+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #1

    Default A couple of problems with my 881W...

    Hello masters of wireless,

    I have a couple of interesting problems. Can anyone help?

    1. I recently setup a Cisco 881W to use dual SSID's. My radio signal broadcasts fine for both, but I am having an issue with the BVI interface not staying up:

    Code:
    881W-AP#show ip interface brief
    Interface                  IP-Address      OK? Method Status                Protocol
    BVI1                       10.10.10.3      YES manual down                  down
    Dot11Radio0                unassigned      YES NVRAM  up                    up
    Dot11Radio0.11             unassigned      YES unset  up                    up
    Dot11Radio0.12             unassigned      YES unset  up                    up
    GigabitEthernet0           unassigned      YES NVRAM  up                    up
    GigabitEthernet0.11        unassigned      YES unset  up                    up
    GigabitEthernet0.12        unassigned      YES unset  up                    up
    2. Output from wireless connection testing. I can't figure out why my first SSID isn't giving out an IP address anymore...

    Code:
    881W-AP#
    Apr 21 02:25:57.182: %DOT11-6-DISASSOC: Interface Dot11Radio0,  Deauthenticating Station 0014.ab15.1abc2 Reason: Sending station has  left the BSS
    881W-AP#
    Apr 21 02:26:14.778: %DOT11-6-ASSOC: Interface Dot11Radio0, Station WIN7 0014.ab15.1abc2 Associated KEY_MGMT[WPAv2 PSK]
    881W-AP#
    Apr 21 02:26:27.246: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   54321.caba.d00d Associated KEY_MGMT[WPAv2 PSK]
    881W-AP#show dot11 associations
    
    802.11 Client Stations on Dot11Radio0:
    
    SSID [CatchVirusHere] :
    
    MAC Address    IP address      Device        Name            Parent         State
    0014.ab15.1abc2 0.0.0.0         ccx-client    WIN7          self           Assoc
    
    SSID [WantVirus] :
    
    MAC Address    IP address      Device        Name            Parent         State
    54321.caba.d00d 192.168.1.201   unknown       -               self           Assoc
    
    881W-AP#show dot11 associations
    
    802.11 Client Stations on Dot11Radio0:
    
    SSID [CatchVirusHere] :
    
    MAC Address    IP address      Device        Name            Parent         State
    0014.ab15.1abc2 169.254.240.3   ccx-client    WIN7          self           Assoc
    
    SSID [WantVirus] :
    
    MAC Address    IP address      Device        Name            Parent         State
    54321.caba.d00d 192.168.1.201   unknown       -               self           Assoc
    
    881W-AP#
    Here are the configurations of both the router, and the internal access points:

    Router:

    Code:
    881W-R1#show running-config
    Building configuration...
    
    Current configuration : 4111 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname 881W-R1
    !
    boot-start-marker
    boot-end-marker
    !
    logging message-counter syslog
    enable secret 5 someencryptedpassword
    !
    no aaa new-model
    service-module wlan-ap 0 bootimage autonomous
    !
    
    ip source-route
    !
    !
    ip dhcp excluded-address 10.10.10.1 10.10.10.99
    ip dhcp excluded-address 10.10.10.200 10.10.10.254
    ip dhcp excluded-address 192.168.1.1 192.168.1.200
    !
    ip dhcp pool myDHCPpool
       import all
       network 10.10.10.0 255.255.255.0
       default-router 10.10.10.1
       dns-server 10.10.10.1 255.255.255.0
    !
    ip dhcp pool GuestPool
       network 192.168.1.0 255.255.255.0
       default-router 192.168.1.1
       dns-server 192.168.1.1 255.255.255.0
    !
    !
    ip cef
    ip domain name somedomain.net
    ip name-server 68.94.156.1
    ip name-server 68.94.157.1
    !
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    username someuser privilege 15 secret 5 someencryptedpassword
    !
    !
    !
    archive
     log config
      hidekeys
    !
    !
    ip ssh version 2
    !
    !
    !
    interface FastEthernet0
     switchport access vlan 11
    !
    interface FastEthernet1
     switchport access vlan 11
    !
    interface FastEthernet2
     switchport access vlan 12
    !
    interface FastEthernet3
     switchport access vlan 12
    !
    interface FastEthernet4
     description ISP Connection
     ip address dhcp
     no ip redirects
     no ip proxy-arp
     ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
     no cdp enable
    !
    interface wlan-ap0
     description Service module to manage the enbedded AP
     ip unnumbered Vlan11
     arp timeout 0
    !
    interface Wlan-GigabitEthernet0
     description Internal switch interface connecting to the embedded AP
     switchport mode trunk
    !
    interface Vlan1
     no ip address
    !
    interface Vlan11
     ip address 10.10.10.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     ip tcp adjust-mss 1452
    !
    interface Vlan12
     description Guest Vlan
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 75.30.252.1
    no ip http server
    no ip http secure-server
    !
    !
    ip nat inside source list 11 interface FastEthernet4 overload
    !
    access-list 11 permit 10.10.10.0 0.0.0.255
    !
    !
    !
    !
    !
    control-plane
    !
    !
    line con 0
     password 7 someencryptedpassword
     logging synchronous
     login
     no modem enable
    line aux 0
    line 2
     no activation-character
     no exec
     transport preferred none
     transport input all
    line vty 0 4
     password 7 someencryptedpassword
     login
     transport input ssh
    !
    scheduler max-task-time 5000
    end
    The Internal Wireless AP:
    Code:
    881W-AP#show run
    Building configuration...
    
    Current configuration : 4176 bytes
    !
    ! Last configuration change at 20:23:44 UTC Thu Apr 20 1905 by someuser
    ! NVRAM config last updated at 20:27:33 UTC Thu Apr 20 1905 by someuser
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname 881W-AP
    !
    enable secret 5 someencryptedpassword
    !
    no aaa new-model
    !
    !
    dot11 vlan-name vlan11 vlan 11
    dot11 vlan-name vlan12 vlan 12
    !
    dot11 ssid CatchVirusHere
       vlan 11
       authentication open
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 someencryptedpassword
    !
    dot11 ssid WantVirus
       vlan 12
       authentication open
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 someencryptedpassword
    !
    !
    !
    username someuser privilege 15 secret 5 someencryptedpassword
    !
    bridge irb
    !
    !
    interface Dot11Radio0
     no ip address
     no ip route-cache
     !
     encryption vlan 11 mode ciphers aes-ccm
     !
     encryption vlan 12 mode ciphers aes-ccm
     !
     ssid CatchVirusHere
     !
     ssid WantVirus
     !
     mbssid
     speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m1. m2. m3. m4. m8. m9. m10. m11. m12. m13. m14. m15.
     channel 2462
     station-role root
    !
    interface Dot11Radio0.11
     encapsulation dot1Q 11 native
     no ip route-cache
     bridge-group 11
     bridge-group 11 subscriber-loop-control
     bridge-group 11 block-unknown-source
     no bridge-group 11 source-learning
     no bridge-group 11 unicast-flooding
     bridge-group 11 spanning-disabled
    !
    interface Dot11Radio0.12
     encapsulation dot1Q 12
     no ip route-cache
     bridge-group 12
     bridge-group 12 block-unknown-source
     no bridge-group 12 source-learning
     no bridge-group 12 unicast-flooding
     bridge-group 12 spanning-disabled
    !
    interface GigabitEthernet0
     description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
     no ip address
     no ip route-cache
    !
    interface GigabitEthernet0.11
     encapsulation dot1Q 11 native
     no ip route-cache
     bridge-group 11
     no bridge-group 11 source-learning
     bridge-group 11 spanning-disabled
    !
    interface GigabitEthernet0.12
     encapsulation dot1Q 12
     no ip route-cache
     bridge-group 12
     no bridge-group 12 source-learning
     bridge-group 12 spanning-disabled
    !
    interface BVI1
     ip address 10.10.10.3 255.255.255.0
     no ip route-cache
    !
    ip default-gateway 10.10.10.1
    no ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    !
    !
    line con 0
     privilege level 15
     password 7 someencryptedpassword
     logging synchronous
     login local
     no activation-character
    line vty 0 4
     password 7 someencryptedpassword
     logging synchronous
     login local
    !
    end
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #2
    Ok, so I'm trying to figure out why I can't get the BVI interface to stay up. does it have anything to do with native vlans?



    VLAN and interface stats from the host router side of the 881W

    Code:
    R1-881W#show vlan-switch
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa3
    11   MAIN_VLAN                        active    Fa0, Fa1
    12   VLAN0012                         active    Fa2
    101  wifi_and_faste_dot1x             active
    102  WebAuth_Guest_data_vlan          active
    701  voice_vlan                       active
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        1002   1003
    11   enet  100011     1500  -      -      -        -    -        0      0
    12   enet  100012     1500  -      -      -        -    -        0      0
    101  enet  100101     1500  -      -      -        -    -        0      0
    102  enet  100102     1500  -      -      -        -    -        0      0
    701  enet  100701     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        1      1003
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1003 tr    101003     1500  1005   0      -        -    srb      1      1002
    1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
    1005 trnet 101005     1500  -      -      1        ibm  -        0      0
    
    
    R1-881W#show interface trunk
    
    Port      Mode         Encapsulation  Status        Native vlan
    Wl0       on           802.1q         trunking      1
    
    Port      Vlans allowed on trunk
    Wl0       1-4094
    
    Port      Vlans allowed and active in management domain
    Wl0       1-2,11-12,101-102,701
    
    Port      Vlans in spanning tree forwarding state and not pruned
    Wl0       1-2,11-12,101-102,701
    
    R1-881W#show interface status
    
    Port    Name               Status       Vlan       Duplex Speed Type
    Fa0                        connected    11         a-full   a-100 10/100BaseTX
    Fa1                        notconnect   11           auto    auto 10/100BaseTX
    Fa2                        notconnect   12           auto    auto 10/100BaseTX
    Fa3                        notconnect   1            auto    auto 10/100BaseTX
    Wl0     Internal switch in connected    trunk      a-full  a-1000 10/100BaseTX
    
    
    
    R1-881W#show ip interface brief
    
    Interface                  IP-Address      OK? Method Status                Protocol
    FastEthernet0              unassigned      YES unset  up                    up
    FastEthernet1              unassigned      YES unset  up                    down
    FastEthernet2              unassigned      YES unset  up                    down
    FastEthernet3              unassigned      YES unset  up                    down
    FastEthernet4              unassigned      YES DHCP   up                    down
    NVI0                       unassigned      YES unset  administratively down down
    SSLVPN-VIF0                unassigned      NO  unset  up                    up
    Vlan1                      unassigned      YES NVRAM  up                    up
    Vlan11                     10.10.10.1      YES NVRAM  up                    up
    Vlan12                     192.168.1.1     YES NVRAM  up                    up
    Wlan-GigabitEthernet0      unassigned      YES unset  up                    up
    wlan-ap0                   10.10.10.1      YES TFTP   up                    up

    VLAN and interface stats from the AP side of the 881W


    Code:
    AP-881W#show ip interface brief
    Interface                  IP-Address      OK? Method Status                Protocol
    BVI1                       10.10.10.3      YES NVRAM  down                  down
    Dot11Radio0                unassigned      YES NVRAM  up                    up
    Dot11Radio0.11             unassigned      YES unset  up                    up
    Dot11Radio0.12             unassigned      YES unset  up                    up
    GigabitEthernet0           unassigned      YES NVRAM  up                    up
    GigabitEthernet0.11        unassigned      YES unset  up                    up
    GigabitEthernet0.12        unassigned      YES unset  up                    up
    
    AP-881W#show interface stats
    BVI1
              Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                   Processor          0          0         11        660
                 Route cache          0          0          0          0
                       Total          0          0         11        660
    Dot11Radio0
              Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                   Processor     108294    5988445       1572     316905
                 Route cache       1504     263440       1277      69368
                       Total     109798    6251885       2849     386273
    GigabitEthernet0
              Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                   Processor      25555    1533300      20937    2308024
                 Route cache       1655     242071          0          0
                       Total      27210    1775371      20937    2308024
    
    AP-881W#show vlans
    
    Virtual LAN ID:  1 (IEEE 802.1Q Encapsulation)
    
       vLAN Trunk Interfaces:  Dot11Radio0
    GigabitEthernet0
    
       Protocols Configured:   Address:              Received:        Transmitted:
            Other                                           0               20632
    
       0 packets, 0 bytes input
       2581 packets, 916255 bytes output
            Other                                           0               20632
    
       0 packets, 0 bytes input
       18051 packets, 1282405 bytes output
    
    Virtual LAN ID:  11 (IEEE 802.1Q Encapsulation)
    
       vLAN Trunk Interfaces:  Dot11Radio0.11
    GigabitEthernet0.11
    
     This is configured as native Vlan for the following interface(s) :
    Dot11Radio0
    GigabitEthernet0
    
       Protocols Configured:   Address:              Received:        Transmitted:
            Bridging        Bridge Group 11             26879                1570
            Other                                           0                   5
    
       139 packets, 20794 bytes input
       1513 packets, 233131 bytes output
            Bridging        Bridge Group 11             26879                1570
            Other                                           0                   5
    
       27089 packets, 1867921 bytes input
       68 packets, 16278 bytes output
    
    Virtual LAN ID:  12 (IEEE 802.1Q Encapsulation)
    
       vLAN Trunk Interfaces:  Dot11Radio0.12
    GigabitEthernet0.12
    
       Protocols Configured:   Address:              Received:        Transmitted:
            Bridging        Bridge Group 12              2205                2814
            Other                                           0                  75
    
       2258 packets, 307258 bytes input
       1566 packets, 268093 bytes output
            Bridging        Bridge Group 12              2205                2814
            Other                                           0                  75
    
       646 packets, 54516 bytes input
       1434 packets, 252634 bytes output
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  4. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #3
    Well, I did some troubleshooting tonight, and I was able to get the BVI1 interface up. I was able to get a DHCP IP address from one of my SSID's, but not the other. The strange thing is that I cannot ping between the BVI interface (10.10.10.3) on the AP side, and the Host router/VLAN11 address (10.10.10.1).... My DHCP config resides on the host router side, but addresses are being allocated for one of my SSID's, even though I can't ping between the AP and Host Router.... I tested this out by changing the range of the excluded dhcp pool on that SSID, and it allocated a new address...
    Last edited by LinuxRacr; 05-01-2012 at 08:40 PM.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  5. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #4
    Ok, so I did some DHCP debugging, and found that the DHCP pool associated with VLAN 12 (192.168.1.0 network) works perfectly. When I connected to the SSID linked to vlan 12, I got the output below on the router side:

    Code:
    R1-881W#debug ip dhcp server events
    
    *May  1 19:34:03.892: DHCPD: Sending notification of ASSIGNMENT:
    *May  1 19:34:03.892:  DHCPD: address 192.168.1.3 mask 255.255.255.0
    *May  1 19:34:03.892:   DHCPD: htype 1 chaddr 54321.caba.d00d
    *May  1 19:34:03.892:   DHCPD: lease time remaining (secs) = 86400
    
    Verifying:
    
    R1-881W#show ip dhcp binding
    Bindings from all pools not associated with VRF:
    IP address          Client-ID/              Lease expiration        Type
                        Hardware address/
                        User name
    192.168.1.3         0154.321c.abad.00d       May 02 2012 07:34 PM    Automatic
    
    I then cleared the binding so the address would go back to the pool:
    
    R1-881W#clear ip dhcp binding 192.168.1.3
    R1-881W#show ip dhcp binding
    *May  1 19:37:50.952: DHCPD: Sending notification of TERMINATION:
    *May  1 19:37:50.952:  DHCPD: address 192.168.1.3 mask 255.255.255.0
    *May  1 19:37:50.952:  DHCPD: reason flags:
    *May  1 19:37:50.952:   DHCPD: htype 1 chaddr 54321.caba.d00d
    *May  1 19:37:50.952:   DHCPD: lease time remaining (secs) = 86173
    *May  1 19:37:50.952: DHCPD: returned 192.168.1.3 to address pool Guest.
    
    Verifying:
    
    R1-881W#show ip dhcp binding
    *May  1 19:38:02.288: DHCPD: checking for expired leases.
    R1-881W#show ip dhcp binding
    Bindings from all pools not associated with VRF:
    IP address          Client-ID/              Lease expiration        Type
                        Hardware address/
                        User name
    
    DHCP Pool Info:
    
    R1-881W#show ip dhcp pool
    
    Pool myDHCPpool :
     Utilization mark (high/low)    : 100 / 0
     Subnet size (first/next)       : 0 / 0
     Total addresses                : 254
     Leased addresses               : 0
     Pending event                  : none
     1 subnet is currently in the pool :
     Current index        IP address range                    Leased addresses
     10.10.10.1           10.10.10.1       - 10.10.10.254      0
    
    Pool Guest :
     Utilization mark (high/low)    : 100 / 0
     Subnet size (first/next)       : 0 / 0
     Total addresses                : 254
     Leased addresses               : 0
     Pending event                  : none
     1 subnet is currently in the pool :
     Current index        IP address range                    Leased addresses
     192.168.1.4          192.168.1.1      - 192.168.1.254     0
    R1-881W#
    When I tried to associate to the SSID linked to VLAN 11 (10.10.10.0 network), nothing happened, and it just sat and spun. On the AP side, it shows that the association was made, but no IP address was assigned. Does anyone have any ideas why this may be?

    Just for grins, here is my "show ip route" from the host router side of the 881W:

    Code:
    R1-881W#show ip route
    
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route
    
    Gateway of last resort is not set
    
         10.0.0.0/24 is subnetted, 1 subnets
    C       10.10.10.0 is directly connected, Vlan11
    C    192.168.1.0/24 is directly connected, Vlan12
    
    
    R1-881W#show ip interface brief
    Interface                  IP-Address      OK? Method Status                Protocol
    FastEthernet0              unassigned      YES unset  down                  down
    FastEthernet1              unassigned      YES unset  up                    down
    FastEthernet2              unassigned      YES unset  up                    down
    FastEthernet3              unassigned      YES unset  up                    down
    FastEthernet4              unassigned      YES NVRAM  up                    down
    NVI0                       unassigned      YES unset  administratively down down
    SSLVPN-VIF0                unassigned      NO  unset  up                    up
    Vlan1                      unassigned      YES NVRAM  up                    up
    Vlan11                     10.10.10.1      YES NVRAM  up                    up
    Vlan12                     192.168.1.1     YES NVRAM  up                    up
    Wlan-GigabitEthernet0      unassigned      YES unset  up                    up
    Last edited by LinuxRacr; 05-02-2012 at 06:34 AM.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #5
    So you have bridge-group 11 and 12 under your interfaces yet bridge-group 1 configured
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #6
    also why don't you terminate your clients on AP direct i.e have an IP address under each dot11 interface? let us know what you are trying to achieve?
    Reply With Quote Quote  

  8. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #7
    Yes, because supposedly the 881W has two separate IOS instances inside; The router, and the AP. With the 881W, only one BVI interface can route traffic (in this case BVI1). Any other bridge-groups should route through BVI1. Last night I updated my configuration so that the bridge-group 11 is now defined as bridge-group 1, while the encapsulation is now "encapsulation Dot1Q 11 native". This was applied on interfaces Dot11Radio0.11 and GigabitEthernet0.11. I am working not to have to use VLAN 1. is this a futile attempt?

    The link below is where I went to make sense of the inner workings of the 881W:

    Dissecting The Cisco 881w ISR – Astorino Networks

    My configuration is based off of the following link:

    Cisco 880W (881W, 886W, 887W, 888W) Multiple - Dual SSID Integrated Access Point Configuration
    Last edited by LinuxRacr; 05-01-2012 at 09:47 PM.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #8
    well your BVI1 is not associated with any interface and wont route traffic, it was originally applied to Gi0 and Wifi interfaces when default config was on the box. Try adding bridge-group 1 to you Gi0 physical interface on the AP.
    Last edited by deth1k; 05-01-2012 at 10:41 PM.
    Reply With Quote Quote  

  10. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #9
    Ok, after putting the "0.11" interfaces back in bridge-group 11, and putting the "0" interfaces in bridge-group 1, here is what I have now: Not able to ping still, but interfaces are all up. Also, only one DHCP pool "Guest" is working...

    Code:
    AP-881W#show ip interface brief
    Interface                  IP-Address      OK? Method Status                Protocol
    BVI1                       10.10.10.3      YES NVRAM  up  up
    Dot11Radio0                unassigned      YES NVRAM  up                    up
    Dot11Radio0.11             unassigned      YES unset  up                    up
    Dot11Radio0.12             unassigned      YES unset  up                    up
    GigabitEthernet0           unassigned      YES NVRAM  up                    up
    GigabitEthernet0.11        unassigned      YES unset  up                    up
    GigabitEthernet0.12        unassigned      YES unset  up                    up
    
    AP-881W#show bridge group
    
    Bridge Group 1 is running the IEEE compatible Spanning Tree protocol
    
       Port 3 (Dot11Radio0) of bridge group 1 is forwarding
       Port 2 (GigabitEthernet0) of bridge group 1 is forwarding
    
    AP-881W#ping 10.10.10.1  <---Address of VLAN11 (router) interface
    
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
    
    Apr 20 18:42:30.547: IP ARP: creating incomplete entry for IP address: 10.10.10.1 interface BVI1
    Apr 20 18:42:30.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:31.547: IP ARP throttled out the ARP Request for 10.10.10.1.
    Apr 20 18:42:32.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:33.547: IP ARP throttled out the ARP Request for 10.10.10.1
    Apr 20 18:42:33.547: IP ARP throttled out the ARP Request for 10.10.10.1
    Apr 20 18:42:34.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:35.547: IP ARP throttled out the ARP Request for 10.10.10.1.
    Apr 20 18:42:36.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:36.547: IP ARP throttled out the ARP Request for 10.10.10.1
    Apr 20 18:42:37.547: IP ARP throttled out the ARP Request for 10.10.10.1.
    Apr 20 18:42:38.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:39.547: IP ARP throttled out the ARP Request for 10.10.10.1
    Apr 20 18:42:39.547: IP ARP throttled out the ARP Request for 10.10.10.1
    Apr 20 18:42:40.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:41.547: IP ARP throttled out the ARP Request for 10.10.10.1.
    Apr 20 18:42:42.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:42.547: IP ARP throttled out the ARP Request for 10.10.10.1
    Apr 20 18:42:43.547: IP ARP throttled out the ARP Request for 10.10.10.1.
    Success rate is 0 percent (0/5)
    AP-881W#
    Apr 20 18:42:44.547: IP ARP: sent req src 10.10.10.3 d0d0.fd46.a08c,
                     dst 10.10.10.1 0000.0000.0000 BVI1
    Apr 20 18:42:45.547: IP ARP throttled out the ARP Request for 10.10.10.1
    
    AP-881W#show arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.10.10.3              -   d0d0.fd46.a08c  ARPA   BVI1
    Last edited by LinuxRacr; 05-02-2012 at 06:49 PM.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  11. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #10
    Wow, I guess this problem is more dubious that I originally thought....
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  12. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #11
    I went back and re-did my configuration putting everything that was in Vlan11 into Vlan1. This seemed to be the only thing that would work. So I have to use Vlan1 then it seems? Interesting.... Please tell me if I am wrong.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  13. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #12
    This past weekend I fire-walled, and put my 881W out in the DMZplus mode via my U-verse RG. When I did show ip nat translations, I was able to see some, but I couldn't get out to the internet, even with my ip nat overload line. DNS wouldn't resolve either. I have a strange feeling some of this may be due to the firewall rules. This damn thing is making me learn a lot in a short time....
    Last edited by LinuxRacr; 05-07-2012 at 03:39 AM.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks