Cisco 871w Wireless help

[john80]

My Current setup--

Cable Internet Modem --> Smoothwall Firewall --> Secure Home Wired Network 192.168.1.0/24 (No Problems)
|
|

Purple Wireless Network (172.28.1.0/16)
|
|
Cisco 871W for Wireless WPA (10.146.1./16)


So far this is what I can do. From the Cisco 871W I can ping the Internet from the Cisco device itself and reach outside Internet addresses. I can connect to the wireless network Cisco and get a 10.146.1.0/16 ip address.

Once connected to the wireless network I can ping the 10.146.1.1 gateway. I cannot ping anything on the outside Internet i.e yahoo.com. I'm not sure really what else to try as I don't have much experience with this device.

Any help would be very much appreciated.

Thank you,

Current configuration : 1672 bytes



Config---------
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.146.0.0 10.146.1.5
!
ip dhcp pool wireless
network 10.0.0.0 255.0.0.0
default-router 172.28.1.1
!
!
ip name-server 208.67.222.222
no ip ips deny-action ips-interface
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 172.28.1.5 255.255.0.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid Cisco
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 **************
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
!
interface BVI1
ip address 10.146.1.1 255.255.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.28.1.1
!
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

 

[unclerico]

Three things:
1) Your smoothwall is performing NAT services so your 871 doesn't need to. Remove ip nat outside from your f4 interface
2) under your vlan1 SVI, add bridge-group 1
3) adjust your dhcp pool to be network 10.146.0.0 255.255.0.0, default-router 10.146.1.1, dns-server 10.146.1.1

try those things and post back with any issues.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[john80]

Thank you for your response. I went ahead and made the changes. Still I cannot connect to the Internet. Any additional suggestions would be very much appreciated.

 

[unclerico]

ok, can you post your updated config?? does your firewall have a route back to the 10.146/16 network??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[imbadatthis]

you mentioned you can ping the gateway from the wireless client. how about 192.168.1.0 network (your router)?

interface FastEthernet4
ip address 172.28.1.5 255.255.0.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid Cisco
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 **************
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
!
interface BVI1
ip address 10.146.1.1 255.255.0.0
!

originally your NAT statements were not correct. You were missing:

int bvi1
ip nat inside
!
ip nat inside source list 1 interface vlan1 overload
!
access-list 1 permit 10.146.1.0 0.0.0.255

I believe after removing nat commands per unclerico that now you are running into a route issue.

if you can add routes go for that as trouble shooting would be easier than having to go through multiple translation tables, in the future that is


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[imbadatthis]

*oops
that should be :

int vlan1
ip nat inside

and the nat command should be:
ip nat inside source list 1 interface fa4 overload

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.