Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access Point Problem 1

Status
Not open for further replies.
Dinkytoy

Dinkytoy

IS-IT--Management
Jun 14, 2007
147
GB
Hi,

Got a problem with a Cisco Aironet 1231 IOS ver 12.2. Maybe you can help? :). I'm not too hot on my WiFi tbh.

A colleague setup this device as a quick fix before buggering off on holiday for 3 weeks. It acts purely as a secure wifi connection into our LAN for some testing purposes. We intend to do it properly when he's back and we have a little time.

Our brief test before he went was to ensure we could connect to it, nothing more. The problem we have a few days later is that no DHCP assignments are being allowed through. Which is a pain in the ass for the 5-10 iPhone/iPod/iPad devices around.

To clarify, all allowed MAC addresses can connect to the point ok, but none get a DHCP address from the gateway (192.168.0.1). I'm sure I'm missing something small a one liner or something.

I'm not too worried about tidying up other config as I mentioned we'll do it properly on our Live Access Points when we get a little time.

Config is as below:

Building configuration...

Current configuration : 2344 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TQA-WAP
!
enable secret 5
!
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid Ariel-TQA
authentication open
authentication key-management wpa optional
wpa-psk ascii 7
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
rts threshold 2312
station-role root
no dot11 extension aironet
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.0.201 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
ip http help-path /ivory/1100
ip radius source-interface BVI1
access-list 700 permit 40d3.2d89.14c8 0000.0000.0000
access-list 700 permit 58b0.351d.b49d 0000.0000.0000
access-list 700 permit 7cc5.3738.8c9e 0000.0000.0000
access-list 700 permit 40d3.2d89.14dd 0000.0000.0000
access-list 700 permit b407.f97a.b870 0000.0000.0000
access-list 700 permit 38e7.d8be.be21 0000.0000.0000
access-list 700 permit 7cc5.373b.95cc 0000.0000.0000
access-list 700 permit 7cc5.37d7.613d 0000.0000.0000
access-list 700 permit 0023.df18.428b 0000.0000.0000
access-list 700 permit 9027.e46c.51b4 0000.0000.0000
access-list 700 permit 58b0.351b.ddaa 0000.0000.0000
access-list 700 permit 40d3.2d6b.ea76 0000.0000.0000
access-list 700 permit 0017.c516.3460 0000.0000.0000
access-list 700 permit 000f.9078.dbb0 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
bridge 1 route ip
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end
 
Sort by date Sort by votes
since you're not using any vlans or sub-interfaces for your dot11radio0 interface, add bridge-group 1 under dot11radio0

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
edit: never mind my suggestion. you already have it there. i'm just blind this morning.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
try removing these lines:
Code: 
bridge-group 1 input-address-list 700 
bridge-group 1 output-address-list 700
if it works then move your mac-address authentication to the ssid configuration

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
That makes sense tbh, FE0 is part of the bridge-group thus subject to the same MAC auth hence no comms from the DHCP Server.

In theory it should work with the auth removed or with the DHCP Server MAC added.

Will try it when I get a min. Thanks.
 
Upvote 0 Downvote
Ok what I said above isn't quite true, but it did work ok without the mac auth in place.

The auth under the the ssid is different so will have another look tomorrow.
 
Upvote 0 Downvote
glad it's working.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Managed to get another look this evening, it's now working correctly as far as I can tell.

no bridge-group 1 input-address-list 700
no bridge-group 1 output-address-list 700

dot11 assoc mac-list 700

Problem solved.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DavidSigma
  • Locked
  • Question
CP7861 problem
Replies
0
Views
216
DavidSigma
DavidSigma
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
258
Geraldine Souza
Geraldine Souza
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
593
CDIV
CDIV
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
800
iggsterman
iggsterman
canflyguy
  • Locked
  • Question
Cisco RV-340 SIP problem
Replies
1
Views
178
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top