
!
encryption vlan 20 mode ciphers tkip
!
broadcast-key vlan 1 change 30
!
broadcast-key vlan 20 change 30
!
!
ssid NBCorporate
!
ssid NBGuest
!
antenna gain 0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 20
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet
ip address 192.168.55.2 255.255.255.0
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 20
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface GigabitEthernet0
bridge 1 route ip
!
!
!
line con 0
privilege level 15
no activation-character
line vty 0 4
!
cns dhcp
end

Any help is GREATLY Appreciated. Thanks!

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card