please help: 871w wireless config

[Pra3tor1an]

I've been working on this using the SDM for a while. I've set up the SSID to broad cast and WPA encryption. However, when I set up the SSID, it forced me to choose and IP address. The IP of my internal network is 192.168.69.1. Hosts connectd to the the wireless cannot communicate with each other. However, they can obtain a DHCP address and communicate with the router. Would someone please tell me what I'm doing wrong and how to fix this? Thanks in advance. My running config is as follows:

Building configuration...

Current configuration : 6486 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO871W-SMS-NC
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$vHVp$ITwchNzpM0JEkvlEydaDK/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.69.1 192.168.69.99
!
ip dhcp pool sdm-pool1
import all
network 192.168.69.0 255.255.255.0
dns-server 66.0.214.14 207.230.75.34
default-router 192.168.69.1
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name SMS-NC
ip name-server 66.0.214.14
ip name-server 207.230.75.34
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-2202461748
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2202461748
revocation-check none
rsakeypair TP-self-signed-2202461748
!
!
crypto pki certificate chain TP-self-signed-2202461748
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323032 34363137 3438301E 170D3032 30333031 30303039
32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32303234
36313734 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BFEA 8810141E AAD55C39 860DBCCD ED1930F9 65726CB3 7019B167 2C57BC5C
6932B665 8EAFFF44 5409B2E5 AFBEDFD6 F4DC251F C3A82A72 96FACCCF E6131144
2A134A22 F8B6F4C0 47C1E77F 681102A9 EB317980 22475EE1 31946AFD D781C9A6
EB708BF2 2C60DEE8 75AC8982 298F72BB BC64DEF2 5F662024 BFFDE9DF BD8A29DC
FAF70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17434953 434F3837 31572D53 4D532D4E 432E534D 532D4E43
301F0603 551D2304 18301680 1410CA7A D736D6F3 0A97636D 50603ECC BE2EBDB6
58301D06 03551D0E 04160414 10CA7AD7 36D6F30A 97636D50 603ECCBE 2EBDB658
300D0609 2A864886 F70D0101 04050003 81810048 57A2D726 FA7198A3 D460D885
DB88134E 1888FFE4 A68E505F A79C19DC C8E75FA3 35369FAA 2795467A 09D54924
1F37D640 BF8CF585 07423591 0F68D16F C380E166 576755A7 4F82E136 E9EE696A
144CB279 73BE9615 0D8526D0 D11E5F15 84394025 9E86CFBA B9D7E610 616A100B
CA2C2A68 F6E5D803 B7464756 03A6B56A 45A005
quit
username administrator privilege 15 secret 5 $1$8A2B$547Dx3fGnYalle4QH1vrX/
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address 209.168.233.114 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
ip address 192.168.70.1 255.255.255.0
!
broadcast-key change 900
!
!
encryption mode ciphers tkip
!
ssid SMS-NC
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 051B551D70411D1D4A1700425B0817
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.69.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.69.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 209.168.233.112 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 207.230.75.34 eq domain host 209.168.233.114
access-list 101 permit udp host 66.0.214.14 eq domain host 209.168.233.114
access-list 101 deny ip 192.168.69.0 0.0.0.255 any
access-list 101 permit icmp any host 209.168.233.114 echo-reply
access-list 101 permit icmp any host 209.168.233.114 time-exceeded
access-list 101 permit icmp any host 209.168.233.114 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

[burtsbees]

ACL 100 is inbound to the router from the internal LAN, and this statement
access-list 100 deny ip host 255.255.255.255 any
is causing the problem I think.

Burt

 

[Pra3tor1an]

Thanks, Burt. I'm going to try that. Funny thing, I was able to connect to the wireless hosts from my laptop today here at work, once we tested. I could not do so last night wiht the same config at home. Strange. I'm assuming the rest of my config is working since the hosts are getting DHCP addresses, and can now communicate.