Cisco 851W & Blackberry Internet Service (WiFi)

[woter324]

Hi,

This is a tough one to know where to post. I know it is my router's config that is causing the issue, but I cannot work out what it is.

My issue is being able to browse the net when connected to my wireless network from my BB 9800. The BB connects to the wireless network and I receive a WLAN IP address. I get the message: "Unable to find the requested server".

I have recently reconfigured my router from the begining, to enable dual WLAN's to get another piece of kit to work. Since then, I no longer get the 4 dots by the wireless symbol on the phone. Much research tells me the phone cannot connect to the BIS server. Under troubleshooting --> Blackberry Infrastructure, there is a red X next to "Connecting:" (connecting: Error).

I did find one post mentioning someone with a Netgear router changed the NAT settings from secure to open. I don't think I have a comparable setting.

I have removed all firewall config, but that still doesn't work.

On the phone, I have reregistered the host routing table for Wi-Fi[60] with a battery pull. From a PC on the same network, I have open a successful telnet session to the Wi-Fi[60] address (rcp.eu.blackberry.com:443). This suggests it cannot be a routing or FW issue.

I am sure it is something in my config, as opposed to a phone setting, but I cannot work out what it is.

Here is my running-config:

!
version 12.4
no service pad
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
!
hostname C851W
!
boot-start-marker
boot-end-marker
!
enable secret 5 {PASSWORD}
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 10.100.50.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00
!
crypto pki trustpoint TP-self-signed-711961210
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-711961210
 revocation-check none
 rsakeypair TP-self-signed-711961210
!
!
crypto pki certificate chain TP-self-signed-711961210
 certificate self-signed 01
  {DELETED}
      quit
dot11 syslog
!
dot11 ssid SSID-LAN
   vlan 1
   authentication open eap eap_methods
   authentication network-eap eap_methods
!
dot11 ssid SSID-GUEST
   vlan 20
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 {PASSWORD}
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.100.50.1 10.100.50.10
ip dhcp excluded-address 192.168.2.97 192.168.2.98
!
ip dhcp pool internal-net
   import all
   network 10.100.50.0 255.255.255.0
   default-router 10.100.50.1
   domain-name mydomain.com
   lease 4
!
ip dhcp pool VLAN20
   import all
   network 192.168.2.96 255.255.255.248
   domain-name mydomain.com
   default-router 192.168.2.97
   lease 4
!
!
ip cef
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ip domain lookup
ip domain name mydomain.com
ip multicast-routing
ip ddns update method sdm_ddns1
 HTTP
  add [URL unfurl="true"]http://{username}:{password}@members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=<a>&host_id=<h>[/URL]
  remove [URL unfurl="true"]http://{username}:{password}@members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=<a>&host_id=<h>[/URL]
!
!
!
!
username {Router login} privilege 15 secret 5 {PASSWORD}
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface FastEthernet4
 ip address dhcp
 ip access-group Internet-inbound-ACL in
 ip inspect MYFW out
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1460
 duplex auto
 speed auto
 no cdp enable
!
interface Dot11Radio0
 no ip address
 no dot11 extension aironet
 !
 encryption vlan 20 mode ciphers tkip
 !
 encryption vlan 1 mode wep mandatory
 !
 ssid SSID-LAN
 !
 ssid SSID-GUEST
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2412
 station-role root
 no cdp enable
!
interface Dot11Radio0.1
 description internal wireless LAN
 encapsulation dot1Q 1 native
 ip nat inside
 ip virtual-reassembly
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
 description Guest Wireless LAN - routed WLAN
 encapsulation dot1Q 20
 ip access-group Guest-ACL in
 ip inspect MYFW out
 ip nat inside
 ip virtual-reassembly
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface Vlan1
 description internal network
 no ip address
 ip nat inside
 ip virtual-reassembly
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Vlan20
 description guest network
 no ip address
 ip nat inside
 ip virtual-reassembly
 bridge-group 2
 bridge-group 2 spanning-disabled
!
interface BVI1
 description Bridge to Internal Network
 ip address 10.100.50.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface BVI2
 description Bridge to Guest-WAN network
 ip address 192.168.2.97 255.255.255.248
 ip nat inside
 ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 dhcp
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 10.100.50.5 57129 interface FastEthernet4 57129
ip nat inside source static tcp 10.100.50.5 29671 interface FastEthernet4 29671
ip nat inside source static tcp 10.100.50.5 4711 interface FastEthernet4 4711
ip nat inside source static tcp 10.100.50.5 85 interface FastEthernet4 85
ip nat inside source static tcp 10.100.50.5 80 interface FastEthernet4 80
ip nat inside source static udp 10.100.50.5 7 interface FastEthernet4 7
!
ip access-list extended Guest-ACL
 deny   ip any 10.100.50.0 0.0.0.255
 permit ip any any
ip access-list extended Internet-inbound-ACL
 permit udp any eq bootps any eq bootpc
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any traceroute
 permit gre any any
 permit esp any any
!
access-list 1 permit 192.168.2.96 0.0.0.7
access-list 1 permit 10.100.50.0 0.0.0.255
radius-server local
  nas 10.100.50.1 key 7 {PASSWORD 2}
  user user1 nthash 7 {PASSWORD}
!
radius-server host 10.100.50.1 auth-port 1812 acct-port 1813 key 7 {PASSWORD 2}
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
banner login CCCCC
-----------------------------------------------------------------------

       This is a private network. No unauthorised access

   If you are not authorised to use this equipment you must

                   DISCONNECT IMMEDIATELY

-----------------------------------------------------------------------

!
line con 0
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 120 0
 transport input ssh
!
scheduler max-task-time 5000
sntp server 158.43.128.33
sntp source-interface FastEthernet4
end

If anyone has any suggestions or ideas, I'd be most grateful if they could share.

Many thanks

W

 

[woter324]

Hi,

One this I forgot to mention, a lot of the forums suggest changing the wireless channel. I have tried channels 1 thru 5:
2412

2417

2422

2427

2432

With a reboot of the router and phone between each change.

Thanks again.