'sho ip route' doesn't work, and I've been working my way through the tree trying to find it. Google isn't much help either.
It's not driving me crazy, but it's close... Kurt On Sat, Jan 15, 2011 at 11:42, Brian Desmond <[email protected]> wrote: > That's what I was thinking. I also don't think you should put an IP on > anything other than the management BVI. Might take a look at the device's > routing table as well. > > Thanks, > Brian Desmond > [email protected] > > c – 312.731.3132 > > -----Original Message----- > From: Michael B. Smith [mailto:[email protected]] > Sent: Saturday, January 15, 2011 12:42 PM > To: NT System Admin Issues > Subject: RE: Cisco 1240AG config problem > > It's been a really really long time for me, but shouldn't the "ip > default-gateway" be an IP address on the BVI1 subnet? > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Saturday, January 15, 2011 1:02 PM > To: NT System Admin Issues > Subject: OT: Cisco 1240AG config problem > > All, > > It's been a long time since I configured any Cisco equipment, and never with > vlans. These WAPS have been around a long time, and the vendor did the > original config, with no vlans - I've just been googling around and figuring > all of this out, with minor help from a conslutant. I'm configuring the WAP > above my desk first, with the intent that once it's working, the config will > be rolled out to the 14 other units, and then I'll announce the guest > wireless publicly. > > With the config showed below, I have a sort-of working setup on this WAP. For > clarity, > - vlan 1 is native and not used > - vlan 99 is the management vlan, and is not intended to extend to the > wireless side of the WAP (I use this vlan to manage all of the switches, > which are HP Procurves) > - vlan 115 is the production wireless vlan, and is available for wireless > connection for company equipment > - vlan 120 is the guest wireless vlan, and is going to be available for > wireless connection for guest/personal equipment, once I have this working on > all 15 WAPs > > The guest network (vlan 120) does have connectivity to the world, and you > can't ping to it or from it via the production network (vlan 115 or the wired > vlans), and I have a seperate DHCP server on the guest vlan, so that's all > happy, AFAICT. > > I can connect with wireless devices to either of the two wireless vlans, no > problem. > > The problems I'm seeing are: > > 1) I can telnet to the WAP on either IP address, but I can't ping from > the WAP to anything, including addresses assigned to the WAP - I get the error > "% Unrecognized host or address, or protocol not running." > > 2) I'm seeing the following error lines in the logs on the WAP: > "%IP_SNMP-3-SOCKET: can't open UDP socket" > and > "Unable to open socket on port 161" > > 3) After I finished configuring the WAP Thursday afternoon and confirming > connection on both SSIDs, on Friday I couldn't connect anything to the > production SSID, until I did a reload - that seems to have cleared, but that > is troubling. > > > My googling reveals that the error messages are supposedly caused by the lack > of an IP address on any interface. However, as you can see from the config > below I have addresses configured on two interfaces, and can telnet to either > one. > > I have even tried putting an address on int BVI1, but I may have done that > incorrectly, as it didn't seem to help. > > Does anyone out there see what I've gotten wrong? I'm continuing my searches, > but if someone can short-circuit that with a good answer, I'd really > appreciate it. > > > Thanks, > > Kurt > > ----------Begin config---------- > version 12.4 > no service pad > service timestamps debug datetime msec > service timestamps log datetime msec > service password-encryption > ! > hostname wapc31.example.com > ! > enable secret 5 (removed) > ! > no aaa new-model > clock timezone -0800 -8 > clock summer-time -0700 recurring > ! > ! > dot11 vlan-name VLAN115 vlan 115 > dot11 vlan-name VLAN120 vlan 120 > ! > dot11 ssid guest > vlan 120 > authentication open > mbssid guest-mode dtim-period 2 > ! > dot11 ssid production > vlan 115 > authentication open > authentication key-management wpa > wpa-psk ascii 7 (removed) > ! > power inline negotiation prestandard source ! > ! > username Cisco privilege 15 password 7 (removed username readonly password 7 > (removed) username ifteam privilege 15 secret 5 (removed) ! > bridge irb > ! > ! > interface Dot11Radio0 > no ip address > no ip route-cache > ! > encryption mode ciphers tkip > ! > encryption vlan 115 mode ciphers tkip > ! > ssid guest > ! > ssid production > ! > antenna transmit right > antenna receive right > mbssid > speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 power client 20 channel > 2437 station-role root bridge-group 1 bridge-group 1 block-unknown-source > no bridge-group 1 source-learning no bridge-group 1 unicast-flooding > bridge-group 1 spanning-disabled ! > interface Dot11Radio0.115 > encapsulation dot1Q 115 > no ip route-cache > bridge-group 115 > bridge-group 115 subscriber-loop-control bridge-group 115 > block-unknown-source no bridge-group 115 source-learning no bridge-group > 115 unicast-flooding bridge-group 115 spanning-disabled ! > interface Dot11Radio0.120 > encapsulation dot1Q 120 > no ip route-cache > bridge-group 120 > bridge-group 120 subscriber-loop-control bridge-group 120 > block-unknown-source no bridge-group 120 source-learning no bridge-group > 120 unicast-flooding bridge-group 120 spanning-disabled ! > interface Dot11Radio1 > no ip address > no ip route-cache > shutdown > dfs band 3 block > channel dfs > station-role root > bridge-group 1 > bridge-group 1 subscriber-loop-control > bridge-group 1 block-unknown-source > no bridge-group 1 source-learning > no bridge-group 1 unicast-flooding > bridge-group 1 spanning-disabled > ! > interface FastEthernet0 > no ip address > no ip route-cache > duplex auto > speed auto > ! > interface FastEthernet0.1 > encapsulation dot1Q 1 native > no ip route-cache > bridge-group 1 > no bridge-group 1 source-learning > bridge-group 1 spanning-disabled > ! > interface FastEthernet0.99 > encapsulation dot1Q 99 > ip address 192.168.99.121 255.255.255.0 no ip route-cache bridge-group 99 > no bridge-group 99 source-learning bridge-group 99 spanning-disabled ! > interface FastEthernet0.115 > encapsulation dot1Q 115 > no ip route-cache > bridge-group 115 > no bridge-group 115 source-learning > bridge-group 115 spanning-disabled > ! > interface FastEthernet0.120 > encapsulation dot1Q 120 > no ip route-cache > bridge-group 120 > no bridge-group 120 source-learning > bridge-group 120 spanning-disabled > ! > interface BVI1 > ip address 192.168.15.31 255.255.255.0 > no ip route-cache > ! > ip default-gateway 192.168.99.1 > ip http server > ip http authentication local > no ip http secure-server > ip http help-path > http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag > snmp-server view dot11view ieee802dot11 included snmp-server view > ieee802dot11 ieee802dot11 included snmp-server community zetpub RO > snmp-server contact IFTeam bridge 1 route ip ! > ! > ! > line con 0 > login local > line vty 0 4 > login local > ! > sntp server 192.168.10.191 > sntp broadcast client > end > ----------End Config---------- > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
