cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1006
Views
0
Helpful
5
Replies

C819HWD doesn't have Wi-Fi page on cisco express webgui

blasemarzo
Level 1
Level 1

C819HWD doesn't have Wi-Fi page on cisco express webgui and the connected wireless clients don't have internet

I just passed CCNA and wanted to learn and practice some WIFI knowledge, so I bought this Cisco Refresh ISR router to practice. 

Setting up seemed to be straightforward on CLI, but when I tested it, my wireless clients are unable to open websites.

Ping to ip addresses and to hostnames works properly.

Then I decided to set it up in web gui and realized I am unable to reach the Wifi page (only that one) to setup.

blasemarzo_0-1690471367929.png

Is it normal and I missed something in the configuration or is the device faulty?

I attach my config.

Thanks for your help.

 

Spoiler

Router#
Router#sh run
Building configuration...

Current configuration : 2324 bytes
!
! Last configuration change at 14:31:22 UTC Thu Jul 27 2023
version 15.2
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable password admin
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
!
ip cef
!
!
!
!


!
ip dhcp excluded-address 192.0.3.1 192.0.3.5
!
ip dhcp pool wireless
network 192.0.3.0 255.255.255.0
default-router 192.0.3.1
dns-server 192.168.4.100
netbios-name-server 192.168.8.100
!
!
!
ip name-server 194.168.4.100
ip name-server 194.168.8.100
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C819HWD-E-K9 sn FCZ1919C05S
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface GigabitEthernet0
description PrimaryWANDesc_
ip address 192.168.0.100 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 192.0.3.1 255.255.255.0
ip helper-address 192.168.0.1
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description * Management *
ip address 192.0.2.1 255.255.255.0
ip helper-address 192.168.0.1
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
access-list 1 permit any
!
snmp-server community wifi RO
!
control-plane
!
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
password admin
login
transport input all
!
scheduler allocate 20000 1000
!
end

Router#
Router#

Router#service-module wlan-ap 0
% Incomplete command.

Router#service-module wlan-ap 0 ?
heartbeat-reset Enable/disable Heartbeat failure to reset Service Module
reload Reload service module
reset Hardware reset of Service Module
session Service module session
statistics Service Module Statistics
status Service Module Information
upgrade Service Module Upgrade

Router#service-module wlan-ap 0 session
Trying 192.0.3.1, 2002 ... Open

Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt


User Access Verification

Username: cisco
Password:
ap#
ap#
ap#
ap#sh run
Building configuration...

Current configuration : 3669 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$dy7r$5s0TarANHj4.HBS7FE2rV/
!
no aaa new-model
ip name-server 192.0.3.1
ip name-server 194.168.4.100
ip name-server 194.168.8.100
!
!
dot11 syslog
!
dot11 ssid test1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 cisco1234
!
dot11 ssid test2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 cisco1234
!
!
crypto pki trustpoint TP-self-signed-2377477084
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2377477084
revocation-check none
rsakeypair TP-self-signed-2377477084
!
!
crypto pki certificate chain TP-self-signed-2377477084
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333737 34373730 3834301E 170D3032 30333031 30303130
34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33373734
37373038 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F963 5147C513 C4921745 C5E86252 999E35E9 3AA53E60 8A54CC0F 227EEF86
FE6A4BA6 477C8295 B3DCCAE3 0B11938E E173EAF3 14A7FDC2 40CB6412 AACBB482
717478AD 5B3EF63C 79DD77F4 2B6C5907 6225FF00 832843AE E49EF0B8 D07ABC88
34925D54 BD592FE2 AA1F5920 EC82FAB4 9C9AA54D 2616F436 A61275B1 19B8A4D8
935F0203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
551D1104 06300482 02617030 1F060355 1D230418 30168014 F92F723A 60FC7D9D
AEB38487 2765C8AF 506B0480 301D0603 551D0E04 160414F9 2F723A60 FC7D9DAE
B3848727 65C8AF50 6B048030 0D06092A 864886F7 0D010104 05000381 8100D3EB
FDC2AE5A 69F10C4F 980B576B 12B05C17 0568B2AD 30C1C829 DBCBECF0 8DAE9C93
4D1E9437 7E979442 3DC3C0CA 193538C4 B151266F 2675B001 7266E9CE C455C1BF
4C917289 AE5677BE 8AB2DC76 8F6EDE75 2808E5A1 026FD462 204F8AE0 4915E708
EDD5D98E 187E2600 9A5D7BEF 88D15D28 77AA25A3 08B8789B F6A6468F 05AB
quit
username cisco privilege 15 secret 5 $1$dlNO$iDtLtdzy/0EJPpCzc5Tx8.
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid test2
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid test1
!
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp
!
ip default-gateway 192.0.3.1
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
end

ap#
ap#
ap#
ap#

ap#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms
ap#ping google.com
Translating "google.com"...domain server (194.168.4.100) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.250.179.238, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms
ap#sh ip int brief
Interface IP-Address OK? Method Status Protocol
BVI1 192.0.3.6 YES DHCP up up
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio1 unassigned YES NVRAM up up
GigabitEthernet0 unassigned YES NVRAM up up
ap#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: BVI1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.0.3.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms
ap#traceroute
Protocol [ip]:
Target IP address: google.com
Source address: 192.0.3.6
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]: 5
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to google.com (142.250.179.238)

1 192.0.3.1 0 msec 4 msec 0 msec
2 192.168.0.1 4 msec 4 msec 0 msec
3 10.53.35.93 12 msec 12 msec 8 msec
4 croy-core-2a-xe-703-0.network.virginmedia.net (62.252.14.57) 16 msec 12 msec 16 msec
5 * * *
ap#traceroute
Protocol [ip]:
Target IP address: google.com
Translating "google.com"...domain server (194.168.4.100) [OK]

Source address: 192.0.3.6
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]: 15
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to google.com (142.250.179.238)

1 192.0.3.1 0 msec 4 msec 0 msec
2 192.168.0.1 4 msec 4 msec 4 msec
3 10.53.35.93 12 msec 12 msec 12 msec
4 croy-core-2a-xe-703-0.network.virginmedia.net (62.252.14.57) 28 msec 12 msec 16 msec
5 * * *
6 eislou2-ic-4-ae0-0.network.virginmedia.net (62.254.59.130) 16 msec 16 msec 12 msec
7 142.250.160.116 16 msec 16 msec 20 msec
8 * * *
9 74.125.242.97 16 msec
192.178.46.80 24 msec
142.251.54.32 12 msec
10 74.125.242.114 16 msec
74.125.242.82 16 msec
74.125.242.114 16 msec
11 google.com (142.250.179.238) 32 msec
209.85.241.211 16 msec 12 msec
ap#




5 Replies 5

Rich R
VIP
VIP

First of all I'd make sure your software is up to date:
For the AP: https://software.cisco.com/download/home/286284546/type/284180979/release/15.3.3-JF15
For the router: https://software.cisco.com/download/home/284368305/type/280805680/release/15.9.3M7

Then I wouldn't get too obsessed about the GUI on the AP - that's known to have a number of bugs in it anyway and they will never get fixed because the AP and software are end of support already (lucky it's still there to download but not for much longer).

So concentrate on using CLI to get the config right.  I haven't worked with these integrated APs much but I recall it being tricky getting the VLANs set up between AP and router so you might have to experiment a bit.

What does "show dot11 bssid" and "show dot11 ass all" show?

> "my wireless clients are unable to open websites. Ping to ip addresses and to hostnames works properly."
So the client gets an IP from DHCP? And can ping to internet and do DNS lookups? But can't access a web site?
Try adding "ip tcp adjust-mss 1250" to the VL1 interface?

Are you relaying DHCP to your VM router?  If so I'm surprised it even supports that!  Why not just use a local DHCP pool on the 819?

blasemarzo
Level 1
Level 1

Hi,

Thanks for your answer, I really appreciate it.

Sorry for the late answer, I was on long weekend and I didn't have access to my home lab.

Before your answer, I followed the webgui short guide, and clicked "Import all DHCP options in to the DHCP server database" option, which added "import all" to my configuration. I have never heard before this before, but since then everything works. Getting IP, dns, opening websites.

ap#show dot11 bssid
ap#show dot11 bssid
Interface BSSID Guest SSID
Dot11Radio1 54a2.7425.a210 Yes test1
Dot11Radio0 54a2.7425.a200 Yes test2
ap#
ap#
ap#
ap#show dot11 ass all
ap#show dot11 ass all-client
Address : 6067.20b7.2c84 Name : ap
IP Address : 192.0.3.9 Interface : Dot11Radio 1
Device : ccx-client Software Version : NONE
CCX Version : 4 Client MFP : Off

State : Assoc Parent : self
SSID : test1
VLAN : 0
Hops to Infra : 1 Association Id : 2
Clients Associated: 0 Repeaters associated: 0
Tunnel Address : 0.0.0.0
Key Mgmt type : WPA PSK Encryption : TKIP
Current Rate : 54.0 Capability : WMM 11h
Supported Rates : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates : disabled Bandwidth : 20 MHz
Signal Strength : -39 dBm Connected for : 254 seconds
Signal to Noise : 62 dB Activity Timeout : 20 seconds
Power-save : Off Last Activity : 0 seconds ago
Apsd DE AC(s) : NONE

Packets Input : 110236 Packets Output : 108834
Bytes Input : 9786699 Bytes Output : 160375768
Duplicates Rcvd : 301 Data Retries : 11422
Decrypt Failed : 0 RTS Retries : 0
MIC Failed : 0 MIC Missing : 0
Packets Redirected: 0 Redirect Filtered: 0
Session timeout : 0 seconds
Reauthenticate in : never

Address : 9e9f.941c.d4d8 Name : NONE
IP Address : 192.0.3.7 Interface : Dot11Radio 1
Device : unknown Software Version : NONE
CCX Version : NONE Client MFP : Off

State : Assoc Parent : self
SSID : test1
VLAN : 0
Hops to Infra : 1 Association Id : 1
Clients Associated: 0 Repeaters associated: 0
Tunnel Address : 0.0.0.0
Key Mgmt type : WPA PSK Encryption : TKIP
Current Rate : 54.0 Capability : WMM 11h
Supported Rates : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates : disabled Bandwidth : 20 MHz
Signal Strength : -31 dBm Connected for : 1552 seconds
Signal to Noise : 70 dB Activity Timeout : 38 seconds
Power-save : On Last Activity : 22 seconds ago
Apsd DE AC(s) : NONE

Packets Input : 41210 Packets Output : 20754
Bytes Input : 55168598 Bytes Output : 4644400
Duplicates Rcvd : 6 Data Retries : 1637
Decrypt Failed : 0 RTS Retries : 0
MIC Failed : 0 MIC Missing : 0
Packets Redirected: 0 Redirect Filtered: 0
Session timeout : 0 seconds
Reauthenticate in : never

Address : 8641.9fe5.316a Name : NONE
IP Address : 192.0.3.8 Interface : Dot11Radio 0
Device : unknown Software Version : NONE
CCX Version : NONE Client MFP : Off

State : Assoc Parent : self
SSID : test2
VLAN : 0
Hops to Infra : 1 Association Id : 1
Clients Associated: 0 Repeaters associated: 0
Tunnel Address : 0.0.0.0
Key Mgmt type : WPA PSK Encryption : TKIP
Current Rate : 54.0 Capability : WMM ShortHdr ShortSlot
Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates : disabled Bandwidth : 20 MHz
Signal Strength : -28 dBm Connected for : 1535 seconds
Signal to Noise : 37 dB Activity Timeout : 55 seconds
Power-save : On Last Activity : 5 seconds ago
Apsd DE AC(s) : NONE

Packets Input : 15117 Packets Output : 23082
Bytes Input : 1984356 Bytes Output : 31388568
Duplicates Rcvd : 85 Data Retries : 1202
Decrypt Failed : 0 RTS Retries : 0
MIC Failed : 0 MIC Missing : 0
Packets Redirected: 0 Redirect Filtered: 0
Session timeout : 0 seconds
Reauthenticate in : never

ap#

But it still doesn't open the wifi page in web-gui... 

As it is a Cisco Refresh new product, should I RMA it, or leave it?

Not sure what you mean by "still doesn't open the wifi page in web-gui." but presumably you mean there's 1 part of the GUI not working.

As I said before there are KNOWN issues with the GUI - some parts of it don't work.  But that is a software bug not a hardware issue so you cannot RMA the hardware because of a software bug.  The software for that 3500 series access point is end of support already (more than 2 years ago) so that will never be fixed.  If you want to use something which still has current support you'll need to buy a newer product - that AP is literally about 3 generations of AP out of date (since then we've had Wave 1 AC - 3700, Wave 2 AC 3800 and now Catalyst 91xx AX and 6E APs).  That's why I said you could use GUI for initial setup but you'll need to do the rest on CLI.
https://www.cisco.com/c/en/us/obsolete/wireless/cisco-aironet-3500-series.html

- Yes, that is correct, only 1 part doesn't work in the gui.

- I work for a cisco partner and our customers sometimes are asking for advice, so I bought this device for my home lab to practice wifi and integrated services to be able to give proper advice to customers and for this money I can't buy a newer device and probably I don't need it as well. For home labing is just perfect.

- Yesterday I saved my configs and started some experiment, playing with the settings. What I found:

1. when I update the ios to the suggested version, I don't have any access to web gui, it doesn't work at all

2. I was unable to upgrade the AP through TFTP, connection was made, but 0 bytes was transferred

3. I tried to add routing and bridging to the router config for the wifi's access, nothing helped

4. I upgraded cisco express to the latest one, but it was still the same

5. in the end, I connect to the wifi by my laptop and entered the bvi interface's ip address of the AP and voila I had a different web gui which belongs to the integrated access point and the integrated services and it looks more straightforward to a beginner than the CLI (and none of the official guides mention this GUI)

So learning is a little bit challenging nowadays, but hopefully sooner or later I get familiar with the things.

Thanks for your help, you are great! 

It sounds like you were using the router GUI not the AP GUI initially!

If you're hoping to use this to advise your customers I honestly don't think it will help you much.  Autonomous APs are almost all end of support now and have all been end of sale for years already.  What you learn from this will have little to no relevance to the current Cisco wireless products and technologies your customers are buying.  Installing a lightweight (CAPWAP) AP image (instead of autonomous) and joining it to a WLC would be slightly more relevant but still the latest supported WLC you can use is with AireOS version 8.5 (eg 2504 WLC) which is also effectively end of life.

Review Cisco Networking for a $25 gift card