Need tips for wireless printer on local network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2012 08:14 PM - edited 07-03-2021 09:22 PM
Hello,
I have a Cisco 891 ISR that's working fine with several clients on a local network both wired and wireless.
Just picked up a wireless printer and I can see and ping the printer from the router, but the PC setup can't find the printer and thus won't set it up correctly.
I thought perhaps that by opening up ICMP would correct the issue because I can't ping another client on the network, but after entering these commands, I still can't ping the printer from a PC.
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any source-quench
access-list 110 permit icmp any any packet-too-big
access-list 110 permit icmp any any time-exceeded
I'm still new to the Cisco IOS and many of the features, so would appreciate any input as to what I might be missing.
Thanks,
-Mike
- Labels:
-
Other Wireless Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2012 08:54 AM
What are you using for wireless? Maybe its a configuration on the wireless side. Is the users and the printer on the same subnet? Have you tried to put them on the same subnet to see if it works?
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2012 01:09 PM
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any source-quench
access-list 110 permit icmp any any packet-too-big
access-list 110 permit icmp any any time-exceeded
SO which means the router will allow ICMP but will deny ALL OTHER TRAFFIC. Access Control List (ACL) has an emplicit "deny any any" at the end of each statement. You need to add "access-list 110 permit any any" AT THE END of the access list 110.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2012 08:06 PM
Re: ACL - Didn't work with the ACL off and since I assumed the router would have most items turned off (secured) by default, I turned on what I thought might be reasonable. Still not able to ping between PC's on the wireless - gives me a destination unreachable error from a PC command line.
The AP configurations:
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
Thanks for your help!
-Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2012 08:17 PM
Mike,
As what Steve has requested, can you kindly post the complete config?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2012 11:30 PM
Ok, below please find the running config. Did some reading tonite on the public secured packet forwarding - but the documentation is unclear to me. Not sure if ENABLING it means I can communicate with other devices on my wireless LAN, or DISABLING it means that I can communicate with other devices. The docs seem to indicate if it's enabled, it prevents communication between PC's/Printers and anything else (e.g. for a public access point.) because you first have to setup protected ports...
That's NOT what I'm after - this router is being used in a small home-office environment and I DO need to see printers and at some point want to put up a NAS again.
Thanks in advance for your assistance.
============ Begin Cisco 891 running config =============
Using 7006 out of 262136 bytes
!
! Last configuration change at 00:06:30 PCTime Fri Dec 30 2011 by mike
! NVRAM config last updated at 00:07:08 PCTime Fri Dec 30 2011 by mike
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname (Removed)
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 (Removed)
enable password 7 (removed)
!
no aaa new-model
!
!
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1051374130
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1051374130
revocation-check none
rsakeypair TP-self-signed-1051374130
!
!
crypto pki certificate chain TP-self-signed-1051374130
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
no ip source-route
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.99
!
ip dhcp pool ccp-pool1
import all
network 10.0.0.0 255.255.255.0
dns-server (Removed)
default-router 10.0.0.1
!
!
ip cef
no ip bootp server
ip domain name (Removed)
ip name-server (Removed)
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn FTX155085JQ
!
!
username (removed)
username (Removed)
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface GigabitEthernet0 overload
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username
Replace
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2012 05:09 AM
that's from the router, which is good to know. Can you please session into the AP and post the show run from the there?
Steve
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2012 05:40 PM
Steve,
Here it is!
Using 3072 out of 32768 bytes! The default startup configuration file for inter
! Cisco Configuration Professional(Cisco CP)
! DO NOT modify this file; it is required by Cisco CP as is for factory default
! Version 1.0
!
hostname ap
!
enable secret 0 (Removed)
!
!
username (Removed)
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
banner exec ^C
% Password change notice.
-----------------------------------------------------------------------
Default username/password setup on AP is cisco/cisco with privilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username
no username cisco
Replace
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
-----------------------------------------------------------------------
^C
banner login ^C
% Password change notice.
-----------------------------------------------------------------------
Default username/password setup on AP is cisco/cisco with privilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username
no username cisco
Replace
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
-----------------------------------------------------------------------
^C
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
cns dhcp
! End of Cisco CP internal access point default config file
end

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2012 05:53 PM
that looks fine, but very basic. It doesn't look like PAPF is enabled under the bridge group. But it doesn't show any config for the WLAN.
Sent from Cisco Technical Support iPhone App
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 12:49 PM
Any suggestions, or do I need to just find another router?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 06:34 PM
I'm having a similar issue. I have an 891W with an HP 8500A Plus wireless printer. I'm able to ping the printer from my computer, but the HP software does not find the printer. This was working before with an asa 5505 and Cisco AP 1200.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2012 01:13 PM
you're better off removing the ACL. From what you are showing in that ACL it's not doing anything, with out te ACL all traffic should be allowed. Unless there is more you aren't showing.
Can you check the config on the AP side and see if Public Secure Packet Forwarding is enabled? If not can you post the config of the AP?
Steve
Sent from Cisco Technical Support iPhone App
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2018 02:26 AM
So many printers need you to be connected to the same network to which your printer is connected. The steps for connecting a printer to Wi-Fi will vary from printer to printer. you can check online method to connect your printer on a local network. also, check out error 49.4c02
