dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1730
benny532017
join:2012-11-19

benny532017

Member

Cisco 871w as AP with 831 as main router -strange home setup

To Post:
________

Hi all,

I have a few questions as a Cisco newbie. Let me first introduce by explaining what I've been doing. I want to do a CCNA, but I want work to pay for it. That's not happening just yet so I thought I'd teach myself the basics.

I have at home a Netgear route and Netgear AP. I have a Cisco 871w and Cisco 831. I want to use the 871w as an AP and the 831 as the router to replicate the Netgear setup.

The configs for the two devices I have posted below for reference. My questions are as follows:

Is my AP config for the 871w as simple as it can be? I realise that Cisco is powerful and many additional extras can be added, but I would like to know if there is anything obviously missing/not the done thing in the config.

Then same question for the 831.

Then the strange business: when I use the Cisco 871w with Netgear router the system seems to work fine. When I add in the 831 I get some strange behaviour - like 25% ping failure to 8.8.8.8 and WLAN connection keeps dropping/failing.... like the 871w is stopping my authenticating... Seems odd, I would have thought it would either work or not.

The thing that strikes me is that the 871w is set with the bvi1 interface set at 192.168.1.10 and the 831 is set to give out addresses via dhcp from a pool, with .0 - .30 excluded. What I don't understand is how this works with the Netgear router, or for that matter with the 831 some of the time.

Admittedly, whilst I do understand most of the configuration these are bodged together from stuff online, but this is the only way I have managed to get a semi-working setup so far. I will be experimenting until I thoroughly understand the configs. I must admit, I am not clear why there is NAT(/PAT) going on on the 871w - cant the vlan1, bvi1 and dot11 interfaces just bridge and that achieve what an AP does?

You help is much appreciated!

------------------

Config for 871w:

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
aaa session-id common
!
dot11 ssid
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0
!
ip cef
no ip bootp server
no ip domain lookup
!
no spanning-tree vlan 1
username privilege 15 password 7
archive
log config
hidekeys
!
bridge irb
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
no cdp enable
spanning-tree portfast
no shutdown
!
interface FastEthernet4
no ip address
ip virtual-reassembly
shutdown
duplex auto
speed auto
no shutdown
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no shutdown
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
ip address 192.168.1.10 255.255.255.0
ip virtual-reassembly
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip nat inside source route-map nonat interface FastEthernet4 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end

---------------------------------

Config for 831:

no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RT1
!
boot-start-marker
boot-end-marker
!
enable secret
enable password
!
no aaa new-model
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool insideDHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 4.2.2.5 4.2.2.6 4.2.2.66
!
!
!
!
!
!
!
!
!
interface Ethernet0
description LAN (4 L2 switch ports)
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no cdp enable
no shutdown
!
interface Ethernet1
description WAN (facing cable modem)
ip address dhcp
ip verify unicast source reachable-via rx allow-default 100
ip nat outside
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip mroute-cache
no cdp enable
no shutdown
!
interface FastEthernet1
no ip address
duplex auto
speed auto
no shutdown
!
interface FastEthernet2
no ip address
duplex auto
speed auto
no shutdown
!
interface FastEthernet3
no ip address
duplex auto
speed auto
no shutdown
!
interface FastEthernet4
no ip address
duplex auto
speed auto
no shutdown
!
ip classless
!
ip nat inside source list 1 interface Ethernet1 overload
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password user
login
!
scheduler max-task-time 5000
end
aryoba
MVM
join:2002-08-22

aryoba

MVM

said by benny532017:

I have at home a Netgear route and Netgear AP. I have a Cisco 871w and Cisco 831. I want to use the 871w as an AP and the 831 as the router to replicate the Netgear setup.

The 831 is an old router and the 871w is an aging one. If I were you I would use my most powerful router as a home network router while keeping less-powerful router as lab router. This way the less-powerful router won't be a bottleneck for the actual (production) network traffic flow.

In regards of sample configuration, check out this forum's FAQ to get ideas. Good luck with your CCNA studies
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to benny532017

MVM

to benny532017
said by benny532017:

I want to use the 871w as an AP and the 831 as the router to replicate the Netgear setup.

Any particular reason why you're splitting the functionality between the 831 and the 871W? The 871W can
do everything on it's own.

I'm going to need some time to look at your configs. For now, do you have good connectivity wired into the 831?
The only whacko thing I see is this

interface Ethernet1
ip verify unicast source reachable-via rx allow-default 100
 

I messed with ip verify awhile back, generally found it not that useful for WAN interfaces that get assigned
by DHCP.

Also, did you intend to do double natting on the 871w towards the 831, because that's what this does

ip nat inside source route-map nonat interface FastEthernet4 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
 

Regards
benny532017
join:2012-11-19

benny532017

Member

Thanks hellfire,

I'll adjust those bits and look at the config with a clear head.

The reason the functionality is split is because my house is has old thick walls so the WiLAN radio needs to be in the centre and my broadband presentation is on one side. There are Ethernet over power devices between the two Ciscos. Apologies, I should have put that in the initial post.

Aryoba, thanks for the advice - I do realize the 831 is old, but surely this doesn't mean bin it? It should still work. I have a Cisco 2811 kicking around too which could take its place I guess but this seems like it would be overkill - I mean for one thing I don't know where I'd put it as I don't have a rack at home.

Thanks for your help guys, I'll report back when I have a bit more time to play.

B
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to benny532017

MVM

to benny532017
How fast is your internet? 831's rated for around 5Mbps, while the 2811 can do maybe 25Mbps with services on.

Regards