Hello everyone, I was hoping I could get some help with configuring a Cisco 1811W integrated device. I do have CCNA, so this is not completely foreign to me; however, I am having a hard time wrapping my head around the configuration of radio interfaces; unfortunately I have never had to work with them.
I receive Internet service from Comcast via cable line. I already have a Cisco 1812 that is configured on this link with no issues. However, I wanted to expand to wireless and purchased an 1811W as well.
My 1812 configuration is really pretty simple. I have one of the router interfaces (FE1) configured for DHCP from the Comcast equipment, it is also my IP NAT Outside interface. I then overload NAT from my internal switch VLAN (which encompasses all switch ports) with a “permit any any” access list. My internal VLAN has a DHCP pool with some reserved addresses, but all in all, it’s a very simple configuration that has worked for me for years.
Now the 1811W adds the wireless complexity to the equation. I have read a lot about the radio interface configuration but unfortunately find myself with so many questions that seem to get amplified with each answer I find. From what I understand, it is necessary to place the radio interfaces on their own unique VLAN; really I would just rather add them to the internal VLAN I have already defined, but apparently that’s not possible.
So that opens up a whole can of worms since I now have to enable dot1q to route between VLAN’s; at least as I understand the situation. I am also having trouble with the encryption portion of the radio interfaces.
What I have done in my feeble attempts to make this work is to add a second DHCP pool for the wireless interface, assign that pool to a new VLAN, and then assign that VLAN to the radio interfaces. I have also created sub interfaces and enabled dot1q. I then enabled IP routing with eigrp and am routing between the two VLAN subnets.
From what I can understand, that’s all that I really should need to do. I have read about using bridging with layer 2 but would prefer to just route layer 3 because I really don’t understand the bridging concept just yet.
I can connect to my wireless SSID, and authenticate a passphrase, but I can’t seem to get an IP address to any wireless host. I’m sure that’s the least of my problems though. In my troubleshooting, I completely disabled any wireless authentication and just opened it up, in the hopes that maybe the encryption portion was causing my issues; it wasn’t. I feel like an idiot here but any help I could get would be greatly appreciated. I’ll attach my current configuration below:
Current configuration : 5282 bytes
!
! Last configuration change at 20:49:36 UTC Sat Apr 26 2014
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Casino
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$Es5v$EKZlfvYM6H3AEqgJKVL5/.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-735876538
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-735876538
revocation-check none
rsakeypair TP-self-signed-735876538
!
!
crypto pki certificate chain TP-self-signed-735876538
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333538 37363533 38301E17 0D313430 34323632 30333335
335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3733 35383736
35333830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B72F2E74 805A013C 098C3105 F45034A3 A2873174 A2291CBD 01007E69 3830087D
A3D79705 14AC3978 12A247DA 84051AD7 9FEA7F14 B82B32E3 A2E60617 42E87738
CAB248CE 00213E72 9A015202 AFDFDD71 21860332 8843607A 9526D05C F9D23F6C
DC1585F1 33A48DA8 5A346751 26831C37 C1CE3F26 7B01ABC3 56291F33 65979535
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820643 6173696E 6F301F06 03551D23 04183016 80142D82 7D7D6893
722D184E CE292BF1 B74A1ADD 53BF301D 0603551D 0E041604 142D827D 7D689372
2D184ECE 292BF1B7 4A1ADD53 BF300D06 092A8648 86F70D01 01040500 03818100
7F414093 3E2B7BAF 97BCAEE7 C75200E0 B3001457 94E34BDF 434ACC52 6DC5B249
6439A72C EEF16F7B 758179E1 5B42C16C 04C1A591 FA436214 9771AE80 D02EDFCE
1D10953C 005E533B D0CCA4B9 A6984CEE 4B58D06C 30847175 930BE5C6 0D5B32BA
3F684C1E C31B6A59 38857A77 01E5FF3E EF7CAEF8 8A3D8A0F A353CD4E E1A64670
quit
dot11 syslog
!
dot11 ssid casino
vlan 10
authentication open
!
ip source-route
!
!
ip dhcp excluded-address 172.16.0.29
ip dhcp excluded-address 172.16.0.1
ip dhcp excluded-address 172.16.0.2
ip dhcp excluded-address 172.16.0.30
!
ip dhcp pool Comcast
import all
network 172.16.0.0 255.255.255.224
dns-server 172.16.0.30
default-router 172.16.0.30
!
ip dhcp pool Wireless
import all
network 172.16.0.32 255.255.255.224
dns-server 172.16.0.30
default-router 172.16.0.30
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username Josh
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip local-proxy-arp
ip flow ingress
!
ssid casino
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
ip flow ingress
no cdp enable
!
interface Dot11Radio1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip local-proxy-arp
ip flow ingress
!
ssid casino
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 10 native
ip flow ingress
no cdp enable
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet4
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet5
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet6
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet7
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet8
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet9
switchport access vlan 20
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan10
description Wireless VLAN
ip address 172.16.0.60 255.255.255.224
ip virtual-reassembly
!
interface Vlan20
description Local VLAN
ip address 172.16.0.30 255.255.255.224
ip nat inside
ip nat enable
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
router eigrp 1
network 172.16.0.0 0.0.0.31
network 172.16.0.32 0.0.0.31
no auto-summary
!
ip default-network 172.16.0.0
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat source list 1 interface FastEthernet1 overload
ip nat inside source static tcp 172.16.0.1 443 interface FastEthernet1 443
!
access-list 1 permit any
!
!
!
!
!
!
control-plane
!
!
line con 0
password 7 06291A791D1C484C544242
logging synchronous
login
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
password 7 05241357701E0F5C485047
logging synchronous
login
line vty 0 4
password 7 05241357701E0F5C485047
logging synchronous
login
line vty 5 193
password 7 09635B51485756475A5954
logging synchronous
login
!
ntp master 1
ntp update-calendar
ntp server 198.137.202.16
ntp server 132.163.4.103
I receive Internet service from Comcast via cable line. I already have a Cisco 1812 that is configured on this link with no issues. However, I wanted to expand to wireless and purchased an 1811W as well.
My 1812 configuration is really pretty simple. I have one of the router interfaces (FE1) configured for DHCP from the Comcast equipment, it is also my IP NAT Outside interface. I then overload NAT from my internal switch VLAN (which encompasses all switch ports) with a “permit any any” access list. My internal VLAN has a DHCP pool with some reserved addresses, but all in all, it’s a very simple configuration that has worked for me for years.
Now the 1811W adds the wireless complexity to the equation. I have read a lot about the radio interface configuration but unfortunately find myself with so many questions that seem to get amplified with each answer I find. From what I understand, it is necessary to place the radio interfaces on their own unique VLAN; really I would just rather add them to the internal VLAN I have already defined, but apparently that’s not possible.
So that opens up a whole can of worms since I now have to enable dot1q to route between VLAN’s; at least as I understand the situation. I am also having trouble with the encryption portion of the radio interfaces.
What I have done in my feeble attempts to make this work is to add a second DHCP pool for the wireless interface, assign that pool to a new VLAN, and then assign that VLAN to the radio interfaces. I have also created sub interfaces and enabled dot1q. I then enabled IP routing with eigrp and am routing between the two VLAN subnets.
From what I can understand, that’s all that I really should need to do. I have read about using bridging with layer 2 but would prefer to just route layer 3 because I really don’t understand the bridging concept just yet.
I can connect to my wireless SSID, and authenticate a passphrase, but I can’t seem to get an IP address to any wireless host. I’m sure that’s the least of my problems though. In my troubleshooting, I completely disabled any wireless authentication and just opened it up, in the hopes that maybe the encryption portion was causing my issues; it wasn’t. I feel like an idiot here but any help I could get would be greatly appreciated. I’ll attach my current configuration below:
Current configuration : 5282 bytes
!
! Last configuration change at 20:49:36 UTC Sat Apr 26 2014
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Casino
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$Es5v$EKZlfvYM6H3AEqgJKVL5/.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-735876538
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-735876538
revocation-check none
rsakeypair TP-self-signed-735876538
!
!
crypto pki certificate chain TP-self-signed-735876538
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333538 37363533 38301E17 0D313430 34323632 30333335
335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3733 35383736
35333830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B72F2E74 805A013C 098C3105 F45034A3 A2873174 A2291CBD 01007E69 3830087D
A3D79705 14AC3978 12A247DA 84051AD7 9FEA7F14 B82B32E3 A2E60617 42E87738
CAB248CE 00213E72 9A015202 AFDFDD71 21860332 8843607A 9526D05C F9D23F6C
DC1585F1 33A48DA8 5A346751 26831C37 C1CE3F26 7B01ABC3 56291F33 65979535
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820643 6173696E 6F301F06 03551D23 04183016 80142D82 7D7D6893
722D184E CE292BF1 B74A1ADD 53BF301D 0603551D 0E041604 142D827D 7D689372
2D184ECE 292BF1B7 4A1ADD53 BF300D06 092A8648 86F70D01 01040500 03818100
7F414093 3E2B7BAF 97BCAEE7 C75200E0 B3001457 94E34BDF 434ACC52 6DC5B249
6439A72C EEF16F7B 758179E1 5B42C16C 04C1A591 FA436214 9771AE80 D02EDFCE
1D10953C 005E533B D0CCA4B9 A6984CEE 4B58D06C 30847175 930BE5C6 0D5B32BA
3F684C1E C31B6A59 38857A77 01E5FF3E EF7CAEF8 8A3D8A0F A353CD4E E1A64670
quit
dot11 syslog
!
dot11 ssid casino
vlan 10
authentication open
!
ip source-route
!
!
ip dhcp excluded-address 172.16.0.29
ip dhcp excluded-address 172.16.0.1
ip dhcp excluded-address 172.16.0.2
ip dhcp excluded-address 172.16.0.30
!
ip dhcp pool Comcast
import all
network 172.16.0.0 255.255.255.224
dns-server 172.16.0.30
default-router 172.16.0.30
!
ip dhcp pool Wireless
import all
network 172.16.0.32 255.255.255.224
dns-server 172.16.0.30
default-router 172.16.0.30
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username Josh
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip local-proxy-arp
ip flow ingress
!
ssid casino
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
ip flow ingress
no cdp enable
!
interface Dot11Radio1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip local-proxy-arp
ip flow ingress
!
ssid casino
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 10 native
ip flow ingress
no cdp enable
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet4
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet5
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet6
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet7
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet8
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet9
switchport access vlan 20
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan10
description Wireless VLAN
ip address 172.16.0.60 255.255.255.224
ip virtual-reassembly
!
interface Vlan20
description Local VLAN
ip address 172.16.0.30 255.255.255.224
ip nat inside
ip nat enable
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
router eigrp 1
network 172.16.0.0 0.0.0.31
network 172.16.0.32 0.0.0.31
no auto-summary
!
ip default-network 172.16.0.0
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat source list 1 interface FastEthernet1 overload
ip nat inside source static tcp 172.16.0.1 443 interface FastEthernet1 443
!
access-list 1 permit any
!
!
!
!
!
!
control-plane
!
!
line con 0
password 7 06291A791D1C484C544242
logging synchronous
login
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
password 7 05241357701E0F5C485047
logging synchronous
login
line vty 0 4
password 7 05241357701E0F5C485047
logging synchronous
login
line vty 5 193
password 7 09635B51485756475A5954
logging synchronous
login
!
ntp master 1
ntp update-calendar
ntp server 198.137.202.16
ntp server 132.163.4.103
Facebook
Twitter
Instagram