Re: 2702i autonomous with huawei HG8240T no internet

bikoo106 · ‎08-10-2018

Hello,

i have AIR-CAP2702I-E-K9 running as autonomous connected to Huawei HG8240T OPT

i configure DHCP pool on the AP then i disabled the DHPC from the huawei

i can get ip from the AP but no internet , i but the default router & DNS every thing should be fine but no internet , would you please help me

aaa session-id common
clock timezone +0200 2 0
no ip source-route
no ip cef
ip domain name bikoo.net
ip name-server 163.121.128.134
ip name-server 163.121.128.135
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1 10.10.10.5

!
ip dhcp pool BIKOO-AP
network 10.10.10.0 255.255.255.0
dns-server 163.121.128.134 163.121.128.135 10.10.10.1
default-router 10.10.10.1
!
!
!
!
dot11 pause-time 100
dot11 syslog
!
dot11 ssid BIKOO
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxxxx
!
dot11 ssid RAFY
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxx
no ids mfp client
!
!
dot11 arp-cache
!
no ipv6 cef
!
!
username Cisco privilege 15 password 7 xxxxxx

!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid BIKOO
!
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
ssid RAFY
!
antenna gain 0
probe-response gratuitous
peakdetect
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 128
channel width 40-above
channel dfs
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
description ADSL LINK
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description ADSL LINK
mac-address 7081.05ec.3747
ip address 10.10.10.2 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
end

pieterh · ‎08-10-2018

I think you are mistaking about the DHCP server.
the 2702 uses DHCP only for wireless clients.
The huawei uses DHCP both for wireless AND wired devices (such as the LAN connection of the access-point)

maybe you need to reconfigure one of the devices so they do not use the same ip-subnet
But i guess you first need to re-enable DHCP on the Huawei

bikoo106 · ‎08-10-2018

@pieterh thanks for your reply , i got your point , i tried to enable the Huawei DHCP with the AP DHCp but the devices obtain the ip from Huawei DHCP not the AP, thats why i disable it,

BTW i have another site with the same setup using Linksys ADSL router and 1142 AP it's working fine.

DHCP disabled from the ADSL and user get the IP from the AP.

any idea ?

pieterh · ‎08-10-2018

can you ping the default-router 10.10.10.1 from the access point?
can you ping an internet host like dns-server 163.121.128.134 from the access point?

bikoo106 · ‎08-10-2018

BIKOO-AP#ping163.121.128.134

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to163.121.128.134, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

BIKOO-AP#ping 10.10.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

bikoo106 · ‎08-10-2018

i can't ping any public ip from the AP.

this is the issue.

bikoo106 · ‎08-10-2018

i just notice that my Huawei NAT set Port Restricted cone NAT as the below, it could be the reason ?

bikoo106 · ‎08-11-2018

i tried to ping DNS or any public ip from the other site AP its not pinging , but the users get ip from the AP DHCP pool can access the internet normally. any idea what it could be the issue in the other site ?

aaa session-id common
clock timezone +0200 2 0
no ip source-route
no ip cef
ip domain name bikoo.net
ip name-server 163.121.128.134
ip name-server 163.121.128.135
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1 10.10.10.5

!
ip dhcp pool BIKOO-AP
network 10.10.10.0 255.255.255.0
dns-server 163.121.128.134 163.121.128.135 10.10.10.1
default-router 10.10.10.1
!
!
!
!
dot11 pause-time 100
dot11 syslog
!
dot11 ssid BIKOO
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxxxx
!
dot11 ssid RAFY
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxx
no ids mfp client
!
!
dot11 arp-cache
!
no ipv6 cef
!
!
username Cisco privilege 15 password 7 xxxxxx

!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid BIKOO
!
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
ssid RAFY
!
antenna gain 0
probe-response gratuitous
peakdetect
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 128
channel width 40-above
channel dfs
station-role root
rts threshold 512
rts retries 128
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
description ADSL LINK
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description ADSL LINK
mac-address 7081.05ec.3747
ip address 10.10.10.2 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
end

Scott Fella · ‎08-11-2018

The reason you can ping anything outside the management subnet is because you didn’t configure a default gateway.

interface BVI1
ip default-gateway

Try that and let us know if that fixed the issue.

-Scott
*** Please rate helpful posts ***

bikoo106 · ‎08-11-2018

Done

interface BVI1
description ADSL LINK
mac-address 7081.05ec.3747

ip address 10.10.10.2 255.255.255.0

ipv6 enable

!

ip default-gateway 10.10.10.1

ip forward-protocol nd

ip http server

ip http authentication aaa

no ip http secure-server

but the same cant ping and no internet if i use the AP DHCP pool

Scott Fella · ‎08-11-2018

You mentioned that clients work, it’s just the AP in which you can ping anything on the internet.

-Scott
*** Please rate helpful posts ***

bikoo106 · ‎08-11-2018

actually i have two sites, one is okay except ping internet from the AP which is okay since the clients can reach the internet,

the problem with the other site, since i configure the DHCP on the AP i can get IP but i cant open internet.

this what i'm trying to fix now.

Thanks

Scott Fella · ‎08-11-2018

And the two site are configured alike? Seems to be a NAT issue.

-Scott
*** Please rate helpful posts ***

bikoo106 · ‎08-11-2018

yes both AP's are identical the only difference is one site has ADSL (working fine) and the other one is fiber modem HG8240T not working if i disable the DHCP, and even if i enable the DHCP on HG8240T and Cisco AP , device's obtain IP from the HG8240T not the AP,

Scott Fella · ‎08-12-2018

I would connect a wired laptop to a switch that is configured for the same vlan as the wireless users or ap's and verify. Eliminate that issue that on the ap management subnet that a configuration is not working right. I'm assuming that the ap management subnet is allowed to route outside and the nat is working?

-Scott
*** Please rate helpful posts ***