Cisco 876w: wlan client - routing problem

Similar Messages

• WLAN client dropping problem

  My customer is using WLC4400(4.0.179.11) and LAP1130(12.3jx1). Before converting IOS to LWAPP, the WLAN service is not problem.
  But after changing to LWAPP based,the customer is complain about disconnecting problem.
  Intel centrino and other vendor's wlan cards are dropping, cisco wlan cards are no problem.
  After all we have to fall back to IOS version. Is there any Bug report about WLC4400?

  There are some issues with the Intel adapters. I would try downloading the latest driver version to see if that helps. You can navigate to the Intel support page and view the documented disconnect issues.
  -Mark

• 876W router problems

  Hi I am trying to configure a Cisco 876W router as the following.
  Vlan1 ip address 10.17.64.1
  I have set up a dhcp pool for this which works fine. The problem is I want the wireless network to be an extension of this VLAN and to assign addresses from this DHCP pool but I cant seem to get them to talk to each other.
  interface Tunnel1
  description GRE tunnel to *****
  ip address 172.100.2.2 255.255.255.252
  keepalive 10 3
  tunnel source Loopback0
  tunnel destination 172.100.1.1
  crypto map cryptmap
  interface Loopback1
  description "Management Loopback Interface"
  ip address 10.17.71.254 255.255.255.255
  interface Loopback0
  description Tunnel end-point
  ip address 172.100.1.2 255.255.255.255
  interface BRI0
  no ip address
  encapsulation hdlc
  shutdown
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  dsl operating-mode auto
  interface ATM0.1 point-to-point
  pvc 8/35
  pppoe-client dial-pool-number 1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Dot11Radio0
  ip address 10.17.66.1 255.255.255.0
  broadcast-key change 900
  ssid ********
  authentication open eap eap_methods
  authentication network-eap eap_methods
  accounting acct_methods
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
  54.0
  station-role root
  interface Vlan1
  description $FW_INSIDE$
  ip address 192.168.0.1 255.255.255.0 secondary
  ip address 10.17.64.1 255.255.255.0
  ip tcp adjust-mss 1452
  ip policy route-map clear-df

  After having gone through the same problem, I belive the solution is this:
  bridge irb
  interface Dot11Radio0
  no ip address
  no snmp trap link-status
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Vlan1
  no ip address
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.17.64.1 255.255.255.0
  bridge 1 protocol ieee
  bridge 1 route ip

• Problem using SunRay with Cisco AnyConnect VPN Client

  I am using Cisco AnyConnect VPN Client Version 2.5.3046
  I  have a PC and a SunRay connected to my router. I use VPN to connect my  SunRay and my PC to my work computer. My PC works fine, I am able to  connect to the internet and also run cisco VPN to connect to my work  computer. But when I try to use my SunRay, I get a window on the screen  with the message:
      VPN IKE Phase 1 agg I msg1This window  keeps moving around on the screen. I am not able to connect my SunRay  through VPN to my work computer. Any idea what could be wrong and how I  can fix this?

  2.2 is definitely better.
  On one PC, I'm fine. On another -- very similar -- it tells me it can't start the VPN even after uninstalling and re-installing and everything else I can think of, with plenty of re-boots inbetween.
  Aaaaarrrrrrggggggghhhh.

• Cisco WVC210 WLAN Camera - multicasting question

  Hello,
  it act's about the CISCO WC210 WLAN Camera, I would be really happy, if somebody could help us to eliminate our problem 
  Informatiom
  We are using the WVC210 WLAN-Cameras (http://ww:w.cisco.com/en/US/products/ps9948/), this camera has a web server, so is accessible over a normal web-browser, to see the video transmission.
  We just set it up with a normal WLAN-Router, so the camera is connected wireless to the router, and this router is connected to the internet (WAN).
  With the cisco video-software or the web-interface, it's now possible to stream the video.
  Our questions:
  Now we like to stream the Video on our Website, so people what visit our site can take a look at our company and so on.
  We are able to stream the Video with the MJEPG-Format, like the camera web-interfaces offers...
  The problem is, with normal ip-transfer method, each user would connect directly to the camera and increases the data-transfer, the internet-connection will than overload easily.
  But the camera supports multi-casting,  so the camera only transmit one data stream and all clients connected to this stream will receive the packages.
  Our problem is, we do not have any knowledge about multi-casting and how it works, the camera has a normal ip-address and a pre-configured multicast address with group name, so how can we connect a client to this multicast group, without increasing the data-transfer with each new user?
  Would you recommend us to use the multicast function of this camera or put a server between the camera and the website?
  Could you give as advice or some kind of tutorial, how we can set up this multicast service and easily get a player for the stream on our website, without using many plug ins or special apps ?
  Looking forward for your help, thank you all
  Regards
  Markus
  P.s.: You can also reply in german

  Hi, your general understanding of multicast is correct, but I don't think there is any multicast in general use on the Internet today.  In the mid 1990's there was a thing called MBONE that experimented with this idea for basically the same application as you describe- to multicast video.  Check Google or wikipedia for some history of MBONE in case you are interested. That said, you should be able to use the multicast ability on your own LAN/WAN environment if that helps you at all.
  I think the way people stream video to many users via the Internet today is essentially by having a lot of bandwidth and CPU.  You could probably find places to host your video and 'rebroadcast' it via their servers and Internet bandwidth.   Take a look a qik.com for an example of something that might help you.  There must be other services similar to qik that can 'rebroadcast' video streams that you only send one stream to them and they let multiple users see it.  I would expect to pay something for this service, but you might find free, ad supported services.
  Good luck and let us know what you end up doing.
  brandon

• WRVS4400N v2 WLAN clients dropping

  I purchased a WRVS4400N for my home to replace an older router. Since I started using the Cisco router, WLAN clients drop. I can sometimes get them back after initiating a ping to a static LAN IP, but it takes a few seconds.
  This issue impacts Win Vista, Win7, Mac, Android, and Linux machines...so basically anything that does WiFi. There seem to be many complaints here with no resolution. Has anyone fixed this problem in their network? I'd really hate to return this thing, but it's becoming unusable.

  Mr. Cameron,
  Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. I am truly sorry to hear about your issue you are having with your router.
  Have you called into the Small Business Support Center for help on this? If you have may I have your case number so that I can pull your case and review it to see if there is anything I can do for you.
  If you have not called in, I would like to strongly encourage you to call in and get a case created and let one of our agents help you with this issue. THe WRVS4400N is a very good router and I want to make sure that we do everything we can to keep your business.
  Thanks
  Eric Moyers
  Cisco Network Support Engineer
  1-866-606-1866

• DMVPN Configuration with ASA 5510 In Front of Cisco 877-K9 HUB Router

  Hi Guys,
  I'm in a mess, I have  Cisco 877-K9 router which sits behind an ASA 5510 FW.
  The Design :
  Cisco 877-K9 DSL router (DSL with Static IP) ( DMVPN HUB )
  ||
  ASA 5510 Firewall (Outside INT with Static IP / Inside INT LAN) (PAT & ACL)
  ||
  Switch
  ||
  LAN
  Now my problem is, My Dmvpn configuration works just fine, I'm able to ping from my Cisco 877 to any Spoke & vise versa.
  I'm also able to Ping from my LAN to any Spoke Tunnel IP, but Im not  able to ping any LAN IP at Spoke site nor am I able to ping my LAN from  any Spoke site.
  I've googled alot but have come at designs where the ASA's are behind the Cisco Routers and not infront.
  Any help in this regards is highly appreciated. I really need this to work. Attached are the config files....
  Thanks,
  Aj.

  Thanks to both of you guys for replying. I should've been more descriptive in my initial post, but just thought of getting more ideas.
  All the troubleshooting was done before posting the problem, and to clearify the things, Please find below the results.
  1) what RProtocol r u using?
  a) It's OSPF
  2) if ur using OSPF, try show ip route on the hub and spoke to verify the hub/spoke routes are learned via OSPF
  a) I did the "show ip route" and bothe the HUB and Spokes get their routes defined
      (on the HUB if I used "network 192.9.201.0 255.255.255.0 area 0" I coudln't get routes advertised on spokes)
      (I changed to "redistribute static subnests" and I was able to get Hub routes advertised")
  3) are your tunnels config correctly? try show crypto ipsec sa
  a) They are as they should be and "show crypto ipsec sa" comes up with proper in/out encrypted data
  4) on your hub'spoke do a debug ip icmp
  a) Did that as well, and If I do a debug on a Spoke and ping from my HUB to that spoke on the tunnel IP, I get proper src/dest results, but If I ping from HUB to Spoke on a client IP behind the Spoke, It pings but does not show any result on the Spoke debug.
  I'm able to ping all the Spoke's Tunnel IPs and clients behind the Spokes from the HUB router, but not from either the ASA nor the clients on my LAN.
  Additional to the info above, Please also note :
  I did notice something that, from my HUB router, which is also my DSL Modem, I'm unable to ping any clients behind the ASA.
  So I guess I'm stuck on the point that My Cisco HUB is unable to talk to  my LAN, If I can get the HUB to talk to the internal LAN, I would be  able to ping clients on LAN from any Spoke or clients behind Spokes.
  From HUB router I'm able to ping clients behind Spokes.
  Does that give any Ideas ?
  Thanks in Advance.
  Aj.

• Force WLAN client to renew ip on WLC with dynamic interfaces

  Hi there
  we would like to have a "two tier" authentication for the corporate WLAN clients:
  Requirements
  1. Machine Authentication
  The client gets machine authenticated based on the machine account in the Active Directory with PEAP. At this stage, the client will get a IP from VLAN A. VLAN A has limited access to the corporate infrastructure (DNS, AD, some volumes / shares, and so on). The filtering is done with an IP access list on the layer 3 VLAN interface on the core switches.
  2. User Authentication
  The users logs in on the client and gets user authenticated based on his user account in the Active Directory with PEAP - only users with a valid Machine Access Restriction (MAR) are allowed to login. Now the client is moved to another VLAN B. VLAN B has full access to the corporate infrastructure, here is no IP access list.
  Infrastructure
  We have the following:
  2 x WLC 5508 with 7.3.101.0
  2 x ACS 5.3.0.40.6
  Problem
  Now we have the problem, that the Windows client sometimes takes up to 3 minutes to connect to the WLAN after the users loggs in. In the debug, I can see that this happens because the client is stuck in DHCP renewal:
  1. After the machine has been authenticated it has an IP assigned from VLAN A. This works pretty well if the client gets rebooted.
  2. If the user loggs in the first time after the reboot, the users gets connected within 10 seconds, what is pretty good. The client has now an IP in VLAN B.
  3. Now the user logs out of Windows and I can see in the debug, that the client is putted into VLAN A (machine authentication) again, but the client still tries to DHCPREQUEST the IP address from VLAN B (user authentication). Because this request is sent out on the wrong dynamic interface on WLC, the DHCPREQUEST is not acknowleged an the client get stuck in this situation.
  4. If the user or another users logs in again shortly after the logout, the client still tries to DHCPREQUEST the IP of VLAN B and now the "3 times DHCP failure on WLC" comes into play, because WLC thinks that the DHCP server is not reachable -> but it only does not answer a wrong DHCPREQUEST.
  Question
  On ISE there is a way to force the client to renew the DHCP address (via CoA, but this has its limitations too --> need to install Active X or Java applet). I think there is now way to force the client to renew its IP with ACS, but my question is, is there a workaround and are there any others, that maybe already solved this problem?
  Alternative
  If there is now way to bring this to work with two different VLAN's, I could try to realize this with only one VLAN. After the machine authentication I could apply a WLC ACL to restrict access to the corporate infrastructure. If the user authentication happens, I could "remove" this ACL to grant full access for this user / client. But I am still interested in the other solution ;-)
  Thanks in advance for any advise and best regards
  Dominic

  Your second option is what you should do. Changing the vlan on a client that already has an IP address especially on wireless will not know it has been put in a different vlan and that's why it breaks. If There was a way to change the vlan and send something to the WLC to disassociate the client, that might work.
  Sent from Cisco Technical Support iPhone App

• Cisco IPSec VPN Client and sending a specific Radius A-V value to ACS 5.2

  This setup is to try routing Cisco VPN to either RSA or Entrust from Cisco ACS 5.2, depending on some parameter in incoming AUTH request from Cisco IPSec VPN Client 5.x. Tried playing with pcf files and user names/identity stores, none seems working

  Hi Tony,
  to the best of my knowledge this is currently not possible, but will be once this enhancement is implemented:
  CSCsw31922    Radius upstream VSAs (Tunnel Group,Client type) for VPN policy decisions
  You may want to try and ask in the AAA forum if there is anything you can do on ACS...
  hth
  Herbert

• Welcome to the Cisco CSR (Cloud Service Router) Discussion Forum

  Welcome to the Cisco CSR (Cloud Service Router) Discussion Forum!
  This forum helps CSR users interact, share knowledge and build communities with one another.
  We hope you enjoy participating in the CSR discussion forum!
  Best Regards,
  Cisco CSR Product Team

  hi,I have a question on sql database high availability. I have tried using database mirroring, where I am using sql standard edition, in this database mirroring of synchronous mode is the only option available, and it is giving problem, like sql time out errors on my applicatons since i had put in the database mirroring, as asynchronous is only available on enterprise version, is there any suggestions on this. thanks ---vijay

• WLAN Clients unable to access the Gateway when more than 2 clients connect

  Hi,
  I have a problem with a 2106 WLAN Contoller.
  The clients can connect and associate to the WLAN and get their IP details via DHCP from the internal DHCP server. However, only 2 clients can get out through the gateway at any one time. All other clients that connect will get their DHCP addresses(that match the config of the 1st 2 clients), but they cannot get to the gateway. They can ping any client on the WLAN and the controller.

  Hi,
  Please post the IP configuration for your gateway, the working clients and the clients having problems.
  Regards,
  Kristofer

• Urgent!!! Cisco ACE and asymetric routing assistance needed

  I am wondering if someone can give me pointers on the cisco ACE
  and asymetric routes. I've attached the diagram:
  -Cisco IOS IP address is 192.168.15.4/24 and 4.1.1.4/24
  -Firewall External interface is 192.168.15.1/24,
  -Firewall Internal interface is 192.168.192.1/24,
  -F5_BigIP External interface is 192.168.192.4/24,
  -F5_BigIP Internal interface is 192.168.196.1/24 and 192.168.197.1/24,
  -host_y has IP addresses of 192.168.196.10/24 and 192.168.197.10/24,
  -Checkpoint has static route for 192.168.196.0/24 and 192.168.197.0/24
  pointing to the F5_BigIP,
  -host_y is dual-home to both VLAN_A and VLAN_B with the default
  gateway on host_y pointing to VLAN_A which is 192.168.196.1,
  -host_x CAN ssh/telnet/http/https to both of host_y IP addresses
  of 192.168.196.10 and 192.168.197.10.
  In other words, from host_x, when I try to connect to host_y
  via IP address of 192.168.197.10, the traffics will go through VLAN_B
  but the return traffics will go through VLAN_A. Everything
  is working perfectly for me so far.
  Now customer just replaces the F5_BigIP with Cisco ACE. Now,
  I could not get it to work with Asymetric route with Cisco ACE. In
  other words, from host_x, I can no longer ssh or telnet to host_y
  via IP address of 192.168.197.10.
  Anyone knows how to get asymetric route to work on Cisco ACE?
  Thanks in advance.

  That won't work because ACE uses the vlan id to distinguish between flows.
  So when the response comes back on a different vlan, ACE can't find the flow it belongs to and it drops it.
  Even if we could force it to accept the packet, ACE would then try to create a new flow for this packet and it will collide with the flow already existing on the frontend.
  You would need to force your host to respond on the same vlan the traffic came in.
  This could be done with client nat on ACE using different nat pool.
  Gilles.

• Install Error when installing CISCO AnyConnect Mobility Client

  When installing Cisco AnyConnect Mobility Client 3.1.02040, I get the following install error:
  There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.

  When installing Cisco AnyConnect Mobility Client 3.1.02040, I get the following install error:
  There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.

• Cisco Security Manager (CSM) License Problem

  Hi All,
  We have CSM V3.2 with Professional license edition and support 50 devices. It's installed properly in the Cisco Security Manager client as appeared in the attachement but the problem is in the server administration- license management which doesn't include any records for license (see attachment).
  I tried to upload the .lic file by clicking the Update button in server administration but an error message appeared stated that the license file is corrupted although it's installed properly in CSM client!!!
  Could you please advise what's the problem and what should I do?
  Thanks in Advance!

  Sorry but Cisco seems to have removed that product bulletin from cisco.com.
  Your reseller can use Cisco Commerce Workspace (CCW) to order the correct part number for your CSM installation. There is a unique number for each licensing level and/or upgrade.
  For instance, for a 10-device standard license, the support would be part number CON-SAS-CSMST10K.
  For the 100-device Pro license, the support would be CON-SAS-CSMPR4K9.
  The reseller needs to adjust the support term (12-60 months) to suit when ordering.

• Local RADIUS in AP1242 with non-cisco WinXP wireless clients

  I'd like to configure local RADIUS in AP1242 and connect non-cisco WinXP wireless clients (for example notebook with integrated radio) with it. I did configuration (config1.txt) like in instruction: http://cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
  But I can't connect non-cisco WinXP wireless client with AP1242 anyway. At once Cisco wireless client with Aironet Desktop Utility connects with it without any problem. I've done some other configuration (config2.txt), but with the same result. Second configuration is rather then first.
  How can I connect non-cisco WinXP wireless clients with AP1242 with local RADIUS?

  Hi Stephen,
  Thanks for the quick reply. Below is the switchport config. I am able to ping the AP from the switch and connect to its web page from any workstations.
  interface GigabitEthernet0/5
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 151
  switchport mode trunk
  end