Jump to content
chaplinis

Configuring WDS between two APs

Recommended Posts

hello, I would like to ask for some help here... I tried all the steps to configure 2 Aps

(Cisco ap1130AG and a Cisco 861W embedded ap), using the procedure describe on cisco website.

I want the two APs to connect and provide roaming to users.., the AP 1130 is the WDS AP.

the embedded AP (embedded in the router 861W) is the Infrastructure AP. they are configured

and you can see that the WDS is established between them and I use my pc to connect to the WDS

AP and It works... but when I moved close to the other AP (embedded AP) the pc does not roam!!!

It all looks fine but there is no roaming... I would like to ask for some help I will show the

config of both devices, and the show commands.. thanks...

 

WDS AP 1130AG (IP:10.0.0.252):

CISCO1130AG#sho run

Building configuration...

 

Current configuration : 2932 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname CISCO1130AG

!

logging rate-limit console 9

enable secret 5 $1$hVh.$o.YXRY0gnK9ti6nnPHN6V0

!

aaa new-model

!

!

aaa group server radius InfraAP

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa group server radius Clients

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa authentication login APList group InfraAP

aaa authentication login WirelessClients group Clients

!

aaa session-id common

!

!

dot11 syslog

!

dot11 ssid Cisco ISR 2.4Ghz

authentication open eap WirelessClients

authentication key-management wpa version 2

guest-mode

!

!

!

username Cisco password 7 047802150C2E

username daninigr privilege 15 secret 5 $1$YoKD$C3M42.iiFJJRJUfqku44T/

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid Cisco ISR 2.4Ghz

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption mode ciphers tkip

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.0.0.252 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.0.1

ip http server

no ip http secure-server

ip http help-path

Hidden Content

    Give reaction to this post to see the hidden content.

radius-server local

no authentication mac

nas 10.0.0.252 key 7 0802455D0A16

nas 10.0.0.254 key 7 0802455D0A16

user CISCO1130AG nthash 7 0529502A751F1B584057434753585D0979067C126C704621422258067A000A005F

user CISCO861AP nthash 7 106C5F3C5144475A55567E7E7C7C6A16703153375A53037F0C720D5E20404F0D09

user CISCO1242AG nthash 7 04795D235B72191F504B51424A5F5527780970096A67773553375A517501010705

user Andres nthash 7 075678681E5D385D45375859540F0D020A176D7A315243225170787970752C524A

user Daniel nthash 7 12405C33425F2D5C780E777D6310043525325B59740C0D720428223935787A0601

user Invitado nthash 7 135C4E365B58257279017B66650735213427590E7B0D06755E2539377A79750200

!

radius-server host 10.0.0.252 auth-port 1812 acct-port 1813 key 7 01300F175804

bridge 1 route ip

!

!

wlccp ap username CISCO1130AG password 7 123A0C041104

wlccp authentication-server infrastructure APList

wlccp authentication-server client any WirelessClients

ssid Cisco ISR 2.4Ghz

wlccp wds priority 255 interface BVI1

!

line con 0

line vty 0 4

!

end

 

CISCO1130AG#

CISCO1130AG#sho wlc

CISCO1130AG#sho wlccp wds ap

HOSTNAME MAC-ADDR IP-ADDR STATE

CISCO861AP 0025.8469.2bbc 10.0.0.254 REGISTERED

CISCO1130AG 001e.7abe.4632 10.0.0.252 REGISTERED

CISCO1130AG#sho wlccp wds

MAC: 001e.7abe.4632, IP-ADDR: 10.0.0.252 , Priority: 255

Interface BVI1, State: Administratively StandAlone - ACTIVE

AP Count: 2 , MN Count: 0

CISCO1130AG#sho wlccp ap

WDS = 001e.7abe.4632, 10.0.0.252

state = wlccp_ap_st_registered

IN Authenticator = 10.0.0.252

MN Authenticator = 10.0.0.252

CISCO1130AG#sho ip int bri

Interface IP-Address OK? Method Status Protocol

BVI1 10.0.0.252 YES NVRAM up up

Dot11Radio0 unassigned YES NVRAM up up

Dot11Radio1 unassigned YES NVRAM reset down

FastEthernet0 unassigned YES NVRAM up up

CISCO1130AG#

 

 

INFRASTRUCTURE AP 861AP(embedded AP, Ip :10.0.0.254):

CISCO861AP#sho run

Building configuration...

 

Current configuration : 2481 bytes

!

! Last configuration change at 11:43:20 EST Mon Mar 8 1993

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO861AP

!

!

logging rate-limit console 9

enable secret 5 $1$I421$KUZhZ7bzBEx3GOOWgvxEr.

!

aaa new-model

!

!

aaa group server radius InfraAP

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa group server radius Clients

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa authentication login APList group InfraAP

aaa authentication login WirelessClients group Clients

!

!

!

!

!

aaa session-id common

clock timezone EST -5 0

clock summer-time EDT recurring

no ip cef

no ip domain lookup

!

!

!

!

dot11 syslog

!

dot11 ssid Cisco ISR 2.4Ghz

vlan 4

authentication open eap WirelessClients

authentication key-management wpa version 2

guest-mode

!

!

!

!

username cisco privilege 15 secret 5 $1$58Jw$9hNBnT0thhiFocDY05S.Q.

username daninigr privilege 15 secret 5 $1$Y2in$NCeo5LwjqTOdo3QJo/2Gs/

!

!

!

bridge irb

!

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid Cisco ISR 2.4Ghz

!

antenna gain 0

station-role root

!

interface Dot11Radio0.4

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.4

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!

interface BVI1

ip address 10.0.0.254 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.0.1

ip forward-protocol nd

ip http server

no ip http secure-server

ip http help-path

Hidden Content

    Give reaction to this post to see the hidden content.

!

!

radius-server host 10.0.0.252 auth-port 1812 acct-port 1813 key Cisco

!

bridge 1 protocol ieee

bridge 1 route ip

!

!

wlccp ap username CISCO861AP password 0 Cisco

wlccp authentication-server infrastructure APList

wlccp authentication-server client any WirelessClients

ssid Cisco ISR 2.4Ghz

wlccp wds priority 250 interface BVI1

!

line con 0

privilege level 15

no activation-character

line vty 0 4

transport input all

!

end

 

CISCO861AP# sho wlc

CISCO861AP# sho wlccp wds

MAC: 0025.8469.2bbc, IP-ADDR: 10.0.0.254 , IPV6-ADDR: :: , Priority: 250

Interface BVI1, State: BACKUP

Currently ACTIVE WDS - MAC: 001e.7abe.4632, Priority: 255, IP-ADDR: 10.0.0.252

CISCO861AP# sho wlccp wds ap

HOSTNAME MAC-ADDR IP-ADDR IPV6-ADDR STATE

CISCO861AP# sho wlccp ap

WDS = 001e.7abe.4632, IP: 10.0.0.252 , IPV6: ::

state = wlccp_ap_st_registered

IN Authenticator = IP: 10.0.0.252 IPV6: ::

MN Authenticator = IP: 10.0.0.252 IPv6:

CISCO861AP#sho ip int bri

Interface IP-Address OK? Method Status Protocol

BVI1 10.0.0.254 YES NVRAM up up

Dot11Radio0 unassigned YES NVRAM up up

Dot11Radio0.4 unassigned YES unset up up

GigabitEthernet0 unassigned YES NVRAM up up

GigabitEthernet0.4 unassigned YES unset up up

CISCO861AP#

 

I would like to know why the Aps dont roam when everything looks to be working...

they can ping each other also... the embedded ap has a vlan 4 because the interface GigabitEthernet0.4

its an internal interface between the router 861W and the embedded ap.

 

just in case you need it I will also copy the config on the router:

 

CISCO861W#sho run

Building configuration...

 

Current configuration : 6303 bytes

!

! Last configuration change at 01:56:37 UTC Mon Mar 17 2014 by daninigr

version 15.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO861W

!

boot-start-marker

boot system flash c860-universalk9-mz.153-2.T.bin

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

memory-size iomem 10

!

crypto pki trustpoint TP-self-signed-825017310

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-825017310

revocation-check none

rsakeypair TP-self-signed-825017310

!

!

crypto pki certificate chain TP-self-signed-825017310

certificate self-signed 01

3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 38323530 31373331 30301E17 0D303230 34313631 38303435

395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3832 35303137

33313030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

C42D6B75 070E0AF3 2CF5A9F8 50A33A0B 2E36D422 0842FA85 E6467757 C9346609

A4D8CB4F 5F8E7FE1 62F900CD 2495F0AD 7BC42CC3 C8FC45FB 50ED8744 D2BB890A

46B92840 F07E990A B4FAD871 3EDB0CDB D4FE70F2 96A4BA13 E043EC35 2C1324A1

C75F2AE5 D8E4EFCB E8737122 61548930 DEE3942E C5B2A29A 4772E64F B4D4FDED

02030100 01A37830 76300F06 03551D13 0101FF04 05300301 01FF3023 0603551D

11041C30 1A821843 4953434F 38363157 2E796F75 72646F6D 61696E2E 636F6D30

1F060355 1D230418 30168014 1F51CD31 25D56DA7 B6115337 71CEB229 48A44B99

301D0603 551D0E04 1604141F 51CD3125 D56DA7B6 11533771 CEB22948 A44B9930

0D06092A 864886F7 0D010104 05000381 81005C4A 1DFD0C4B E54D9AF8 87152C50

B0B093B0 95206110 473D394E 79A233AC 8730F186 0D91DED5 AA6C055A 7F346C26

F3966051 B3A2AA68 8752862E 8D60F529 848FF6CD 9D9F6B3A 631C8439 A78C9B9A

38C57643 A4DBF2C3 07154BA2 84A0CC96 2120407B B09EAE91 692CD05E D527E540

A1F10C6E D6C7D165 E04300F3 D1A71A48 48D6

quit

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.0.0.1

!

ip dhcp pool Wire_Users

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.200.241.37 24.201.245.77

lease 5 12

!

ip dhcp pool Wireless_Users

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

dns-server 24.200.241.37 24.201.245.77

lease 5 12

!

!

!

!

ip domain name CISCO861W.com

ip name-server 24.200.241.37

ip name-server 24.201.245.77

ip name-server 24.201.243.189

ip cef

no ipv6 cef

!

!

!

flow record nbar-mon

description NBAR flow monitor

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

match application name

collect datalink mac source address input

collect datalink mac destination address input

collect routing destination as

collect routing next-hop address ipv4

collect ipv4 id

collect ipv4 source prefix

collect ipv4 source mask

collect ipv4 destination mask

collect transport tcp source-port

collect transport tcp destination-port

collect transport tcp flags

collect transport udp source-port

collect transport udp destination-port

collect interface output

collect flow direction

collect flow sampler

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

!

!

flow exporter export-to-andrew

description Flexible NFv9

destination 10.10.10.3

source FastEthernet4

transport udp 9996

template data timeout 60

option interface-table timeout 60

option exporter-stats timeout 60

option application-table timeout 60

!

!

flow monitor andrew-mon

description app traffic analysis

exporter export-to-andrew

cache timeout active 60

record nbar-mon

!

license udi pid CISCO861W-GN-A-K9 sn FTX1320807R

!

!

archive

log config

hidekeys

username daninigr privilege 15 password 0 daninigr

!

!

!

class-map match-any block-traffic

match protocol skype

match protocol gnutella

match protocol bittorrent

match protocol edonkey

!

policy-map block-traffic

class block-traffic

flow monitor andrew-mon

!

!

!

!

!

!

bridge irb

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

description CONEXION TV-PC

no ip address

!

interface FastEthernet2

description CONEXION CISCO1242AG

switchport access vlan 4

no ip address

!

interface FastEthernet3

description CONEXION CISCO1130AG

switchport access vlan 4

no ip address

!

interface FastEthernet4

description CONEXION WAN

ip address dhcp

ip flow monitor andrew-mon input

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan4

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport trunk native vlan 4

switchport mode trunk

no ip address

!

interface Vlan1

description WIRE_USERS

ip address 10.10.10.1 255.255.255.0

ip flow monitor andrew-mon input

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan4

description WIRELESS_USERS

ip address 10.0.0.1 255.255.255.0

ip flow monitor andrew-mon input

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list NAT_WIRELESS_USERS interface FastEthernet4 overload

ip nat inside source list NAT_WIRE_USERS interface FastEthernet4 overload

!

ip access-list standard NAT_WIRELESS_USERS

permit 10.0.0.0 0.0.0.255

ip access-list standard NAT_WIRE_USERS

permit 10.10.10.0 0.0.0.255

!

snmp-server community public RW 23

snmp-server host 10.10.10.3 version 2c public

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.0.0.0 0.0.0.255

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

login local

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

!

end

 

CISCO861W#sho cdp ne

CISCO861W#sho cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID Local Intrfce Holdtme Capability Platform Port ID

CISCO1130AG Fas 3 132 T I AIR-AP113 Fas 0

CISCO861W.com

wlan-ap0 177 R S I 861 wlan-ap0

CISCO1242AG Fas 2 147 T I AIR-AP124 Fas 0

CISCO861AP WGi 0 168 T I AP801GN-A Gig 0

CISCO861W#

 

 

Daniel.

  • Like 1

Share this post


Link to post
Share on other sites

hello, I would like to ask for some help here... I tried all the steps to configure 2 Aps

(Cisco ap1130AG and a Cisco 861W embedded ap), using the procedure describe on cisco website.

I want the two APs to connect and provide roaming to users.., the AP 1130 is the WDS AP.

the embedded AP (embedded in the router 861W) is the Infrastructure AP. they are configured

and you can see that the WDS is established between them and I use my pc to connect to the WDS

AP and It works... but when I moved close to the other AP (embedded AP) the pc does not roam!!!

It all looks fine but there is no roaming... I would like to ask for some help I will show the

config of both devices, and the show commands.. thanks...

 

WDS AP 1130AG (IP:10.0.0.252):

CISCO1130AG#sho run

Building configuration...

 

Current configuration : 2932 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname CISCO1130AG

!

logging rate-limit console 9

enable secret 5 $1$hVh.$o.YXRY0gnK9ti6nnPHN6V0

!

aaa new-model

!

!

aaa group server radius InfraAP

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa group server radius Clients

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa authentication login APList group InfraAP

aaa authentication login WirelessClients group Clients

!

aaa session-id common

!

!

dot11 syslog

!

dot11 ssid Cisco ISR 2.4Ghz

authentication open eap WirelessClients

authentication key-management wpa version 2

guest-mode

!

!

!

username Cisco password 7 047802150C2E

username daninigr privilege 15 secret 5 $1$YoKD$C3M42.iiFJJRJUfqku44T/

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid Cisco ISR 2.4Ghz

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption mode ciphers tkip

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.0.0.252 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.0.1

ip http server

no ip http secure-server

ip http help-path

Hidden Content

    Give reaction to this post to see the hidden content.

radius-server local

no authentication mac

nas 10.0.0.252 key 7 0802455D0A16

nas 10.0.0.254 key 7 0802455D0A16

user CISCO1130AG nthash 7 0529502A751F1B584057434753585D0979067C126C704621422258067A000A005F

user CISCO861AP nthash 7 106C5F3C5144475A55567E7E7C7C6A16703153375A53037F0C720D5E20404F0D09

user CISCO1242AG nthash 7 04795D235B72191F504B51424A5F5527780970096A67773553375A517501010705

user Andres nthash 7 075678681E5D385D45375859540F0D020A176D7A315243225170787970752C524A

user Daniel nthash 7 12405C33425F2D5C780E777D6310043525325B59740C0D720428223935787A0601

user Invitado nthash 7 135C4E365B58257279017B66650735213427590E7B0D06755E2539377A79750200

!

radius-server host 10.0.0.252 auth-port 1812 acct-port 1813 key 7 01300F175804

bridge 1 route ip

!

!

wlccp ap username CISCO1130AG password 7 123A0C041104

wlccp authentication-server infrastructure APList

wlccp authentication-server client any WirelessClients

ssid Cisco ISR 2.4Ghz

wlccp wds priority 255 interface BVI1

!

line con 0

line vty 0 4

!

end

 

CISCO1130AG#

CISCO1130AG#sho wlc

CISCO1130AG#sho wlccp wds ap

HOSTNAME MAC-ADDR IP-ADDR STATE

CISCO861AP 0025.8469.2bbc 10.0.0.254 REGISTERED

CISCO1130AG 001e.7abe.4632 10.0.0.252 REGISTERED

CISCO1130AG#sho wlccp wds

MAC: 001e.7abe.4632, IP-ADDR: 10.0.0.252 , Priority: 255

Interface BVI1, State: Administratively StandAlone - ACTIVE

AP Count: 2 , MN Count: 0

CISCO1130AG#sho wlccp ap

WDS = 001e.7abe.4632, 10.0.0.252

state = wlccp_ap_st_registered

IN Authenticator = 10.0.0.252

MN Authenticator = 10.0.0.252

CISCO1130AG#sho ip int bri

Interface IP-Address OK? Method Status Protocol

BVI1 10.0.0.252 YES NVRAM up up

Dot11Radio0 unassigned YES NVRAM up up

Dot11Radio1 unassigned YES NVRAM reset down

FastEthernet0 unassigned YES NVRAM up up

CISCO1130AG#

 

 

INFRASTRUCTURE AP 861AP(embedded AP, Ip :10.0.0.254):

CISCO861AP#sho run

Building configuration...

 

Current configuration : 2481 bytes

!

! Last configuration change at 11:43:20 EST Mon Mar 8 1993

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO861AP

!

!

logging rate-limit console 9

enable secret 5 $1$I421$KUZhZ7bzBEx3GOOWgvxEr.

!

aaa new-model

!

!

aaa group server radius InfraAP

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa group server radius Clients

server 10.0.0.252 auth-port 1812 acct-port 1813

!

aaa authentication login APList group InfraAP

aaa authentication login WirelessClients group Clients

!

!

!

!

!

aaa session-id common

clock timezone EST -5 0

clock summer-time EDT recurring

no ip cef

no ip domain lookup

!

!

!

!

dot11 syslog

!

dot11 ssid Cisco ISR 2.4Ghz

vlan 4

authentication open eap WirelessClients

authentication key-management wpa version 2

guest-mode

!

!

!

!

username cisco privilege 15 secret 5 $1$58Jw$9hNBnT0thhiFocDY05S.Q.

username daninigr privilege 15 secret 5 $1$Y2in$NCeo5LwjqTOdo3QJo/2Gs/

!

!

!

bridge irb

!

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid Cisco ISR 2.4Ghz

!

antenna gain 0

station-role root

!

interface Dot11Radio0.4

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.4

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!

interface BVI1

ip address 10.0.0.254 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.0.1

ip forward-protocol nd

ip http server

no ip http secure-server

ip http help-path

Hidden Content

    Give reaction to this post to see the hidden content.

!

!

radius-server host 10.0.0.252 auth-port 1812 acct-port 1813 key Cisco

!

bridge 1 protocol ieee

bridge 1 route ip

!

!

wlccp ap username CISCO861AP password 0 Cisco

wlccp authentication-server infrastructure APList

wlccp authentication-server client any WirelessClients

ssid Cisco ISR 2.4Ghz

wlccp wds priority 250 interface BVI1

!

line con 0

privilege level 15

no activation-character

line vty 0 4

transport input all

!

end

 

CISCO861AP# sho wlc

CISCO861AP# sho wlccp wds

MAC: 0025.8469.2bbc, IP-ADDR: 10.0.0.254 , IPV6-ADDR: :: , Priority: 250

Interface BVI1, State: BACKUP

Currently ACTIVE WDS - MAC: 001e.7abe.4632, Priority: 255, IP-ADDR: 10.0.0.252

CISCO861AP# sho wlccp wds ap

HOSTNAME MAC-ADDR IP-ADDR IPV6-ADDR STATE

CISCO861AP# sho wlccp ap

WDS = 001e.7abe.4632, IP: 10.0.0.252 , IPV6: ::

state = wlccp_ap_st_registered

IN Authenticator = IP: 10.0.0.252 IPV6: ::

MN Authenticator = IP: 10.0.0.252 IPv6:

CISCO861AP#sho ip int bri

Interface IP-Address OK? Method Status Protocol

BVI1 10.0.0.254 YES NVRAM up up

Dot11Radio0 unassigned YES NVRAM up up

Dot11Radio0.4 unassigned YES unset up up

GigabitEthernet0 unassigned YES NVRAM up up

GigabitEthernet0.4 unassigned YES unset up up

CISCO861AP#

 

I would like to know why the Aps dont roam when everything looks to be working...

they can ping each other also... the embedded ap has a vlan 4 because the interface GigabitEthernet0.4

its an internal interface between the router 861W and the embedded ap.

 

just in case you need it I will also copy the config on the router:

 

CISCO861W#sho run

Building configuration...

 

Current configuration : 6303 bytes

!

! Last configuration change at 01:56:37 UTC Mon Mar 17 2014 by daninigr

version 15.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO861W

!

boot-start-marker

boot system flash c860-universalk9-mz.153-2.T.bin

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

memory-size iomem 10

!

crypto pki trustpoint TP-self-signed-825017310

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-825017310

revocation-check none

rsakeypair TP-self-signed-825017310

!

!

crypto pki certificate chain TP-self-signed-825017310

certificate self-signed 01

3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 38323530 31373331 30301E17 0D303230 34313631 38303435

395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3832 35303137

33313030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

C42D6B75 070E0AF3 2CF5A9F8 50A33A0B 2E36D422 0842FA85 E6467757 C9346609

A4D8CB4F 5F8E7FE1 62F900CD 2495F0AD 7BC42CC3 C8FC45FB 50ED8744 D2BB890A

46B92840 F07E990A B4FAD871 3EDB0CDB D4FE70F2 96A4BA13 E043EC35 2C1324A1

C75F2AE5 D8E4EFCB E8737122 61548930 DEE3942E C5B2A29A 4772E64F B4D4FDED

02030100 01A37830 76300F06 03551D13 0101FF04 05300301 01FF3023 0603551D

11041C30 1A821843 4953434F 38363157 2E796F75 72646F6D 61696E2E 636F6D30

1F060355 1D230418 30168014 1F51CD31 25D56DA7 B6115337 71CEB229 48A44B99

301D0603 551D0E04 1604141F 51CD3125 D56DA7B6 11533771 CEB22948 A44B9930

0D06092A 864886F7 0D010104 05000381 81005C4A 1DFD0C4B E54D9AF8 87152C50

B0B093B0 95206110 473D394E 79A233AC 8730F186 0D91DED5 AA6C055A 7F346C26

F3966051 B3A2AA68 8752862E 8D60F529 848FF6CD 9D9F6B3A 631C8439 A78C9B9A

38C57643 A4DBF2C3 07154BA2 84A0CC96 2120407B B09EAE91 692CD05E D527E540

A1F10C6E D6C7D165 E04300F3 D1A71A48 48D6

quit

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.0.0.1

!

ip dhcp pool Wire_Users

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.200.241.37 24.201.245.77

lease 5 12

!

ip dhcp pool Wireless_Users

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

dns-server 24.200.241.37 24.201.245.77

lease 5 12

!

!

!

!

ip domain name CISCO861W.com

ip name-server 24.200.241.37

ip name-server 24.201.245.77

ip name-server 24.201.243.189

ip cef

no ipv6 cef

!

!

!

flow record nbar-mon

description NBAR flow monitor

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

match application name

collect datalink mac source address input

collect datalink mac destination address input

collect routing destination as

collect routing next-hop address ipv4

collect ipv4 id

collect ipv4 source prefix

collect ipv4 source mask

collect ipv4 destination mask

collect transport tcp source-port

collect transport tcp destination-port

collect transport tcp flags

collect transport udp source-port

collect transport udp destination-port

collect interface output

collect flow direction

collect flow sampler

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

!

!

flow exporter export-to-andrew

description Flexible NFv9

destination 10.10.10.3

source FastEthernet4

transport udp 9996

template data timeout 60

option interface-table timeout 60

option exporter-stats timeout 60

option application-table timeout 60

!

!

flow monitor andrew-mon

description app traffic analysis

exporter export-to-andrew

cache timeout active 60

record nbar-mon

!

license udi pid CISCO861W-GN-A-K9 sn FTX1320807R

!

!

archive

log config

hidekeys

username daninigr privilege 15 password 0 daninigr

!

!

!

class-map match-any block-traffic

match protocol skype

match protocol gnutella

match protocol bittorrent

match protocol edonkey

!

policy-map block-traffic

class block-traffic

flow monitor andrew-mon

!

!

!

!

!

!

bridge irb

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

description CONEXION TV-PC

no ip address

!

interface FastEthernet2

description CONEXION CISCO1242AG

switchport access vlan 4

no ip address

!

interface FastEthernet3

description CONEXION CISCO1130AG

switchport access vlan 4

no ip address

!

interface FastEthernet4

description CONEXION WAN

ip address dhcp

ip flow monitor andrew-mon input

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan4

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport trunk native vlan 4

switchport mode trunk

no ip address

!

interface Vlan1

description WIRE_USERS

ip address 10.10.10.1 255.255.255.0

ip flow monitor andrew-mon input

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan4

description WIRELESS_USERS

ip address 10.0.0.1 255.255.255.0

ip flow monitor andrew-mon input

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list NAT_WIRELESS_USERS interface FastEthernet4 overload

ip nat inside source list NAT_WIRE_USERS interface FastEthernet4 overload

!

ip access-list standard NAT_WIRELESS_USERS

permit 10.0.0.0 0.0.0.255

ip access-list standard NAT_WIRE_USERS

permit 10.10.10.0 0.0.0.255

!

snmp-server community public RW 23

snmp-server host 10.10.10.3 version 2c public

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.0.0.0 0.0.0.255

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

login local

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

!

end

 

CISCO861W#sho cdp ne

CISCO861W#sho cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID Local Intrfce Holdtme Capability Platform Port ID

CISCO1130AG Fas 3 132 T I AIR-AP113 Fas 0

CISCO861W.com

wlan-ap0 177 R S I 861 wlan-ap0

CISCO1242AG Fas 2 147 T I AIR-AP124 Fas 0

CISCO861AP WGi 0 168 T I AP801GN-A Gig 0

CISCO861W#

 

 

Daniel.

Y is not the controller used in your case !

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...