Announcement

Collapse
No announcement yet.

incomplete wireless config for 877w

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • incomplete wireless config for 877w

    I have been able to use the forums to get most of my cisco 877w working as expected, but i'm still having a problem with the wireless component. see my config below, the ssid works fine, but getting an ip from the vlan isn't -- i know the bvi interface should have an ip address, and i've seen many configs where the vlan doesn't have one, but i can't seem to config it like that without losing connectivity to the router. any help is much appreciated.

    -----------------------------------------

    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PST -8
    clock summer-time PST recurring 1 Sun Apr 2:00 last Sun Oct 2:00
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1 10.10.10.99
    !
    ip dhcp pool sdm-pool
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    dns-server 4.2.2.2 4.2.2.3
    lease 0 6
    !
    !
    ip name-server 4.2.2.2
    ip name-server 4.2.2.3
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 netshow
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    no ip ips deny-action ips-interface
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    bundle-enable
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$
    pvc 0/35
    oam-pvc manage
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
    no ip address
    shutdown
    !
    broadcast-key change 300 membership-termination
    !
    !
    encryption mode ciphers tkip
    !
    ssid 2WIRE334
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 xxxxxxxxxxxx
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    no dot11 extension aironet
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1412
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 101 in
    ip mtu 1452
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname username
    ppp chap password 7 xxxxxxxxx
    !
    interface BVI1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    shutdown
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip dns server
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    !
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by Cisco SDM Express firewall configuration
    access-list 101 remark CCP_ACL Category=1
    access-list 101 permit udp host 4.2.2.3 eq domain any
    access-list 101 permit udp host 4.2.2.2 eq domain any
    access-list 101 permit udp any any eq domain
    access-list 101 permit udp any eq domain any
    access-list 101 permit udp host 129.6.15.28 eq ntp any eq ntp
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny ip 10.10.10.0 0.0.0.255 any
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip any any
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    control-plane
    !
    bridge 1 route ip

  • #2
    Re: incomplete wireless config for 877w

    if anyone is interested i got it running by making a 2nd vlan (which i really didn't want to do) below is the results, maybe it will help someone else out:



    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PST -8
    clock summer-time PST recurring 1 Sun Apr 2:00 last Sun Oct 2:00
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1 10.10.10.99
    ip dhcp excluded-address 10.10.20.1
    ip dhcp excluded-address 10.10.20.11 10.10.20.254
    !
    ip dhcp pool sdm-pool
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    dns-server 4.2.2.2 4.2.2.3
    lease 0 6
    !
    ip dhcp pool vlan2
    import all
    network 10.10.20.0 255.255.255.0
    dns-server 4.2.2.2 4.2.2.3
    default-router 10.10.20.1
    lease 0 6
    !
    !
    ip name-server 4.2.2.2
    ip name-server 4.2.2.3
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 netshow
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    no ip ips deny-action ips-interface
    !
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    bundle-enable
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$
    pvc 0/35
    oam-pvc manage
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
    no ip address
    !
    broadcast-key change 300 membership-termination
    !
    !
    encryption mode ciphers tkip
    !
    ssid 2WIRE214
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 xxxxxxxxxxxxxxxxxx
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    no dot11 extension aironet
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1412
    !
    interface Vlan2
    no ip address
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 101 in
    ip mtu 1452
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname username
    ppp chap password 7 xxxxxxxxxxxxxxxxx
    !
    interface BVI1
    ip address 10.10.20.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip dns server
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    !
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 1 permit 10.10.20.0 0.0.0.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by Cisco SDM Express firewall configuration
    access-list 101 remark CCP_ACL Category=1
    access-list 101 permit udp host 4.2.2.3 eq domain any
    access-list 101 permit udp host 4.2.2.2 eq domain any
    access-list 101 permit udp any any eq domain
    access-list 101 permit udp any eq domain any
    access-list 101 permit udp host 129.6.15.28 eq ntp any eq ntp
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny ip 10.10.10.0 0.0.0.255 any
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip any any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    control-plane
    !
    bridge 1 route ip

    end

    Comment

    Working...
    X