Solved: 871w Wireless WAN

Red Taco · ‎01-19-2016

I'm using an 871w to route between some physical switches and some virtual networks. I have a Fortigate (not pictured) that hands out DHCP for a guest WLAN and goes directly out to the internet - I'd like to connect the 871 to that network use it as the default route for my lab networks. Is that possible? If so, can someone help me with the config, please?

The 871 is connected to the physical switches on Fa0 with VLAN1 using 172.16.1.254. The WAN/Fa4 port is connected to the Hyper-V manager on 172.30.1.1/30. I'm hoping Dot11Radio0 can be 192.168.10.254 and I can use ip route 0.0.0.0 0.0.0.0 192.168.10.1 (Fortigate).

Philip D'Ath · ‎01-21-2016

I would not expect cross vendor bridging to work reliably, if at all. Change to using only one vendor for the bridge link if you want to stand a chance of getting it working.

View solution in original post

Philip D'Ath · ‎01-19-2016

Could you perhaps post the Cisco 871 config you have managed to do so far.

Red Taco · ‎01-20-2016

Hi, thanks. At the time of the initial post I hadn't attempted to configure the wireless but since then I've made some attempts but I've been unsuccessful. Everything between the physical/virtual works fine - I just can't make the wireless work.

LAB-C871-R0#sh run
Building configuration...

Current configuration : 1401 bytes
!
! Last configuration change at 02:04:01 UTC Fri Mar 1 2002
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LAB-C871-R0
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Q1ZP$q6oRmtvf6AWpuUPX7Papu1
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid CCGuest
authentication open
wpa-psk ascii 7 XXXX
!
ip source-route
!
!
ip cef
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 172.30.1.1 255.255.255.252
duplex auto
speed auto
!
interface Dot11Radio0
ip address dhcp
!
encryption mode ciphers aes-ccm
!
ssid CCGuest
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root
!
interface Vlan1
ip address 172.16.1.254 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 172.30.10.0 255.255.255.0 172.30.1.2
ip route 172.30.20.0 255.255.255.0 172.30.1.2
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
password 7 XXXX
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 XXXX
logging synchronous
login
transport input all
!
end

I since tried adding infrastructure-ssid beneath dot11 ssid CCGuest with no change. This is the only error I am receiving:

*Mar 1 01:32:05.840: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd response from 2ea4.3c04.ac39 channel 1 3848

These are Ubiquity APs I'm trying to connect to - maybe the limitation is there? I can't see any advanced options that would allow or restrict a bridged AP. I'll start looking in that direction for now.

Thanks!

Philip D'Ath · ‎01-20-2016

As long as your Ubiquity APs are two bridging, and are in the correct VLAN then you wont have any layer 3 issues. Bridging is done at layer 2 without concern for IP addresses.

Are you also trying to configure the 871W access point to bridge to one of the VLANs? It appears to be not configured in the above config, so I'm not sure if this is part of what you want or not.

Red Taco · ‎01-21-2016

No, and actually "bridging" isn't quite what I'm after - I just want to form a wireless point-to-point connection with one of the Unify APs so I can route my lab networks to the Internet through the Guest WLAN. I do actually tag the Guest WLAN with VLAN50 - I tried applying vlan 50 under dot11 with no change but I'm not sure I applied it in the correct place.

I was able to view some real-time logs from the APs that show the 871 just being "disassociated" every 90 or so seconds with no details. I'm working on a way to see some more information on that end as well.

Red Taco · ‎01-21-2016

Here, I tried adding vlan 50 but the radio interface doesn't even attempt to connect until I remove the statement. Am I applying it incorrectly or is it just not needed in this scenario?

LAB-C871-R0(config)#dot11 ssid CCGuest
LAB-C871-R0(config-ssid)#vlan 50
LAB-C871-R0(config-ssid)#int dot11radio0
LAB-C871-R0(config-if)#do terminal monitor
LAB-C871-R0(config-if)#no shut
LAB-C871-R0(config-if)#
*Mar 1 22:38:42.529: %DOT11-4-NO_SSID: No SSID configured. Dot11Radio0 not started.
LAB-C871-R0(config-if)#
*Mar 1 22:38:42.533: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
LAB-C871-R0(config-if)#exit
LAB-C871-R0(config)#dot11 ssid CCGuest
LAB-C871-R0(config-ssid)#no vlan 50
LAB-C871-R0(config-ssid)#
*Mar 1 22:43:50.467: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No Response
LAB-C871-R0(config-ssid)#
*Mar 1 22:43:55.472: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd response from 2aa4.3c04.ac39 ch
annel 1 3828
LAB-C871-R0(config-ssid)#int dot11rad 0
LAB-C871-R0(config-if)#shut

Thanks!

Philip D'Ath · ‎01-21-2016

I would not expect cross vendor bridging to work reliably, if at all. Change to using only one vendor for the bridge link if you want to stand a chance of getting it working.

Red Taco · ‎01-22-2016

Ok. Thanks for taking a look!

Red Taco · ‎01-20-2016

Just after my last post I got the following console messages:

LAB-C871-R0#
*Mar 1 01:43:46.075: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
LAB-C871-R0#
*Mar 1 01:44:27.084: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Received deauthenticate (11) 11