08-10-2018 05:07 AM - edited 07-05-2021 08:58 AM
Hello,
i have AIR-CAP2702I-E-K9 running as autonomous connected to Huawei HG8240T OPT
i configure DHCP pool on the AP then i disabled the DHPC from the huawei
i can get ip from the AP but no internet , i but the default router & DNS every thing should be fine but no internet , would you please help me
aaa session-id common
clock timezone +0200 2 0
no ip source-route
no ip cef
ip domain name bikoo.net
ip name-server 163.121.128.134
ip name-server 163.121.128.135
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1 10.10.10.5
!
ip dhcp pool BIKOO-AP
network 10.10.10.0 255.255.255.0
dns-server 163.121.128.134 163.121.128.135 10.10.10.1
default-router 10.10.10.1
!
!
!
!
dot11 pause-time 100
dot11 syslog
!
dot11 ssid BIKOO
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxxxx
!
dot11 ssid RAFY
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxx
no ids mfp client
!
!
dot11 arp-cache
!
no ipv6 cef
!
!
username Cisco privilege 15 password 7 xxxxxx
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid BIKOO
!
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
ssid RAFY
!
antenna gain 0
probe-response gratuitous
peakdetect
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 128
channel width 40-above
channel dfs
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
description ADSL LINK
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description ADSL LINK
mac-address 7081.05ec.3747
ip address 10.10.10.2 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
end
08-10-2018 06:10 AM
08-10-2018 07:11 AM
@pieterh thanks for your reply , i got your point , i tried to enable the Huawei DHCP with the AP DHCp but the devices obtain the ip from Huawei DHCP not the AP, thats why i disable it,
BTW i have another site with the same setup using Linksys ADSL router and 1142 AP it's working fine.
DHCP disabled from the ADSL and user get the IP from the AP.
any idea ?
08-10-2018 07:51 AM
08-10-2018 07:53 AM
BIKOO-AP#ping163.121.128.134
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to163.121.128.134, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
BIKOO-AP#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
08-10-2018 08:27 AM
i can't ping any public ip from the AP.
this is the issue.
08-10-2018 09:28 AM
i just notice that my Huawei NAT set Port Restricted cone NAT as the below, it could be the reason ?
08-11-2018 06:15 AM - edited 08-11-2018 06:19 AM
i tried to ping DNS or any public ip from the other site AP its not pinging , but the users get ip from the AP DHCP pool can access the internet normally. any idea what it could be the issue in the other site ?
aaa session-id common
clock timezone +0200 2 0
no ip source-route
no ip cef
ip domain name bikoo.net
ip name-server 163.121.128.134
ip name-server 163.121.128.135
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1 10.10.10.5
!
ip dhcp pool BIKOO-AP
network 10.10.10.0 255.255.255.0
dns-server 163.121.128.134 163.121.128.135 10.10.10.1
default-router 10.10.10.1
!
!
!
!
dot11 pause-time 100
dot11 syslog
!
dot11 ssid BIKOO
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxxxx
!
dot11 ssid RAFY
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxx
no ids mfp client
!
!
dot11 arp-cache
!
no ipv6 cef
!
!
username Cisco privilege 15 password 7 xxxxxx
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid BIKOO
!
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
ssid RAFY
!
antenna gain 0
probe-response gratuitous
peakdetect
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 128
channel width 40-above
channel dfs
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
description ADSL LINK
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description ADSL LINK
mac-address 7081.05ec.3747
ip address 10.10.10.2 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
end
08-11-2018 08:39 AM
08-11-2018 08:54 AM - edited 08-11-2018 08:56 AM
Done
interface BVI1
description ADSL LINK
mac-address 7081.05ec.3747
ip address 10.10.10.2 255.255.255.0
ipv6 enable
!
ip default-gateway 10.10.10.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
but the same cant ping and no internet if i use the AP DHCP pool
08-11-2018 08:57 AM
08-11-2018 09:00 AM
actually i have two sites, one is okay except ping internet from the AP which is okay since the clients can reach the internet,
the problem with the other site, since i configure the DHCP on the AP i can get IP but i cant open internet.
this what i'm trying to fix now.
Thanks
08-11-2018 09:03 AM
08-11-2018 09:10 AM
yes both AP's are identical the only difference is one site has ADSL (working fine) and the other one is fiber modem HG8240T not working if i disable the DHCP, and even if i enable the DHCP on HG8240T and Cisco AP , device's obtain IP from the HG8240T not the AP,
08-12-2018 10:04 AM
I would connect a wired laptop to a switch that is configured for the same vlan as the wireless users or ap's and verify. Eliminate that issue that on the ap management subnet that a configuration is not working right. I'm assuming that the ap management subnet is allowed to route outside and the nat is working?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide