877W - cannot talk wireless device to wireless device

Hi,

I have just replaced my 837 and AP350 with an integrated 877W and it all works fine except that I can no longer ping or communicate between any two wireless hosts. Wired LAN devices can ping wireless devices and wireless devices can ping wired LAN devices.

The problem it causes me is that my printers are wireless and I cannot print at the moment. I have a very simple config bridging the wireless and VLAN1, see below.

I assume this is a new security feature but I can't find a way around it, has anybody seen this before?

IOS version: c870-advsecurityk9-mz.123-8.YI1.bin

Many thanks,

Nick Ersdown

version 12.3 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router ! boot-start-marker boot-end-marker ! logging buffered 16000 debugging enable secret ! username privilege 15 password aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local aaa session-id common ip subnet-zero ip cef ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip domain name no ftp-server write-enable ! ! ! bridge irb ! ! interface ATM0 no ip address no ip mroute-cache no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address duplex full speed 100 ! interface FastEthernet3 no ip address ! interface Dot11Radio0 no ip address no ip route-cache cef no ip route-cache ! encryption key 1 size 128bit 7 transmit-key encryption mode wep mandatory ! ssid authentication open authentication shared ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0

48.0 54.0 channel least-congested 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 bridge-group 1 bridge-group 1 spanning-disabled ! interface Vlan1 description $FW_INSIDE$ no ip address ip virtual-reassembly no ip mroute-cache bridge-group 1 hold-queue 40 out ! interface Dialer0 description Connects to ISP ip address ip mtu 1492 ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly encapsulation ppp no ip route-cache cef no ip route-cache ip tcp adjust-mss 1452 no ip mroute-cache dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password 7 ! interface BVI1 description $ES_LAN$ ip address 192.168.x.x 255.255.255.0 ip access-group 101 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server ip http secure-server ip nat inside source list 100 interface Dialer0 overload ! dialer-list 1 protocol ip permit ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 exec-timeout 0 0 logging synchronous no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all stopbits 1 line vty 0 4 access-class 23 in password 7 logging synchronous transport preferred all transport input all transport output all ! scheduler max-task-time 5000 end
Reply to
Nick Ersdown
Loading thread data ...

Hi Nick, I have the same problem see post below, I posted this on the

26/10/2005, and anyway we think we have found the reason.

As the problem resides on a remote office router we have made the changes this weekend but cannot test until Monday morning.

I'll try to explain the theory:

The problem is to do with the IP addressing on the wireless interface on the router, you'll have a pool of IP's assigning your wireless and wired devices (the same pool), except the wireless interface will be on a different subnet.

I hope this will point you in the right direction. Please let me know if you get it working today and how you did it, as we cannot test our fix until tomorrow morning.

Craig.

Reply to
corb

Post access-list 101

Reply to
Merv

Does removing interface VLAN 1 make any difference ?

Reply to
Merv

Reply to
martin

Reply to
martin

Further to Craigs reply we have just tested the changes and we can now ping between devices. What I did was delete the SSID that was set-up using the express set-up and then using PDM reconfigure from the Express Wireless Security tab in bridging mode. This than gave the interface an address on the same subnet and it seems to have done the trick.

Reply to
martin

Many thanks to both you and Craig for your help. I just tried that...

deleted the ssid created by SDM express and recreated it via Express Wireless Security and now it all works.

What I see different under cli is the addition of these lines now:

interface Dot11Radio0 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding

I have just had a quick look but haven't yet identified which command cured the problem.

I guess SDM express has a little bug in it.

Many thanks,

Nick Ersdown

Reply to
Nick Ersdown

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.