That's what I was thinking. I also don't think you should put an IP on anything other than the management BVI. Might take a look at the device's routing table as well.
Thanks, Brian Desmond [email protected] c – 312.731.3132 -----Original Message----- From: Michael B. Smith [mailto:[email protected]] Sent: Saturday, January 15, 2011 12:42 PM To: NT System Admin Issues Subject: RE: Cisco 1240AG config problem It's been a really really long time for me, but shouldn't the "ip default-gateway" be an IP address on the BVI1 subnet? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Saturday, January 15, 2011 1:02 PM To: NT System Admin Issues Subject: OT: Cisco 1240AG config problem All, It's been a long time since I configured any Cisco equipment, and never with vlans. These WAPS have been around a long time, and the vendor did the original config, with no vlans - I've just been googling around and figuring all of this out, with minor help from a conslutant. I'm configuring the WAP above my desk first, with the intent that once it's working, the config will be rolled out to the 14 other units, and then I'll announce the guest wireless publicly. With the config showed below, I have a sort-of working setup on this WAP. For clarity, - vlan 1 is native and not used - vlan 99 is the management vlan, and is not intended to extend to the wireless side of the WAP (I use this vlan to manage all of the switches, which are HP Procurves) - vlan 115 is the production wireless vlan, and is available for wireless connection for company equipment - vlan 120 is the guest wireless vlan, and is going to be available for wireless connection for guest/personal equipment, once I have this working on all 15 WAPs The guest network (vlan 120) does have connectivity to the world, and you can't ping to it or from it via the production network (vlan 115 or the wired vlans), and I have a seperate DHCP server on the guest vlan, so that's all happy, AFAICT. I can connect with wireless devices to either of the two wireless vlans, no problem. The problems I'm seeing are: 1) I can telnet to the WAP on either IP address, but I can't ping from the WAP to anything, including addresses assigned to the WAP - I get the error "% Unrecognized host or address, or protocol not running." 2) I'm seeing the following error lines in the logs on the WAP: "%IP_SNMP-3-SOCKET: can't open UDP socket" and "Unable to open socket on port 161" 3) After I finished configuring the WAP Thursday afternoon and confirming connection on both SSIDs, on Friday I couldn't connect anything to the production SSID, until I did a reload - that seems to have cleared, but that is troubling. My googling reveals that the error messages are supposedly caused by the lack of an IP address on any interface. However, as you can see from the config below I have addresses configured on two interfaces, and can telnet to either one. I have even tried putting an address on int BVI1, but I may have done that incorrectly, as it didn't seem to help. Does anyone out there see what I've gotten wrong? I'm continuing my searches, but if someone can short-circuit that with a good answer, I'd really appreciate it. Thanks, Kurt ----------Begin config---------- version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname wapc31.example.com ! enable secret 5 (removed) ! no aaa new-model clock timezone -0800 -8 clock summer-time -0700 recurring ! ! dot11 vlan-name VLAN115 vlan 115 dot11 vlan-name VLAN120 vlan 120 ! dot11 ssid guest vlan 120 authentication open mbssid guest-mode dtim-period 2 ! dot11 ssid production vlan 115 authentication open authentication key-management wpa wpa-psk ascii 7 (removed) ! power inline negotiation prestandard source ! ! username Cisco privilege 15 password 7 (removed username readonly password 7 (removed) username ifteam privilege 15 secret 5 (removed) ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! encryption vlan 115 mode ciphers tkip ! ssid guest ! ssid production ! antenna transmit right antenna receive right mbssid speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 power client 20 channel 2437 station-role root bridge-group 1 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.115 encapsulation dot1Q 115 no ip route-cache bridge-group 115 bridge-group 115 subscriber-loop-control bridge-group 115 block-unknown-source no bridge-group 115 source-learning no bridge-group 115 unicast-flooding bridge-group 115 spanning-disabled ! interface Dot11Radio0.120 encapsulation dot1Q 120 no ip route-cache bridge-group 120 bridge-group 120 subscriber-loop-control bridge-group 120 block-unknown-source no bridge-group 120 source-learning no bridge-group 120 unicast-flooding bridge-group 120 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown dfs band 3 block channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.99 encapsulation dot1Q 99 ip address 192.168.99.121 255.255.255.0 no ip route-cache bridge-group 99 no bridge-group 99 source-learning bridge-group 99 spanning-disabled ! interface FastEthernet0.115 encapsulation dot1Q 115 no ip route-cache bridge-group 115 no bridge-group 115 source-learning bridge-group 115 spanning-disabled ! interface FastEthernet0.120 encapsulation dot1Q 120 no ip route-cache bridge-group 120 no bridge-group 120 source-learning bridge-group 120 spanning-disabled ! interface BVI1 ip address 192.168.15.31 255.255.255.0 no ip route-cache ! ip default-gateway 192.168.99.1 ip http server ip http authentication local no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag snmp-server view dot11view ieee802dot11 included snmp-server view ieee802dot11 ieee802dot11 included snmp-server community zetpub RO snmp-server contact IFTeam bridge 1 route ip ! ! ! line con 0 login local line vty 0 4 login local ! sntp server 192.168.10.191 sntp broadcast client end ----------End Config---------- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
