05-26-2006 12:57 PM - edited 07-04-2021 12:11 PM
I am trying to get an 871 soho router wireless connections to work.
The SDM is useless.
I have tried to find docs on how and why and what to do - but no luck.
Been at the this for a week. Got the DSL and fw parts working, but not
wireless.
I have a Authentication Open setup - guest-mode enabled.
So I should be pretty wide open for connections.
I can see the SSID on a client PC, but cannot connect.
I'm running DHCP to clients
--------------------
config below
--------------------
bridge irb
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dot11Radio0
no ip address
!
ssid 1138
vlan 1
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0 54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.0.109 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
!
interface Dialer1
description $FW_OUTSIDE$
mtu 1492
ip address negotiated
ip access-group 103 in
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxx@xxxxxx.net password xxx
ppp ipcp dns request accept
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark auto-generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto-generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny ip 192.168.0.0 0.0.0.255 any
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Solved! Go to Solution.
06-03-2006 01:35 PM
interface Dot11Radio0
no ip address
!
ssid 1138
no vlan 1
!
interface Vlan1
no ip address 192.168.0.109 255.255.255.0
no ip nat inside
bridge-group 1
!
interface BVI 1
ip address 192.168.0.109 255.255.255.0
ip nat inside
!
end
Cut these commands in. I'll assume that if you are doing DHCP from a server and not the router. If you wish to use the router, you'll need to configure a DHCP pool.
05-30-2006 08:01 AM
The following commands will config wireless access using pre-shared key:
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip // Encryption mode for WPA since WPA2 is not supported at Cisco 800 integrated routers
!
ssid Free // SSID name
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 Cisco123 // the pre-shared Key that will be used for users whom connect using wireless
!
I hope to be helpful!
Please rate if it does!
Regards
Abd Alqader
05-30-2006 08:57 AM
Thanks, I'll keep this for when I get to the security part. Right now I am just trying to get a wireless client connected. That's why I left the encryption / auth open, so I can start simple and once I get the connectivity working, I can add things. I can see the ssid broadcast but cannot connect.
05-31-2006 08:30 AM
No BVI interface?
05-31-2006 10:52 AM
What the client wireless adapter?
06-01-2006 04:16 AM
Two different machines - one is a usr pcmcia on a dell (winXP) and the other is a broadcom internal on a compaq (winXP)
06-01-2006 08:33 AM
I have the same problem with connectivity. I can see SSID, but unable to get ip address from DHCP pool.
06-02-2006 04:42 AM
I think ??? it has something with the bridge-group and the bvi. But I can't get ANY descriptions of what does what and fits where. It seesm that the BVI allows communication between routed (wan) and bridged (internal) topologies. The problem is: what to plug in and where and what else do I hose.
06-01-2006 04:08 AM
Yep - no BVI - whatever that is. It was there when I called cisco tech support and was gone after he got out. I am finding VERY little info on how to configure this device. I can navigate the cli, but the pieces are greek to me. I see a lot of articles showing the config - but not what should be done and why.
06-02-2006 06:36 AM
i think, if you move the commands from your vlan 1 interface, and put them in a bvi interface, that should take care of it. just do this from the config prompt.
int bvi1
(then just take the commands off of interface vlan 1 and put them in bvi1)
06-02-2006 10:15 AM
I beleive you should use BVI interface, you should put DotRadio0 interface and vlan1 interface into bridge-group1 and remove the IP and NAT configurations from vlan 1 to bvi interface. Hope the following configuraiton example helps:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/85x87x/857swcg/eng/pt2/wireless.htm
06-03-2006 01:35 PM
interface Dot11Radio0
no ip address
!
ssid 1138
no vlan 1
!
interface Vlan1
no ip address 192.168.0.109 255.255.255.0
no ip nat inside
bridge-group 1
!
interface BVI 1
ip address 192.168.0.109 255.255.255.0
ip nat inside
!
end
Cut these commands in. I'll assume that if you are doing DHCP from a server and not the router. If you wish to use the router, you'll need to configure a DHCP pool.
06-04-2006 12:44 PM
WOO HOO !!!!!!!!!!!
Thanks to everyone for your help. I have pppoe connection, dns resolution, wireless connectivity, wired lan connectivity and encryption flying. Kinda like pulling teeth from a duck, but works. My last thing is mac filtering, but that should relatively easy.
Hey - again thanks. The config in the replied-to post got me almost all the way there.
Remember - for every item that you learn - it exposes 5 more things you didn't know that you didn't know. Therefore I am getting more and more incompetent.
06-06-2006 07:47 PM
You could also just give the radio interface its own IP address and make it a routed subnet. Skip the bvi config entirely. Just make sure to create an appropriate DHCP scope for it, and add subnet to any NAT rules or ACLS. The benefit here is that, among a lot of other things, you could apply QoS differently for wireless, different ACLs, and could even (depending on your setup) create a 'guest' SSID that routes directly out to the Internet.
interface Dot11Radio0
description wireless internal net
ip address 192.168.2.1 255.255.255.0
! ip helper will forward DHCP broadcasts from
! the wireless subnet to a server on the wired subnet
! not necessary if using IOS DHCPD
ip helper-address 192.168.1.2
ip nat inside
ip virtual-reassembly
!
ssid private
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description wired internal network
ip address 192.168.1.1 255.255.255.0
ip nat inside
vpn#show ip route connected
200.100.17.0..0/30 is subnetted, 1 subnets
C 200.100.17.16 is directly connected, FastEthernet4
C 192.168.1.0/24 is directly connected, Vlan1
C 192.168.2.0/24 is directly connected, Dot11Radio0
192.168.3.0/32 is subnetted, 1 subnets
C 192.168.3.1 is directly connected, Loopback1
06-20-2006 07:50 AM
I hope this may help you, note that in this scenario the DHCP was configured from the server, if your setup is not the same then you have to define the DHCP scope on the AP.
Current configuration : 1823 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP_NAME
!
enable secret xxx
!
ip subnet-zero
ip domain name somecompany.com.sa
ip name-server [DNS Primary IP]
ip name-server [DNS Secondary IP]
!
!
no aaa new-model
!
dot11 ssid CORE_AP_HG4_01
vlan 2
authentication open
guest-mode
!
!
!
username Cisco password xxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
bandwidth 55296
no ip address
no ip route-cache
!
encryption vlan 2 key 1 size 40bit xxx transmit-key
encryption vlan 2 mode wep mandatory
!
ssid AP_ITDPT
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.80.12.224 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.115 {Cisco Switch IP Address}
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
login local
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
!
end
Best of Luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide