Cisco 881W Router Config Woes

LinuxRacr

Hello all, I snagged a Cisco 881W router recently, and tonight hooked up a console cable, and fired up PuTTy to it to see what's on it. The problem I'm having is that when it boots up, it is getting stuck, and not moving any further. I want to recover the password, but I am at a loss. Any break sequence I tried has failed to stop the boot up. I am a Cisco newbie, so keep that in mind. Any ideas?

computer g33k

The IOS might be corrupted.

Lizano

Your problem may be PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

This means the config contains the command no service password-recovery, which means you cant get into ROMMON. See this link:

The no service password-recovery Command for Secure ROMMON Configuration Example - Cisco Systems

LinuxRacr

I would try that if it would accept any break sequence commands from my PuTTY session. Here is a visual of where it is getting stuck:

LinuxRacr

Figured it out... Found the right break sequence of keys to use.... Router has been reset to factory settings...

LinuxRacr

Also for anyone needing to setup their 881W router, I found a couple of tutorials:

Dissecting The Cisco 881w ISR

Cisco 880W (881W, 886W, 887W, 888W) Multiple - Dual SSID Integrated Access Point Configuration

Scurvy Jake's Pirate Blog » Configuring a Cisco 881W

netwknewbie

LinuxRacr wrote: »

Figured it out... Found the right break sequence of keys to use.... Router has been reset to factory settings...

Can you tell me what the sequence is? I am having same troubles.

LinuxRacr

Ctrl+Pause/Break Key for PuTTy terminal.

This link has some break sequences for other terminal programs:

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml

LinuxRacr

I finally was able to do the initial configuration for my 881W. Here are the configurations of both the router, and the internal access points:

Router:

881W-R1#show running-config
Building configuration...

Current configuration : 4111 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 881W-R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 someencryptedpassword
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!

ip source-route
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.200 10.10.10.254
ip dhcp excluded-address 192.168.1.1 192.168.1.200
!
ip dhcp pool myDHCPpool
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 10.10.10.1 255.255.255.0
!
ip dhcp pool GuestPool
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.1 255.255.255.0
!
!
ip cef
ip domain name somedomain.net
ip name-server 68.94.156.1
ip name-server 68.94.157.1
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
username someuser privilege 15 secret 5 someencryptedpassword
!
!
!
archive
 log config
  hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
 switchport access vlan 11
!
interface FastEthernet1
 switchport access vlan 11
!
interface FastEthernet2
 switchport access vlan 12
!
interface FastEthernet3
 switchport access vlan 12
!
interface FastEthernet4
 description ISP Connection
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface wlan-ap0
 description Service module to manage the enbedded AP
 ip unnumbered Vlan11
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 switchport mode trunk
!
interface Vlan1
 no ip address
!
interface Vlan11
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan12
 description Guest Vlan
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 75.30.252.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 11 interface FastEthernet4 overload
!
access-list 11 permit 10.10.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
 password 7 someencryptedpassword
 logging synchronous
 login
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
line vty 0 4
 password 7 someencryptedpassword
 login
 transport input ssh
!
scheduler max-task-time 5000
end

The Internal Wireless AP:

881W-AP#show run
Building configuration...

Current configuration : 4176 bytes
!
! Last configuration change at 20:23:44 UTC Thu Apr 20 1905 by someuser
! NVRAM config last updated at 20:27:33 UTC Thu Apr 20 1905 by someuser
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 881W-AP
!
enable secret 5 someencryptedpassword
!
no aaa new-model
!
!
dot11 vlan-name vlan11 vlan 11
dot11 vlan-name vlan12 vlan 12
!
dot11 ssid CatchVirusHere
   vlan 11
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 someencryptedpassword
!
dot11 ssid WantVirus
   vlan 12
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 someencryptedpassword
!
!
!
username someuser privilege 15 secret 5 someencryptedpassword
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 11 mode ciphers aes-ccm
 !
 encryption vlan 12 mode ciphers aes-ccm
 !
 ssid CatchVirusHere
 !
 ssid WantVirus
 !
 mbssid
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m1. m2. m3. m4. m8. m9. m10. m11. m12. m13. m14. m15.
 channel 2462
 station-role root
!
interface Dot11Radio0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!
interface Dot11Radio0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface GigabitEthernet0
 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
 no ip address
 no ip route-cache
!
interface GigabitEthernet0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 11
 no bridge-group 11 source-learning
 bridge-group 11 spanning-disabled
!
interface GigabitEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 no bridge-group 12 source-learning
 bridge-group 12 spanning-disabled
!
interface BVI1
 ip address 10.10.10.3 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.10.10.1
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
line con 0
 privilege level 15
 password 7 someencryptedpassword
 logging synchronous
 login local
 no activation-character
line vty 0 4
 password 7 someencryptedpassword
 logging synchronous
 login local
!
end

LinuxRacr

Output from wireless connection testing this evening with both SSID's. It looks like I'm going to have to figure out why my first SSID isn't giving out an IP address anymore...

881W-AP#
Apr 21 02:25:57.182: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0014.ab15.1abc2 Reason: Sending station has left the BSS
881W-AP#
Apr 21 02:26:14.778: %DOT11-6-ASSOC: Interface Dot11Radio0, Station WIN7 0014.ab15.1abc2 Associated KEY_MGMT[WPAv2 PSK]
881W-AP#
Apr 21 02:26:27.246: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   54321.caba.d00d Associated KEY_MGMT[WPAv2 PSK]
881W-AP#show dot11 associations

802.11 Client Stations on Dot11Radio0:

SSID [CatchVirusHere] :

MAC Address    IP address      Device        Name            Parent         State
0014.ab15.1abc2 0.0.0.0         ccx-client    WIN7          self           Assoc

SSID [WantVirus] :

MAC Address    IP address      Device        Name            Parent         State
54321.caba.d00d 192.168.1.201   unknown       -               self           Assoc

881W-AP#show dot11 associations

802.11 Client Stations on Dot11Radio0:

SSID [CatchVirusHere] :

MAC Address    IP address      Device        Name            Parent         State
0014.ab15.1abc2 169.254.240.3   ccx-client    WIN7          self           Assoc

SSID [WantVirus] :

MAC Address    IP address      Device        Name            Parent         State
54321.caba.d00d 192.168.1.201   unknown       -               self           Assoc

881W-AP#

LinuxRacr

I may have time to try this on the weekend: VPN Configuration

LinuxRacr

Got my hands on the latest IOS versions for the router and the AP side of things. Upgrade time!

phoeneous

How much did the 881w cost you?

LinuxRacr

I found it on Craigslist for $250.

LinuxRacr

It seems I can't get my BVI interface to stay up...

881W-AP#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.10.10.3      YES manual down                  down
Dot11Radio0                unassigned      YES NVRAM  up                    up
Dot11Radio0.11             unassigned      YES unset  up                    up
Dot11Radio0.12             unassigned      YES unset  up                    up
GigabitEthernet0           unassigned      YES NVRAM  up                    up
GigabitEthernet0.11        unassigned      YES unset  up                    up
GigabitEthernet0.12        unassigned      YES unset  up                    up

ciscoman2012

LinuxRacr wrote: »

It seems I can't get my BVI interface to stay up...

881W-AP#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.10.10.3      YES manual down                  down
Dot11Radio0                unassigned      YES NVRAM  up                    up
Dot11Radio0.11             unassigned      YES unset  up                    up
Dot11Radio0.12             unassigned      YES unset  up                    up
GigabitEthernet0           unassigned      YES NVRAM  up                    up
GigabitEthernet0.11        unassigned      YES unset  up                    up
GigabitEthernet0.12        unassigned      YES unset  up                    up

Well, I finally got mine working and up and running. I initially had my one antenna connected to the middle antenna connecter labeled (C) and just switched it to (A). The signal increased tremendously...but I'm still going to order 2 more just to have all three.

Only weird problem I'm having deals with the fact that I am consoled into my access server. When I am in the AP part of the 881W and use keystroke CTRL+SHIFT+6 and X in order to go back to the normal 881W configuration; it takes me back to my access server. So, in order to switch between both modes of the 881W (AP and the switch/router configuration) I need to directly connect it into my computer via serial cable. This is quite a hassle or am I missing something ?

LinuxRacr

I found an easier way to switch back. Just hit return on the command line (without a command), and it will take you back to the AP side of things.

ciscoman2012

LinuxRacr wrote: »

I found an easier way to switch back. Just hit return on the command line (without a command), and it will take you back to the AP side of things.

Wait but it's the other way around. I'm on the AP side wanting to go back to the normal non-AP mode lol. If I hit enter in AP mode it does nothing. If I was in the normal mode I think one keystroke of enter would jump me back to the AP side.

This is quite annoying hah!

LinuxRacr

Right. That's what I'm saying. I misunderstood it seems.

ciscoman2012

Just figured it out...

You do CTRL+SHIFT+6 and then release. Do it a second time and release. Then push X. It should **** you back to the access server.

Damn, I learn something new everyday. Just end up spending a bit more time on Google than I'd like

LinuxRacr

Interesting. I didn't know about that. I was just doing a CTRL+6 to go from the AP to back to the router-side. Then after I finished some commands, I would just do a blank ENTER to get back.

ciscoman2012

LinuxRacr wrote: »

Interesting. I didn't know about that. I was just doing a CTRL+6 to go from the AP to back to the router-side. Then after I finished some commands, I would just do a blank ENTER to get back.

Correct so it sounds that your serial cable is connected directly to your PC from the 881W. Mine is connected to an access server which is connected to PC.

LinuxRacr

I'm using the DiGi CM32 for my access server. It uses straight through network cable for the console connections.

ciscoman2012

LinuxRacr wrote: »

I'm using the DiGi CM32 for my access server. It uses straight through network cable for the console connections.

Hmm maybe because it's not Cisco based and uses a different command for jump back to home instead of the CTRL SHIFT 6 like Cisco devices use. I don't know.

thehourman

Do you know if that router supports 802.11n?
I know it supports .11n draft, but not sure if it supports .11n.

LinuxRacr

thehourman wrote: »

Do you know if that router supports 802.11n?
I know it supports .11n draft, but not sure if it supports .11n.

I haven't tested the 802.11n specs yet.

LinuxRacr

Ok, I finally got this thing up and running with a firewall configured, and traffic segregated properly with zones. Next I'll be setting up VPN. Here is my current config:


Host Router:

R1-881W#show run
Building configuration...

Current configuration : 9221 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname R1-881W
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 xxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1234567890
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1234567890
 revocation-check none
 rsakeypair TP-self-signed-1234567890
!
!
crypto pki certificate chain TP-self-signed-1234567890
 certificate self-signed 01
  <SOMECERT>
        quit
no ip source-route
!
!
ip dhcp excluded-address 172.16.1.1 172.16.1.200
ip dhcp excluded-address 192.168.12.200 192.168.12.254
!
ip dhcp pool Private
   import all
   network 172.16.1.0 255.255.255.0
   default-router 172.16.1.1
   dns-server 172.16.1.1 255.255.255.0
!
ip dhcp pool Guest
   network 192.168.12.0 255.255.255.0
   default-router 192.168.12.1
   dns-server 192.168.12.1 255.255.255.0
!
!
ip cef
no ip bootp server
ip domain name lab.local
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip name-server 8.8.8.8
login block-for 120 attempts 5 within 60
login delay 3
!
no ipv6 cef
!
multilink bundle-name authenticated
parameter-map type regex ccp-regex-nonascii
 pattern [^\x00-\x80]

!
!
username somebloke privilege 15 secret 5 xxxxxxxxxxxxxxx
!
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh version 2
!
class-map type inspect match-any SDM_BOOTPC
 match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
 match class-map SDM_BOOTPC
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-any sdm-cls-bootps
 match protocol bootps
class-map type inspect match-any GUEST-TO-SELF_CMAP
 match access-group name SDM_BOOTPC
 match protocol icmp
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all GUEST-TO-OUTSIDE_CMAP
 match access-group name GUEST-TO-OUTSIDE_ACL
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
 match access-group 101
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect sdm-cls-bootps
  pass
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect GUEST-TO-SELF_PMAP
 class type inspect GUEST-TO-SELF_CMAP
 class class-default
  drop
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class type inspect ccp-sip-inspect
  inspect
 class type inspect ccp-h323-inspect
  inspect
 class type inspect ccp-h323annexe-inspect
  inspect
 class type inspect ccp-h225ras-inspect
  inspect
 class type inspect ccp-h323nxg-inspect
  inspect
 class type inspect ccp-skinny-inspect
  inspect
 class class-default
  drop
policy-map type inspect ccp-permit
 class type inspect SDM_DHCP_CLIENT_PT
  pass
 class class-default
  drop
policy-map type inspect GUEST-TO-OUTSIDE_PMAP
 class type inspect GUEST-TO-OUTSIDE_CMAP
  inspect
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone security guest-zone
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
zone-pair security ccp-zp-guest-out source guest-zone destination out-zone
 service-policy type inspect GUEST-TO-OUTSIDE_PMAP
zone-pair security GUEST-TO-SELF source guest-zone destination self
 service-policy type inspect GUEST-TO-SELF_PMAP
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description ISP Connection$FW_OUTSIDE$
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
 no cdp enable
!
interface wlan-ap0
 description Service module to manage the enbedded AP
 ip unnumbered Vlan1
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 switchport mode trunk
!
interface Vlan1
 description $FW_INSIDE$
 ip address 172.16.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
interface Vlan11
 description $FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
!
interface Vlan12
 description Guest Vlan$FW_INSIDE$
 ip address 192.168.12.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security guest-zone
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source list NAT_ALLOWED interface FastEthernet4 overload
!
ip access-list extended GUEST-TO-OUTSIDE_ACL
 permit ip 192.168.12.0 0.0.0.255 any
ip access-list extended NAT_ALLOWED
 permit ip 172.16.1.0 0.0.0.255 any
 permit ip 192.168.12.0 0.0.0.255 any
ip access-list extended SDM_BOOTPC
 remark CCP_ACL Category=0
 permit udp any any eq bootpc
!
logging trap debugging
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
no cdp run

!
!
!
!
!
control-plane
!
banner login ^CWarning!  Authorized Access Only!^C
!
line con 0
 password 7 xxxxxxxxxxxxxxx
 logging synchronous
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
line vty 0 4
 password 7 xxxxxxxxxxxxxxx
 transport input telnet ssh
 transport output telnet
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Wireless AP

AP-881W#show run
Building configuration...

Current configuration : 2636 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP-881W
!
enable secret 5 xxxxxxxxxxxxxxx
!
no aaa new-model
!
!
dot11 vlan-name vlan1 vlan 1
dot11 vlan-name vlan12 vlan 12
!
dot11 ssid GetVirus
   vlan 12
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxx
dot11 ssid GiveVirus
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxx
!
!
!
username someschmoe privilege 15 secret 5 xxxxxxxxxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 11 mode ciphers aes-ccm
 !
 encryption vlan 12 mode ciphers aes-ccm
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 ssid GetVirus
 !
 ssid GiveVirus
 !
 mbssid
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m8. m9. m10. m11. m12. m13. m14. m15.
 channel 2462
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface GigabitEthernet0
 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
 no ip address
 no ip route-cache
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 no bridge-group 12 source-learning
 bridge-group 12 spanning-disabled
!
interface BVI1
 ip address 172.16.1.2 255.255.255.0
 no ip route-cache
!
ip default-gateway 172.16.1.1
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
line con 0
 password 7 xxxxxxxxxxxxxxx
 logging synchronous
 login
 no activation-character
line vty 0 4
 password 7 xxxxxxxxxxxxxxx
 logging synchronous
 login
 transport input ssh
 transport output ssh
!
end

LinuxRacr

VPN Server successfully configured. Now I can access my lab remotely!

thehourman

Any update about the .11n draft part if it can be upgraded to standard .11n.

LinuxRacr

Not yet. I don't have any 80211.n-capable devices in my network...

itorian

Yeah I had the same problem, last friday. Now if I can just get this device up and running. Anybody know if it can replace a time warner modem?