You are correct, I don't want the clients to ping the WAP - I'm trying to remove the 15.31 address, and use the 99.121 address, but once I do that, I can't reach the WAP any more, in any way, until I pull power from it. (I'm not saving the running-config, just so I can do that!)
That's why the mangement vlan 99 isn't configured on the radio side, only on the Ethernet side. I surely wouldn't mind a look at that config, though. Kurt On Sat, Jan 15, 2011 at 12:25, Glen Johnson <[email protected]> wrote: > I don't think you "want" the wireless clients to ping the wap. They should > be able to ping hosts on the same vlan as the SSID they are on. > When we were using fat waps, the only ip address the wap had was on the > management interface. For security, no wireless clients could get to that IP. > Have since switched to a wireless lan controller and life is much simpler, > but if you need more help, let me know as I should have a copy of the config > that I'll be glad to share. > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Saturday, January 15, 2011 2:42 PM > To: NT System Admin Issues > Subject: Re: Cisco 1240AG config problem > > On Sat, Jan 15, 2011 at 10:41, Michael B. Smith <[email protected]> wrote: >> It's been a really really long time for me, but shouldn't the "ip >> default-gateway" be an IP address on the BVI1 subnet? > > That seems to help somewhat. > > I updated as shown below, with the following results: > - Another WAP on the same PoE switch as the WAP I'm configuring (all WAPs > are on the 115 vlan but on different switches) can ping and telnet to 15.31 > and to 15.1 and 99.1, but not to 99.121 - 15.1 and > 99.1 are the addresses of the layer 3 switch. > > - A laptop wirelessly associated with 15.31 can ping the router address > on the 99 and 115 vlans, but not WAP's addresses of 99.121and 15.31. The > laptop gets 'destination host unreachable for the 99 address of the WAP, and > alternating sequences of that and 'reply timed out' for the 15 address of the > WAP (I've got four 'ping -t' prompts running on the laptop.) > > - No longer see on the WAP > "% Unrecognized host or address, or protocol not running." > when trying to ping from this WAP, nor the log errors > " %IP_SNMP-3-SOCKET: can't open UDP socket" > " Unable to open socket on port 161" > > - The WAP can ping itself on both addresses, and can ping the gateway on > the 115 vlan (15.1), but not the gateway on the 99 vlan > (99.1.) > > I also tried the config below except that I removed the 15.31 address from it > entirely, and while the laptop remained associated and had the same access, I > lost contact with the WAP, and the 99.121 address didn't come alive. > > Kurt > > ----------Begin updated conf snippet---------- interface FastEthernet0.99 > encapsulation dot1Q 99 no ip route-cache bridge-group 99 no bridge-group > 99 source-learning bridge-group 99 spanning-disabled ! > interface FastEthernet0.115 > encapsulation dot1Q 115 > ip address 192.168.15.31 255.255.255.0 > no ip route-cache > bridge-group 115 > no bridge-group 115 source-learning > bridge-group 115 spanning-disabled > ! > interface BVI1 > ip address 192.168.99.121 255.255.255.0 no ip route-cache ! > ip default-gateway 192.168.99.1 > ----------End updated conf snippet---------- > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
