Configuring 1941W embedded AP

Jamaal Davis
Level 1
Level 1

I am trying to configure one of the new ISR G2 router and I am having some issues configuring the wireless side of it.  I use the CCP for initial configuration but since then I was using a console connection.  For some strange reason I am unable to receive a DHCP address on the BVI address and if I set a static address i cannot ping it from the network.  Because of this I cannot configure the wireless device form any IP address.  This router is in a test environment and any configuration can be is the Router and the AP config.

please help

Building configuration...

Current configuration : 5531 bytes
! Last configuration change at 15:30:43 PCTime Thu Feb 18 2010 by pix
! NVRAM config last updated at 15:02:54 PCTime Thu Feb 18 2010 by pix
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname BFH_HO_RTR
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$GNC9$CeeGEEYetfIYkVFkrLcs0/
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
service-module wlan-ap 0 bootimage autonomous
no ipv6 cef
no ip source-route
ip cef
no ip bootp server
ip domain name
ip name-server
ip name-server
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3528932359
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3528932359
revocation-check none
rsakeypair TP-self-signed-3528932359
crypto pki certificate chain TP-self-signed-3528932359
certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33353238 39333233 3539301E 170D3130 30323136 32323438
  30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35323839
  33323335 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100CB48 A760C81D 8658F99E 2DBB5327 ED38CFB9 E056832E D4D9F014 B35DDF6C
  3B9D0C29 5E04C7D1 745ED40A 2F6E5E89 E5211E21 23F6B76D F9EE367E A0BCB7B8
  AB2C994A 4613099A 312E6C5A 353485D8 FF4BE435 9938D3F1 8D810634 ECBDD2FF
  24F33D44 B470881A 0A3D04AB D90E9F4A 5875BBBB D2D7C1DE 3374570F DFD8830E
  F0F70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 14479D18 91EA8241 28F8BA7D 1F6BE196 418D2FDB
  FF301D06 03551D0E 04160414 479D1891 EA824128 F8BA7D1F 6BE19641 8D2FDBFF
  300D0609 2A864886 F70D0101 04050003 81810058 E022FB50 00EF10F7 6B853E42
  1AF28E19 A00678CE 10D9BA44 DD65DF73 C49732C9 2048A35D 63919DE4 E76A2809
  14757B5E 61FA6BD5 B9AF1B36 831D1884 F7924A82 FC5EFDA3 D25C7471 09EE709E
  F92398BB BDFE01B7 7DEB4E1D CC2D95EB F8EE9AFD 60E15841 4B57D987 3B42ABD8
  30F7E2B7 AA52D66E 0FAFB873 4DE6AA3F 09C1CB
license udi pid CISCO1941W-A/K9 sn FTX140481R0
username pix privilege 15 secret 5 $1$5M0.$HKCrHm8S5nRg84P8gZ5kx0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
interface GigabitEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/0.1
description Data Center Interface
encapsulation dot1Q 1 native
ip address
ip flow ingress
no cdp enable
interface GigabitEthernet0/0.2
description voice Vlan Interface
encapsulation dot1Q 2
ip address
ip flow ingress
no cdp enable
interface GigabitEthernet0/0.4
description HO Vlan Interface
encapsulation dot1Q 4
ip address
ip flow ingress
no cdp enable
interface GigabitEthernet0/0.6
description NUA Vlan Interface
encapsulation dot1Q 6
ip address
ip flow ingress
no cdp enable
interface GigabitEthernet0/0.7
description NUA Vlan Interface
encapsulation dot1Q 7
ip address
ip flow ingress
no cdp enable
interface GigabitEthernet0/0.9
description Printers Vlan Interface
encapsulation dot1Q 9
ip address
ip flow ingress
no cdp enable
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered GigabitEthernet0/0.1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
no mop enabled
no mop sysid
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
router eigrp 100
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
no cdp run

banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000

And here is the AP

Building configuration...

Current configuration : 2360 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$DgR/$H1V/mWbWwoDTfwPT477l6.
no aaa new-model
no ip domain lookup
dot11 syslog
dot11 ssid BFHPUBLIC
   authentication open
username pix privilege 15 secret 5 $1$M50y$RqTRacwQwHeX0tpH5hLUX.
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 3 mode ciphers tkip
broadcast-key vlan 3 change 30
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 3 mode ciphers tkip
broadcast-key vlan 3 change 30
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface GigabitEthernet0
description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
interface BVI1
ip address
no ip route-cache
ip http server
no ip http secure-server
ip http help-path
bridge 1 protocol ieee
bridge 1 route ip
line con 0
no activation-character
line vty 0 4
login local

Level 1
Level 1

It sounds like the embedded swtich that links the AP to the Router is not configured to do its job.

If you search on the phrase on this site "Cisco 1941w basic configuration" and look at the example by ibromis, he outlines how to set up the port WLAN-Gigabitethernet 0/0 into trunk mode, and you add VLAN definitions for each SSID.

This worked for me. Prior to reading this carfully, my wirless devices were not getting passed a DHCP address from the router. As soon as I fixed this issue, the DHCP worked and routing occured.

By the way you have quite a complex configuration to troubleshoot.

I would start off with the minimum config to get all the components working together and then add to it, testing each time to make sure you don't break anything.

Just have one radio defined and one LAN interface. When you can get a wireless device to connect though to your LAN, start addiing extra definitions.

Is this the only router in your organisation? Do you need all VLANS to be accessed via wireless? If not you could make the code a lot simpler.

Back up the configuration often, and only write to memory when you are sure that the additional code works as intended.

I cant see a bridge irb command in your router section of your config, and no default route or bridge 1 route ip type command. These are usually needed to make things work.

Please let us know if you have fixed your router in the meantime and post the working config. There is a big lack of postings here to help others.



