Options
Cant ping host on same subnet ?
shaunebop
Member Posts: 29 ■□□□□□□□□□
HI all, this 877w is proving to be a real pain in the rear,the problem this time is that i have 2 pc's connected to the 877w ssid MooMoo, they both connect to the router with no problem and can access the internet and also my server on fa0 but i cant access any files,shares or even ping from host to host on the wireless laptops even though there in the same subnet.
I know it's not a firewall issue or that it's a problem with the pc's as the same setup works perfect on my little netgear jobby.
If anyone can run there eyes over my config below and show me where im going wrong that would be great.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 877w
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$kJdC$fgWnKH68k/kXC93kv0Q5B/
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.0.33 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
!
aaa session-id common
!
dot11 ssid MooMoo
vlan 1
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
!
dot11 ssid leachers
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxx
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.33
ip dhcp excluded-address 192.168.0.35
ip dhcp excluded-address 192.168.0.36
ip dhcp excluded-address 192.168.0.38
ip dhcp excluded-address 192.168.0.34
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool shaun
network 192.168.0.32 255.255.255.240
default-router 192.168.0.33
dns-server 62.24.199.23
!
ip dhcp pool guest-vlan2
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 62.24.199.13
!
!
ip domain name xxxxxxxxxxxxxxxxxxx
ip name-server 62.24.199.13
ip name-server 62.24.199.23
ip ssh time-out 30
ip ssh port 2001 rotary 1
ip ssh logging events
ip ssh version 2
ip ddns update method DynDNS
HTTP
add http:/xxxxxxxxxxxxxxxxxxxxx.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxxxxxxxx.com&myip=<a>
remove http://xxxxxxxxxxxxx.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxxxxxxx.com&myip=<a>
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3665536970
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3665536970
revocation-check none
rsakeypair TP-self-signed-3665536970
!
!
crypto pki certificate chain TP-self-signed-3665536970
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363635 35333639 3730301E 170D3032 30333031 30333437
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363535
33363937 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C542 5C51F2EF 3E8A4D06 58A08EB1 39315887 70205568 BA90DAF4 F5B18915
192666EE CF1D48A4 DB2C9474 C52D6032 6271203A 4A317739 9BAD28BF 80E90122
6010C01A 9E3E784B 57579D2A E277A19F 8C2938BC 997D757E 8A81FE66 5FE3B46F
3DA1006C 23DD516D 5E9B8A60 0783A4A7 A12AECEB 8071F75B 441F64B0 A31135C4
8D3D0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B383737 772E7368 61756E65 626F702E 6973612D 6765656B
2E636F6D 301F0603 551D2304 18301680 1490A7BC 0F8A9454 34982AFB 2120251E
6D667E82 19301D06 03551D0E 04160414 90A7BC0F 8A945434 982AFB21 20251E6D
667E8219 300D0609 2A864886 F70D0101 04050003 81810009 47C2FE5B 987806CD
279C0140 0AD4F05F 520036B8 2361106D 800721C7 CBB8823A 4767C618 B778D214
3CD40DCC E61C3D3C A8ED094C 3FC3BC92 41FF46A2 DFB17F98 888BFE29 B87D7DFA
24FD5825 077164E0 C7E37E39 DA6756D5 27603B76 08BAE0B1 7C0AFCAE D716FD25
A2405507 E4B4E1C0 CC3F7932 FEF3378E 5D135862 9A3231
quit
!
!
username xxxxxxx privilege 15 secret 5 $1$j8q0$mHmLuujpKN1N2mn54/dmz.
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
description FREENAS-SERVER
spanning-tree portfast
!
interface FastEthernet1
!
interface FastEthernet2
description LAB-LINK
switchport mode trunk
!
interface FastEthernet3
description XBOX-LINK
spanning-tree portfast
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
broadcast-key change 300 membership-termination
!
!
ssid MooMoo
!
ssid leachers
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit left
antenna gain 3
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
ip nat inside
ip virtual-reassembly
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface Dialer0
mtu 1452
ip ddns update hostname xxxxxxxxxxxxxxxxxxxxxx
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxx
!
interface BVI1
ip address 192.168.0.33 255.255.255.240
ip nat inside
ip virtual-reassembly
!
interface BVI2
description vlan 2 network
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
redistribute static
network 10.0.0.0
network 192.168.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.38 2001 interface Dialer0 2001
ip nat inside source static tcp 192.168.0.33 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.38 xxxxx interface Dialer0 xxxx
ip nat inside source static tcp 192.168.0.36 xxxx interface Dialer0 xxxx
ip nat inside source static tcp 192.168.0.36 1723 interface Dialer0 1723
ip nat inside source static udp 192.168.0.33 123 interface Dialer0 123
!
access-list 1 permit 192.168.0.32 0.0.0.15
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
radius-server local
nas 192.168.0.33 key 0 xxxxxxxxxxx
user xxxxx nthash 0 452789A016B8865A77A2B70C68E50D30
user xxxxxx nthash 0 452789A016B8865A77A2B70C68E50D30
!
radius-server host 192.168.0.33 auth-port 1812 acct-port 1813 key xxxxxxxxx
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
banner login
************************************************
* 877w NO UNAUTHERIZED USERS *
************************************************
!
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 30 0
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
ntp server 139.143.5.30 source Dialer0
end
I know it's not a firewall issue or that it's a problem with the pc's as the same setup works perfect on my little netgear jobby.
If anyone can run there eyes over my config below and show me where im going wrong that would be great.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 877w
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$kJdC$fgWnKH68k/kXC93kv0Q5B/
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.0.33 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
!
aaa session-id common
!
dot11 ssid MooMoo
vlan 1
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
!
dot11 ssid leachers
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxx
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.33
ip dhcp excluded-address 192.168.0.35
ip dhcp excluded-address 192.168.0.36
ip dhcp excluded-address 192.168.0.38
ip dhcp excluded-address 192.168.0.34
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool shaun
network 192.168.0.32 255.255.255.240
default-router 192.168.0.33
dns-server 62.24.199.23
!
ip dhcp pool guest-vlan2
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 62.24.199.13
!
!
ip domain name xxxxxxxxxxxxxxxxxxx
ip name-server 62.24.199.13
ip name-server 62.24.199.23
ip ssh time-out 30
ip ssh port 2001 rotary 1
ip ssh logging events
ip ssh version 2
ip ddns update method DynDNS
HTTP
add http:/xxxxxxxxxxxxxxxxxxxxx.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxxxxxxxx.com&myip=<a>
remove http://xxxxxxxxxxxxx.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxxxxxxx.com&myip=<a>
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3665536970
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3665536970
revocation-check none
rsakeypair TP-self-signed-3665536970
!
!
crypto pki certificate chain TP-self-signed-3665536970
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363635 35333639 3730301E 170D3032 30333031 30333437
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363535
33363937 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C542 5C51F2EF 3E8A4D06 58A08EB1 39315887 70205568 BA90DAF4 F5B18915
192666EE CF1D48A4 DB2C9474 C52D6032 6271203A 4A317739 9BAD28BF 80E90122
6010C01A 9E3E784B 57579D2A E277A19F 8C2938BC 997D757E 8A81FE66 5FE3B46F
3DA1006C 23DD516D 5E9B8A60 0783A4A7 A12AECEB 8071F75B 441F64B0 A31135C4
8D3D0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B383737 772E7368 61756E65 626F702E 6973612D 6765656B
2E636F6D 301F0603 551D2304 18301680 1490A7BC 0F8A9454 34982AFB 2120251E
6D667E82 19301D06 03551D0E 04160414 90A7BC0F 8A945434 982AFB21 20251E6D
667E8219 300D0609 2A864886 F70D0101 04050003 81810009 47C2FE5B 987806CD
279C0140 0AD4F05F 520036B8 2361106D 800721C7 CBB8823A 4767C618 B778D214
3CD40DCC E61C3D3C A8ED094C 3FC3BC92 41FF46A2 DFB17F98 888BFE29 B87D7DFA
24FD5825 077164E0 C7E37E39 DA6756D5 27603B76 08BAE0B1 7C0AFCAE D716FD25
A2405507 E4B4E1C0 CC3F7932 FEF3378E 5D135862 9A3231
quit
!
!
username xxxxxxx privilege 15 secret 5 $1$j8q0$mHmLuujpKN1N2mn54/dmz.
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
description FREENAS-SERVER
spanning-tree portfast
!
interface FastEthernet1
!
interface FastEthernet2
description LAB-LINK
switchport mode trunk
!
interface FastEthernet3
description XBOX-LINK
spanning-tree portfast
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
broadcast-key change 300 membership-termination
!
!
ssid MooMoo
!
ssid leachers
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit left
antenna gain 3
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
ip nat inside
ip virtual-reassembly
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface Dialer0
mtu 1452
ip ddns update hostname xxxxxxxxxxxxxxxxxxxxxx
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxx
!
interface BVI1
ip address 192.168.0.33 255.255.255.240
ip nat inside
ip virtual-reassembly
!
interface BVI2
description vlan 2 network
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
redistribute static
network 10.0.0.0
network 192.168.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.38 2001 interface Dialer0 2001
ip nat inside source static tcp 192.168.0.33 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.38 xxxxx interface Dialer0 xxxx
ip nat inside source static tcp 192.168.0.36 xxxx interface Dialer0 xxxx
ip nat inside source static tcp 192.168.0.36 1723 interface Dialer0 1723
ip nat inside source static udp 192.168.0.33 123 interface Dialer0 123
!
access-list 1 permit 192.168.0.32 0.0.0.15
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
radius-server local
nas 192.168.0.33 key 0 xxxxxxxxxxx
user xxxxx nthash 0 452789A016B8865A77A2B70C68E50D30
user xxxxxx nthash 0 452789A016B8865A77A2B70C68E50D30
!
radius-server host 192.168.0.33 auth-port 1812 acct-port 1813 key xxxxxxxxx
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
banner login
************************************************
* 877w NO UNAUTHERIZED USERS *
************************************************
!
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 30 0
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
ntp server 139.143.5.30 source Dialer0
end
Oh no iv'e got brain freeze again!
Comments
-
Optionsmikem2te
Member Posts: 407
I had a similar problem yesterday, unable to ping hosts on a new wireless network. It turned out to be the computers.
My symptoms were spot on with you, I could access the internet but not other hosts on the WiFi. To debug I entered the 'arp -a' on the Windows machines, there were entries for the other hosts connecting to the Wifi proving there was layer 2 connectivity between all the hosts. That only left layer 3 and above, turning off the firewalls on Windows allowed me to ping the other hosts:). Later I fine tuned the computers firewalls to allow exactly what I wanted.
I think Windows keeps SSID/network specific firewall settings which by default are strict. May explain why the netgear all is fine but with the new wifi everything is locked down.Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route