I don't think you "want" the wireless clients to ping the wap. They should be able to ping hosts on the same vlan as the SSID they are on. When we were using fat waps, the only ip address the wap had was on the management interface. For security, no wireless clients could get to that IP. Have since switched to a wireless lan controller and life is much simpler, but if you need more help, let me know as I should have a copy of the config that I'll be glad to share.
-----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Saturday, January 15, 2011 2:42 PM To: NT System Admin Issues Subject: Re: Cisco 1240AG config problem On Sat, Jan 15, 2011 at 10:41, Michael B. Smith <[email protected]> wrote: > It's been a really really long time for me, but shouldn't the "ip > default-gateway" be an IP address on the BVI1 subnet? That seems to help somewhat. I updated as shown below, with the following results: - Another WAP on the same PoE switch as the WAP I'm configuring (all WAPs are on the 115 vlan but on different switches) can ping and telnet to 15.31 and to 15.1 and 99.1, but not to 99.121 - 15.1 and 99.1 are the addresses of the layer 3 switch. - A laptop wirelessly associated with 15.31 can ping the router address on the 99 and 115 vlans, but not WAP's addresses of 99.121and 15.31. The laptop gets 'destination host unreachable for the 99 address of the WAP, and alternating sequences of that and 'reply timed out' for the 15 address of the WAP (I've got four 'ping -t' prompts running on the laptop.) - No longer see on the WAP "% Unrecognized host or address, or protocol not running." when trying to ping from this WAP, nor the log errors " %IP_SNMP-3-SOCKET: can't open UDP socket" " Unable to open socket on port 161" - The WAP can ping itself on both addresses, and can ping the gateway on the 115 vlan (15.1), but not the gateway on the 99 vlan (99.1.) I also tried the config below except that I removed the 15.31 address from it entirely, and while the laptop remained associated and had the same access, I lost contact with the WAP, and the 99.121 address didn't come alive. Kurt ----------Begin updated conf snippet---------- interface FastEthernet0.99 encapsulation dot1Q 99 no ip route-cache bridge-group 99 no bridge-group 99 source-learning bridge-group 99 spanning-disabled ! interface FastEthernet0.115 encapsulation dot1Q 115 ip address 192.168.15.31 255.255.255.0 no ip route-cache bridge-group 115 no bridge-group 115 source-learning bridge-group 115 spanning-disabled ! interface BVI1 ip address 192.168.99.121 255.255.255.0 no ip route-cache ! ip default-gateway 192.168.99.1 ----------End updated conf snippet---------- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
