Configuring wireless on cisco 877w router
Hi all
I have a Cisco 877W wireless/ADSL router and having great difficulty with configuring wireless on this router. Here is a quick summary.
1. The ADSL is configured to obtain public IP from the ISP
2. Default interface vlan 1 is configured with an IP address
3. I went into vlan database, tried to configure multi vlans and the router prompted me that it can only have max 2 vlans. Hence what's the use of up to 16 different SSID using wireless?
4. I've setup DHCP scope on the router to give out IP address to clients (both wireless and wired)
5. I'm able to configure WPA-PSK on the router and was able to connect wirelessly to the router but I won't be able to obtain an IP address from the router
6. There are two scenarios that I'd like to do:
A. Setup wireless to connect to the same subnet as what's on vlan1
B. Setup wireless to connect to a different subnet to vlan1
For the life of me, I could not find docs on Cisco web site that shows me how to exactly this. I found some documents that use interface F0 as a trunk port and treat the interface Dot11Radio0 with sub-interfaces. I don't connect this router to a switch (standalone router) so how can I do this? Please point me to some docs.
Thanks in advance for your help.
My configuration works for wireless no authentication, but failed for WPA-PSK:
ip dhcp excluded-address 172.16.250.1
ip dhcp pool TEST
import all
network 172.16.250.0 255.255.255.0
default-router 172.16.250.1
bridge irb
interface FastEthernet4
description $ES_WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Dot11Radio0
no ip address
ssid 111
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 Cisco1234
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address 172.16.250.1 255.255.255.0
ip nat inside
ip virtual-reassembly
After I configured the same wpa-psk key on the XP computer using windows zero configuration and tried to connect to the wireless work, I got the following errors on the router:
*Mar 1 03:00:51.623: *** Not encrypted dot1x packet from 000c.f123.25cf has been discarded
*Mar 1 03:00:52.623: %DOT11-7-AUTH_FAILED: Station 000c.f123.25cf Authentication failed
What could be wrong? Thanks!
Similar Messages
-
Still trying to configure a Cisco 877W router
Hi,
I am still unable to configure my Cisco 877W router for use on a B.T. ADSL phone line.
I can log in to the router which starts up the SDM Express. I then select the wizard and get as far as filling in the DHCP server configuration.
When I then press next it does not go to the next step, it just stays on the DHCP config screen. I am now using a Windows XP machine to configure the router as someone suggested, but it continues to halt at the same place.
Can anyone help please,
Thanks.
Dave.Hi. You may check out the topics in this link instead.
-
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
What's "SAVE" configuration command for Cisco switch/ router?
What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
but so long, any other command that easy to remenber?What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
any other command that easy to remenber?
yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1 -
Configure VPN Server Cisco 877W
Hello!
I need to implement VPN Server on a Cisco 877W.
The idea is as follows:
Access the network from anywhere using the Cisco VPN Client;
The router need receive a minimum 5 simultaneous connections;
Each User would have a login and password;
Cisco 877W (System image file is "flash: C870-advipservicesk9-mz.150-1.M10.bin")
Following script:
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
hostname VPN
boot-start-marker
boot-end-marker
logging buffered 10240
enable secret PASS@PASS
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone BR -3
dot11 syslog
dot11 ssid ACESSO01
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii PASS@PASS
no ip source-route
ip dhcp pool ODIM
import all
network 192.168.100.224 255.255.255.224
default-router 192.168.100.254
dns-server 10.151.176.80 201.10.120.3 10.151.176.79 201.10.1.2
update arp
ip cef
no ip bootp server
no ip domain lookup
ip domain name local
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall skinny
no ipv6 cef
multilink bundle-name authenticated
archive
path flash:config
write-memory
file verify auto
username suporte privilege 15 secret 5 $1$WdPL$PHwugOutS3fztS8hBUl9g0
ip tcp timestamp
ip ssh version 2
bridge irb
interface ATM0
description #### A D S L - INTERNET ####
no ip address
no ip proxy-arp
load-interval 30
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description #### A D S L - INTERNET ####
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
description #### I N T R A N E T ####
switchport trunk native vlan 100
switchport mode trunk
load-interval 30
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
no ip address
no ip proxy-arp
load-interval 30
encryption mode ciphers aes-ccm tkip
ssid ACESSO01
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description #### ETH`S ####
no ip address
no ip proxy-arp
load-interval 30
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
description #### I N T R A N E T ####
ip address dhcp
no ip proxy-arp
ip nat outside
ip virtual-reassembly
interface Dialer0
description #### I N T E R N E T ####
ip address negotiated
ip access-group Traffic-Permit-IN in
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip inspect firewall out
ip virtual-reassembly
rate-limit input access-group 100 16000 8000 8000 conform-action transmit exceed-action drop
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname user@user
ppp chap password pass@pass
ppp pap sent-username user@user password pass@pass
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
interface BVI1
description #### BRIDGE Vlan1/Dot11Radio0 ####
ip address 192.168.100.254 255.255.255.224
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip policy route-map PBR
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL interface Dialer0 overload
ip nat inside source route-map INTRANET interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 name ADSL
ip route 0.0.0.0 0.0.0.0 10.48.50.1 name INTRANET
ip access-list extended ADSL
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
deny ip any host 192.168.100.255
deny udp any any eq tftp log
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny udp any any eq 135 log
deny tcp any any eq 135 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny tcp any any eq 445 log
deny ip any any log
ip access-list extended INTRANET
permit ip any 10.0.0.0 0.255.255.255
deny ip any any
deny ip any host 10.48.50.255
deny udp any any eq tftp log
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny udp any any eq 135 log
deny tcp any any eq 135 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny tcp any any eq 445 log
ip access-list extended Traffic-Permit-IN
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 224.0.0.0 0.15.255.255 any
deny ip any host 255.255.255.255
permit tcp any any eq 1723
permit gre any any
deny icmp any any echo
deny ip any any log
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any echo
access-list 110 permit ip 192.168.100.224 0.0.0.31 any
dialer-list 1 protocol ip permit
no cdp run
route-map ADSL permit 10
match ip address 110
match interface Dialer0
route-map INTRANET permit 10
match ip address 110
match interface Vlan100
route-map PBR permit 10
match ip address ADSL
set interface Dialer0
route-map PBR permit 20
match ip address INTRANET
set interface Vlan100
control-plane
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
endSome Help?
-
Configuring wireless card Cisco Aironet 350 PCI
I'm not a newbie in linux but now faced with a trouble. I could not manage to set up the card properly. I just installed Arch 0.8 and it's not quite clear to me how to do this with Arch. I've read all available Arch's docs on this topic.
So my situation's the following:
I have the wireless card Cisco Aironet 350 PCI and I've been using it with Slackware for a year. It works quite fine. But now, when I decided to move to Arch - I cannot set it up. My card's using `airo` module and it is loading well. All the present network devices are recognized. I can see this by ifconfig -a.
I have 2 NICs in my system:
1) simple Ethernet card - eth0. Is switched off in rc.conf
2) wireless. There are 2 different devices for it in my system: eth1 and wifi0 (and it's correct). I don't know why is it so and how about this with other wireless cards.
For example I placed here network configs from my Slackware which works well with them and expect your advice on how to do the same with Arch.
/etc/rc.d/rc.inet1.conf:
##IPADDR[0]="" #wired NIC is off
##NETMASK[0]=""
##USE_DHCP[0]="yes"
##DHCP_HOSTNAME[0]=""
# Config information for eth1:
IPADDR[1]="xx.xx.225.8"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
# Default gateway IP address:
GATEWAY="xx.xx.225.254"
/etc/rc.d/rc.wireless.conf:
# Cisco/Aironet 4800/3x0
# Note : MPL driver only (airo/airo_cs), version 1.3 or later
00:0F:F8:*)
INFO="Cisco/Aironet"
ESSID="MoyEssid"
MODE="Managed"
KEY="xxxx-xxxx-xx open"
Here is the ifconfig and iwconfig output in Slackware:
ifconfig:
eth1 Link encap:Ethernet HWaddr 00:0F:F8:4D:EF:2A
inet addr:xx.xx.225.8 Bcast:xx.xx.225.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
collisions:785 txqueuelen:1000
RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
Interrupt:10 Base address:0xb800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
wifi0 Link encap:UNSPEC HWaddr 00-0F-F8-4D-EF-2A-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:2312 Metric:1
RX packets:9384 errors:128278 dropped:0 overruns:0 frame:128278
TX packets:1714 errors:0 dropped:0 overruns:0 carrier:0
collisions:785 txqueuelen:100
RX bytes:3023621 (2.8 MiB) TX bytes:224182 (218.9 KiB)
Interrupt:10 Base address:0xb800
iwconfig:
eth1 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thr:off Fragment thr:off
Encryption key:****-****-** Security mode:open
Power Management:off
Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
wifi0 IEEE 802.11-DS ESSID:"MoyEssid" Nickname:"user"
Mode:Managed Frequency:2.427 GHz Access Point: xx:xx:xx:5C:E5:00
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thr:off Fragment thr:off
Encryption key:****-****-** Security mode:open
Power Management:off
Link Quality=63/100 Signal level=-64 dBm Noise level=-96 dBm
Rx invalid nwid:11287 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:10331 Missed beacon:0
Who is aware - please describe or give me a link on this, how the two devises eth1 and wifi0 are connected to each other and how to set them up in Arch.
Thnx.Excellent! It works! Thank U very much.
My conclusion - /etc/network-profiles/ is much more suitable way/place to set your wireless network parameters even it's quite steady.
And now I have a couple of extra questions:
1) What should I do with actual network parameters in rc.conf? Currently they looks like:
lo="lo 127.0.0.1"
#eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(lo !eth0)
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
NET_PROFILES=(tier)
and that looks and works OK. What about gateway? Should I comment it here or not?
2)Though everything works fine now, I can see that wifi0 device is not listed by ifconfig now (only by iwconfig), but in my Slackware system it is. Don't have I to mention my wifi0 device in network profile's section:
#WIFI_INTERFACE=wlan0 # use this if you have a special wireless interface
# that is linked to the real $INTERFACE
Thnx!
And sorry for ugly English -
Configuring QoS on Cisco 3845 router for Polycom Video Conferecing
Dear All,
We have implemented a Polycom Video Conferecing solution at our Head Office. Using this we communicate with other branch offices through WAN (2mbps, MPLS).
The problem is that this WAN link is also used for data. When the traffic is high on the link, the voice and the video quality goes down drastically and we experience connection drops.
At the moment we have configured our Polycom box to communicate at 512kbps speed and we would like to reserve it in our WAN link. In case, video conferencing is not happening we would like it to be utilised by other traffic.
Can we configure QoS on our Cisco 3845 router to do this? I'm not a Cisco expert and have pressures from Management to correct this before the next conference.
I have already googled a fair bit but couldn't find something for me.
Could someone please tell me the exact commands that need to be given on our router to achieve this.
I'll be very thankful for this help.
Best Regards.Hi,
You can use something like the following to guarantee 5122k of bandwidth to your video-conferencing bandwidth but to allow that bandwidth to be used by other traffic when it is not being used for video-conferencing:
class-map VDOConf
match ip dscp af41
policy-map WANPolicy
class VDOConf
bandwidth 512
interface
service-policy output WANPolicy
Note that the above assumes that your video conferencing traffic is being marked to AF41. If that is not the case, you can always match on the IP address of your polycom device using an ACL:
class-map VDOConf
match access-group 101
access-list 101 permit ip .....
Hope that helps - pls rate the post if it does.
Paresh -
Getting Started with Wireless: Wireless configuration on 877W router - STUC
Just letting you know that I've already posted an identical post under "Getting Started with Wireless" but don't feel that I'm getting any attention so I made another post. Thank you.
Hi all
I have a Cisco 877W router running IOS v 12.4(15)T3. Have been trying to configure wireless to run WPA-PSK and is stuck at the final stage. Spent a lot of time configuring the router using CLI but ended up using the Web GUI interface. I was able to configure the wireless settings (I think) but failed when connecting to the router from WinXP-SP2 and was wondering if you have any suggestion for me. I've ran the following debugs on the router:
VNRouter#sho debug
DHCP server event debugging is on.
dot11:
802.1X module WPA/WPA-PSK/CCKM key management debugging is on
dot11 Syslog debugging is on
Below is the error message when connecting wirelessly
*Mar 4 18:46:25.655: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
VNRouter#
*Mar 4 18:46:25.659: %DOT11-6-ASSOC: Interface Dot11Radio0, Station VNRouter 001b.771a.dbad Associated SSID[VN-WiLess1] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
VNRouter#
*Mar 4 18:47:25.571: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
*Mar 4 18:47:25.575: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
*Mar 4 18:47:25.575: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
*Mar 4 18:47:25.579: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded.
I've created two VLANs (and tied these two vlans to 2 separate SSID) on this router for a reason and so far has not been able to connect to any of them (SSID). I've also attached the config so you can have a look. Thanks in advance for your help.The configuration looks fine. In most cases, the connectivity issues with WPA-PSK is due to the mismatch in PSK on the Client and the AP. Try re-entering the PSK key on both the router and the client and check if you are seeing any issues.
-
Wireless configuration on 877W router - STUCK
Hi all
I have a Cisco 877W router running IOS v 12.4(15)T3. Have been trying to configure wireless to run WPA-PSK and is stuck at the final stage. Spent a lot of time configuring the router using CLI but ended up using the Web GUI interface. I was able to configure the wireless settings (I think) but failed when connecting to the router from WinXP-SP2 and was wondering if you have any suggestion for me. I've ran the following debugs on the router:
VNRouter#sho debug
DHCP server event debugging is on.
dot11:
802.1X module WPA/WPA-PSK/CCKM key management debugging is on
dot11 Syslog debugging is on
Below is the error message when connecting wirelessly
*Mar 4 18:46:25.655: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
VNRouter#
*Mar 4 18:46:25.659: %DOT11-6-ASSOC: Interface Dot11Radio0, Station VNRouter 001b.771a.dbad Associated SSID[VN-WiLess1] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
VNRouter#
*Mar 4 18:47:25.571: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
*Mar 4 18:47:25.575: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
*Mar 4 18:47:25.575: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
*Mar 4 18:47:25.579: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded.
I've created two VLANs (and tied these two vlans to 2 separate SSID) on this router for a reason and so far has not been able to connect to any of them (SSID). I've also attached the config so you can have a look. Thanks in advance for your help.The configuration looks fine. In most cases, the connectivity issues with WPA-PSK is due to the mismatch in PSK on the Client and the AP. Try re-entering the PSK key on both the router and the client and check if you are seeing any issues.
-
Greetings. First, let me start by saying I am an idiot, I know I am an idiot, and I apologize for wasting everyone's time. I have actually RTFM, many RTFMs, in fact, and I still have not found a resolution.
Second, I am trying to set up a RADIUS server in my test network. I have installed ClearBox RADIUS on a Windows 2000 system. I have the following configuration on my Cisco 2611 router:
Using 2297 out of 29688 bytes
! Last configuration change at 17:20:27 PDT Tue May 20 2008
! NVRAM config last updated at 17:20:29 PDT Tue May 20 2008
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname Tester
logging buffered 10000 debugging
aaa new-model
aaa group server radius RadiusServers
server 172.26.0.2 auth-port 1812 acct-port 1813
aaa authentication login default group RadiusServers local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa processes 6
enable secret xxx
username test password xxx
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip domain-lookup
no ip bootp server
interface Loopback0
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
description To Main Network
ip address X.X.X.X 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
full-duplex
no cdp enable
interface Ethernet0/1
description To Internal Network
ip address 172.26.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
load-interval 30
full-duplex
no cdp enable
ip nat pool test X.X.X.X X.X.X.X netmask 255.255.255.128
ip nat inside source list 3 pool test overload
ip nat inside destination list 3 pool test
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
no ip http server
ip radius source-interface Ethernet0/1
access-list 3 permit 172.26.0.0 0.0.0.255
no cdp run
snmp-server community public RO 15
radius-server host 172.26.0.2 auth-port 1812 acct-port 1813 key secret
radius-server retransmit 3
radius-server key secret
line con 0
password xxx
logging synchronous
line aux 0
line vty 0 4
access-class 10 in
password 7 1234567890
logging synchronous
ntp clock-period 17208108
ntp server 192.43.244.18
end
My RADIUS server is up and responding to requests, but my router does not appear to be forwarding authentication requests to it. In fact, when I log into the router using HyperTerm, it times out, and I end up authenticating locally.
I really don't care whether my Cisco equipment authenticates against the RADIUS server, but I do need to get it set up to authenticate my users so I can track their time online. What have I missed in my router configuration? Why isn't it forwarding user authentication requests to the RADIUS server.
Thank you for any assistance you may be able to provide.I have found that if I am in the middle of composing a response, and I open the thread in another browser window (to refer to it), when I go to submit my response, it doesn't get posted. Perhaps you are running into the same thing.
The command I shared:
aaa authentication enable default group radius local
... was erroneous. The keyword should have been "enable", as you have discovered.
Therefore use:
aaa authentication enable default group radius enable
When I view a Wireshark trace I see the following:
AVP: l=18 t=User-Password(2): Decrypted: "user-PWD\000\000\000\000\000\000\000\000"
Like you, I see the user password appended with the group of \000 grouping's.
Note the word "Decrypted" which confirms that the password entered in Wireshark is a match with that entered on the AAA client (for what that's worth).
I'm not sure if I suggested that this would confirm that the server and client were using the same shared secret. If I did, I miss-spoke. I think we would have to gauge the server's response to the attributes we see passed by the client.
The Wireshark decryption is much more dramatic with TACACS+ because the whole payload is encrypted.
My issue with your PPPoE is that I saw no "interface" on the router that is configured to perform such authentication. I do seem to recall a global authentication command with the PPP keyword perhaps. I have not attempted to do this, and am not sure whether the interfaces in your router will support this method. Perhaps someone else will weigh in with an opinion.
However, there are other mainstream authentication methods that I think you should investigate as well.
You could implement 802.1x on a switch so that a host has to authenticate before it can gain Layer 3 access to the LAN. Depending on the platform, you can download VLAN assignments and ACLs.
I believe the router also supports 802.1x, but that may determine whether a host can get "through" the router. I have not had cause to investigate 802.1x on the router. I may do so in the future to authorize access to IPsec tunnels.
The router is also likely to support Authentication Proxy. This feature intercepts a user's attempt to browse resources on the other side of the router. User specific ACLs can be downloaded to the router (from RADIUS) to control what resources a user can access.
I think you should:
1. Resolve the issue(s) with AAA logins on the router. It'll establish a baseline of functionality, and give you some short term joy.
2. Investigate whether PPPoE support exists on your router's interfaces.
3. Read up on 802.x and Authentication Proxy (docs on Cisco web site).
4. Decide which methods appeals to you.
5. Dive in.
I'd lose the self-deprecation. I don't think it will serve you well. If you're treated badly, move to a newsgroup where the participants display a higher level of emotional maturity. I don't think you will have an issue on the Cisco forums. Others would probably step in.
I'm going to be absent for several days, so if you don't receive any response, it will be for said reason.
Good luck. -
DHCP issue on Cisco IOS router
Hi experts,
I recently got complaints that some clients can't get IP address through the DHCP server configured on a Cisco IOS router. I turned on debugging on DHCP events and packets and I see the following logs.
Mar 22 15:33:41: DHCPD: DHCPREQUEST received from client 0100.1b63.f246.8c.
Mar 22 15:33:41: DHCPD: Finding a relay for client 0100.1b63.f246.8c on interface FastEthernet1/0.10.
Mar 22 15:33:41: DHCPD: Seeing if there is an internally specified pool class:
Mar 22 15:33:41: DHCPD: htype 1 chaddr 001b.63f2.468c
Mar 22 15:33:41: DHCPD: remote id 020a0000cf6050011000000a
Mar 22 15:33:41: DHCPD: circuit id 00000000
Mar 22 15:34:02: DHCPD: DHCPREQUEST received from client 0100.1b63.f246.8c.
Mar 22 15:34:02: DHCPD: Finding a relay for client 0100.1b63.f246.8c on interface FastEthernet1/0.10.
Mar 22 15:34:02: DHCPD: Seeing if there is an internally specified pool class:
Mar 22 15:34:02: DHCPD: htype 1 chaddr 001b.63f2.468c
Mar 22 15:34:02: DHCPD: remote id 020a0000cf6050011000000a
Mar 22 15:34:02: DHCPD: circuit id 00000000
Then it will repeat and repeat for this MAC. Any reason why the router is not assigning an IP to it? It actually happens to some other MACs as well... They are from different vendors and located on different switches... I can't really find a pattern for this problem... The DHCP pool hasn't run out and it still has available IPs in it.
ThanksHi Alain, thanks for quick reply. The followings contain the output that you required. I hided the prefix of the IP with a.b.c. Thanks!
interface FastEthernet1/0.10
description : DHCP for EXHIBITION VLAN
encapsulation dot1Q 10
ip address a.b.c.1 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
end
r#sh ip dhcp pool
Pool EXHIBIT :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 126
Leased addresses : 47
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
a.b.c.118 a.b.c.1 - a.b.c.126 47
#sh run | in/be dhcp
no ip dhcp use vrf connected
ip dhcp excluded-address a.b.c.1 a.b.c.11
ip dhcp excluded-address a.b.c.126
ip dhcp excluded-address a.b.c.100 a.b.c.101
ip dhcp excluded-address a.b.c.51
ip dhcp pool EXHIBIT
network a.b.c.0 255.255.255.128
default-router a.b.c.1
dns-server 207.172.3.8 207.172.3.9
domain-name xyz.com
#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
a.b.c.19 0168.7f74.6260.9b Mar 23 2011 01:56 PM Automatic
a.b.c.52 0100.4854.897d.17 Mar 23 2011 12:53 PM Automatic
a.b.c.56 0100.4063.e7b5.b2 Mar 23 2011 03:33 PM Automatic
a.b.c.57 0100.1b63.f246.8c Mar 23 2011 03:34 PM Automatic
a.b.c.68 015c.5948.0b97.d6 Mar 22 2011 05:59 PM Automatic
a.b.c.69 0168.7f74.626d.67 Mar 23 2011 07:07 AM Automatic
a.b.c.70 0198.fc11.5027.1d Mar 22 2011 07:04 PM Automatic
a.b.c.71 01dc.2b61.04ba.af Mar 22 2011 10:26 PM Automatic
a.b.c.72 017c.c537.58e6.64 Mar 22 2011 08:37 PM Automatic
a.b.c.73 017c.6d62.3303.57 Mar 23 2011 03:54 AM Automatic
a.b.c.74 0124.ab81.cda4.68 Mar 23 2011 05:01 AM Automatic
a.b.c.75 0100.1e52.8f11.a5 Mar 23 2011 02:47 PM Automatic
a.b.c.76 0100.264a.5fc8.e3 Mar 23 2011 07:13 AM Automatic
a.b.c.77 017c.6d62.38cd.40 Mar 23 2011 02:06 PM Automatic
a.b.c.78 0100.1d4f.f647.79 Mar 23 2011 02:37 PM Automatic
a.b.c.79 0100.26b0.8637.3d Mar 23 2011 01:16 PM Automatic
a.b.c.81 0130.694b.e9de.82 Mar 23 2011 03:19 PM Automatic
a.b.c.82 0100.21e9.6864.80 Mar 23 2011 12:04 PM Automatic
a.b.c.83 0124.ab81.63e6.b5 Mar 23 2011 09:38 AM Automatic
a.b.c.84 0100.16b6.0455.c2 Mar 23 2011 09:42 AM Automatic
a.b.c.85 0100.1302.4c96.9e Mar 23 2011 09:49 AM Automatic
a.b.c.86 0140.a6d9.741c.e0 Mar 23 2011 12:12 PM Automatic
a.b.c.87 0100.264a.b8e9.50 Mar 23 2011 10:16 AM Automatic
a.b.c.88 0140.a6d9.4911.67 Mar 23 2011 03:19 PM Automatic
a.b.c.89 013c.7437.1e32.96 Mar 23 2011 10:27 AM Automatic
a.b.c.90 01d8.3062.689c.4b Mar 23 2011 11:55 AM Automatic
a.b.c.91 0158.946b.4df8.bc Mar 23 2011 10:49 AM Automatic
a.b.c.92 0100.2215.7368.26 Mar 23 2011 10:23 AM Automatic
a.b.c.93 0100.23df.76ea.90 Mar 23 2011 02:33 PM Automatic
a.b.c.94 0124.ab81.708d.83 Mar 23 2011 03:58 PM Automatic
a.b.c.95 0100.1cb3.163d.5a Mar 23 2011 03:13 PM Automatic
a.b.c.96 01cc.08e0.2aeb.96 Mar 23 2011 01:27 PM Automatic
a.b.c.97 0188.c663.d0d0.55 Mar 23 2011 01:57 PM Automatic
a.b.c.98 0100.1b77.08bb.89 Mar 23 2011 01:15 PM Automatic
a.b.c.99 0100.1ec2.47d7.19 Mar 23 2011 12:43 PM Automatic
a.b.c.102 0100.1310.8e74.78 Mar 23 2011 12:41 PM Automatic
a.b.c.103 0100.24d6.58b0.82 Mar 23 2011 01:44 PM Automatic
a.b.c.104 0100.2608.7df2.68 Mar 23 2011 03:23 PM Automatic
a.b.c.106 01c8.bcc8.1a86.41 Mar 23 2011 03:56 PM Automatic
a.b.c.107 01a4.6706.1e54.94 Mar 23 2011 04:08 PM Automatic
a.b.c.108 017c.c537.46ac.0e Mar 23 2011 02:41 PM Automatic
a.b.c.111 0100.037f.0ea2.19 Mar 23 2011 02:47 PM Automatic
a.b.c.112 01d8.3062.75c5.9c Mar 23 2011 03:33 PM Automatic
a.b.c.113 0021.9116.449e Mar 23 2011 03:36 PM Automatic
a.b.c.114 0100.1ff3.46d9.a9 Mar 23 2011 03:40 PM Automatic
a.b.c.116 0104.1e64.4a0d.a3 Mar 23 2011 04:21 PM Automatic
a.b.c.117 0190.27e4.4ae8.94 Mar 23 2011 04:24 PM Automatic
Thanks! -
Hi,
I have another problem - after upgrade ios wirelles connection not work.
After reload i have :
Configuration of subinterfaces and main interface
within the same bridge group is not permitted
STP: Unable to get the port parameters.
Please configure the bridge group on this interface first.
Please configure the bridge group on this interface first.
Please configure the bridge group on this interface first.
SETUP: new interface NVI0 placed in "shutdown" state
my old configuration work propertly in the old software, but after update i have notificatio.
Old thread:
https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
my current sh run:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname cisco
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T6.bin
boot-end-marker
logging message-counter syslog
logging buffered 4096 informational
enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s.
aaa new-model
aaa session-id common
dot11 syslog
dot11 ssid ciscowifi
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 050D031D26595D0617
dot11 wpa handshake timeout 500
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.56.1
ip dhcp pool CLIENT
import all
network 192.168.56.0 255.255.255.0
default-router 192.168.56.1
dns-server 8.8.8.8 194.204.159.1 194.204.152.34
lease 0 2
ip cef
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
username marek password 7 00121A0908500A
archive
log config
hidekeys
ip tcp path-mtu-discovery
bridge irb
interface ATM0
description Polaczenie ADSL do ISP$ES_WAN$
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
hold-queue 224 in
interface FastEthernet0
description Edzia
interface FastEthernet1
description dom
interface FastEthernet2
description Dziadek
interface FastEthernet3
interface Dot11Radio0
no ip address
no ip redirects
ip local-proxy-arp
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
encryption vlan 1 mode ciphers tkip
encryption mode ciphers aes-ccm tkip
broadcast-key change 3600
ssid ciscowifi
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country AU indoor
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1
description ciscowifi
encapsulation dot1Q 1 native
no cdp enable
interface Vlan1
no ip address
bridge-group 1
interface Dialer0
description Interfejs dzwoniacy
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx
interface BVI1
description Polaczenie dla sieci LAN
ip address 192.168.56.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80
ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22
logging trap debugging
logging 192.168.56.10
access-list 100 permit ip 192.168.56.0 0.0.0.255 any
access-list 100 deny ip any any
no cdp run
snmp-server community ciskacz RO
snmp-server chassis-id ciskacz
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
transport preferred ssh
transport input ssh
scheduler max-task-time 5000
end
please help - thanks!Hello Marek,
I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
Remove the Dot11Radio0.1 subinterface entirely
In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
In the dot11 ssid ciscowifi section, remove the vlan 1 command
After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
Best regards,
Peter -
How to configure wireless Cisco 1041/EAP2 with Radius
Hello,
Having trouble configuring wireless on a Cisco 1041 with a 2012 Radius Server
I have a cisco ASA 5505 and Windows server 2012 Radius with NAP and Network Security policy
Guest Test guest works, test does not, I want the users to log into test with their AD credentials
Here is the AP config:
Thanks for any help
o service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap1
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap2
server x.x.x.x auth-port 1645 acct-port 1646
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
ip domain name ser.local
dot11 syslog
dot11 ssid test
vlan 1
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa
mbssid guest-mode
dot11 ssid test guest
vlan 12
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7
dot11 priority-map avvid
dot11 phone dot11e
power inline negotiation injector 001b.8fac.990a
power inline negotiation prestandard source
class-map match-all _class_data_policy0
match ip dscp default
class-map match-all _class_voice_policy0
match ip dscp ef
policy-map voice_policy
class _class_voice_policy0
set cos 6
policy-map data_policy
class _class_data_policy0
set cos 0
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 12 mode ciphers aes-ccm
ssid ihiCorp
ssid ihiGuest
antenna gain 0
mbssid
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
service-policy input data_policy
service-policy output data_policy
interface Dot11Radio0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
bridge-group 12 subscriber-loop-control
bridge-group 12 block-unknown-source
no bridge-group 12 source-learning
no bridge-group 12 unicast-flooding
bridge-group 12 spanning-disabled
service-policy input data_policy
service-policy output data_policy
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
no bridge-group 12 source-learning
bridge-group 12 spanning-disabled
interface BVI1
ip address x.x.x.x 255.255.255.0
no ip route-cache
ip default-gateway x.x.x.x
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
endin order I get these messages;
The processing of Group Policy failed. Windows attempted to read the file \\test.local\sysvol\test.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
A LDAP connection with domain controller IHIserver01.ihi-press.local for domain TEST is established.
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48. -
Configuration Issue with my Cisco 871 Router
Hi all,
I am a newbie to the Cisco IOS.
I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
Below is my current config:
Hoggers#show config
Using 4414 out of 131072 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Hoggers
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 **********************.
no aaa new-model
crypto pki trustpoint TP-self-signed-568493463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-568493463
revocation-check none
rsakeypair TP-self-signed-568493463
crypto pki certificate chain TP-self-signed-568493463
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.90
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip dhcp pool LANPOOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 41.212.3.2 41.212.3.253
ip domain name yourdomain.com
ip name-server 41.212.3.2
ip name-server 41.212.3.253
archive
log config
hidekeys
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Wan to Outside World
ip address 41.212.79.108 255.255.255.0
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.212.79.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
scheduler max-task-time 5000
end
I'll appreciate any light you can shed on what am missing.2 wireless routers can not communicate wirelessly with each other.
You need to connect cable between 2 routers and use the second wireless router as access point.
Follow this link to connect Linksys router to another router.
Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address. -
Wireless non-cisco router with aironet 1242 repeater.
Hello everyone. I'm a newbie here. I just started learning about cisco devices. Sorry if my question seems stupid.
I have a problem. A friend gave me an AP aironet 1242 and he wants to use it as a repeater for his wireless non cisco router.
Is this possible? And if it is how can i do it with simple steps.
Thanks in advance!Thanks for the quick response Scott. I 've read this quide before i post.
The problem is that i can't connect with serial to the ap. So i can't use commands.
I can connect with ethernet and see the ap interface. When i go and make the radio0 work as a repeater it shows interface down. What i want is simple steps of how to configure it from the interface.
Sorry again.
Maybe you are looking for
-
File Transfer From Unix server to Windows Client System Using WebUtil
Hi all, I want to Transfer a File from Unix Server to Window Client System using Webutil. But below mention code is not working. DECLARE V_Server_Path VARCHAR2(500) := Null; V_Client_Path VARCHAR2(500) := Null; BEGIN V_Server_Path := '
-
Is it possible in SAP that I can restrict a specific delivery can be attach
Hi All, Is it possible in SAP that I can restrict a specific delivery can only be attached with specific shipment? Example, I have a delivery type "A", which can only be attached with Shipment type "Z". Thanks in advance.
-
FEBAN items don't clear after posting
I have configured everything for the automatic bank statements and created a test statement which I loaded via FF_5. All items on the statement show with a red marker and I can book them to the respective accounts accordingly. The postings do go thro
-
Convert a scatter graph with multiple data series into individual graphs
I am trying to convert a scatter graph with multiple data series into individual graphs, with the series having the same formatting as in the graph when all series are together. Normally, if I delete any series, the color scheme for all the other ser
-
How to create a BADI Definition
Hi All, Please let me know the steps to create a BADI Definition as I haven't done this before . I need detailed steps. Please reply ASAP. Regards, Neha