Devices in the same subnet cannot ping each other

I apologize for approaching you all in this manner but I have an
issue that I must resolve urgently. I am sure that it will be a very small
issue for you. I am at my wits end and that why I am posting here

 

I have installed a Cisco 1941w router and the router acts as
a DHCP server to all networks (including WiFi). Users can all browse the
internet and the users that are connected to the Cisco switches can all connect
to one another.



The issue is that devices that are connected wirelessly can browse the internet
but are unable to connect to one another (ping) or to other devices on the
other 4 networks. The default gateway that is set by the DHCP option is VLAN 1
(172.16.1.1) while the BVI1 interface has 172.16.1.31 (dhcp) IP address.



Lastly, I don't know if the issues are connected with the interface
Embedded-Service-Engine0/0 (I don't know what it does) which is in an up state
but protocol down state.

 

I will appreciate any comments.

Thank you

Comments

  • What IP address range do the wireless clients have assigned? Is the gateway in the correct subnet (same as the clients)?

    Can the wired clients reach the other subnets? It sounds like the DHCP server should hand out the .31 address so that the wireless traffic could be bridged onto other subnets. It's strange that Internet traffic is going through if the other traffic is not, proxy ARP?

  •  

     Also, what VLANs are the other 4 networks in. If you can post a config it would help....

  • I thank you both for the time reading and responding to this issue.

    Here is the config of the embedded AP in the 1941w

     

    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !

    !
    !
    no aaa new-model

    !
    !
    dot11 syslog
    !
    dot11 ssid WLAN
    vlan 1
    authentication open
    authentication key-management wpa
    mbssid guest-mode
    wpa-psk ascii 0 test
    !
    !
    !
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 1 mode ciphers tkip
    !
    broadcast-key vlan 1 change 30
    !
    !
    ssid WLAN
    !
    antenna gain 0
    mbssid
    station-role root access-point
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio1
    no ip address
    no ip route-cache
    !
    encryption vlan 1 mode ciphers tkip
    !
    broadcast-key vlan 1 change 30
    !
    !
    ssid WLAN
    !
    antenna gain 0
    dfs band 3 block
    mbssid
    channel dfs
    station-role root access-point
    !
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface GigabitEthernet0
    description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
    no ip address
    no ip route-cache
    !
    interface GigabitEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address dhcp client-id GigabitEthernet 0
    no ip route-cache
    !
    ip http server
    no ip http secure-server

    bridge 1 route ip
    !
    !
    !
    line con 0
    no activation-character
    line vty 0 4
    login local
    !
    end

  • Here is the config of the router

     

    service-module wlan-ap 0 bootimage autonomous
    !
    no ipv6 cef
    no ip source-route
    ip cef
    !
    !
    !
    no ip dhcp conflict logging
    ip dhcp excluded-address 172.16.4.1 172.16.4.20
    ip dhcp excluded-address 172.16.1.1 172.16.1.20
    ip dhcp excluded-address 172.16.2.1 172.16.2.20
    ip dhcp excluded-address 172.16.3.1 172.16.3.20
    ip dhcp excluded-address 172.16.5.1 172.16.5.20
    !
    ip dhcp pool wifi
    import all
    network 172.16.1.0 255.255.255.0
    default-router 172.16.1.2 172.16.1.1
    lease 0 1
    !
    ip dhcp pool 300
    import all
    network 172.16.2.0 255.255.255.0
    default-router 172.16.2.1

    lease 7
    !
    ip dhcp pool 200
    import all
    network 172.16.4.0 255.255.255.0
    default-router 172.16.4.1
    lease 7
    !
    ip dhcp pool Office
    import all
    network 172.16.3.0 255.255.255.0
    default-router 172.16.3.1
    lease 7
    !
    ip dhcp pool Main_Office
    import all
    network 172.16.5.0 255.255.255.0
    default-router 172.16.5.1
    lease 7
    !
    !
    no ip bootp server
    no ip domain lookup
    multilink bundle-name authenticated
    !


    hw-module ism 0
    !
    !
    !

    !
    !
    interface Embedded-Service-Engine0/0
    ip unnumbered Vlan1
    !
    interface GigabitEthernet0/0
    ip address 172.16.5.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    ip tcp adjust-mss 1452
    duplex auto
    speed auto
    !
    interface wlan-ap0
    description Service module interface to manage the embedded AP
    ip unnumbered Vlan1
    arp timeout 0
    no mop enabled
    no mop sysid
    !
    interface GigabitEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Wlan-GigabitEthernet0/0
    description Internal switch interface connecting to the embedded AP
    no ip address
    !
    !
    interface Vlan1
    description *** WiFi LAN ***
    ip address 172.16.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    ip tcp adjust-mss 1452
    !

    no cdp enable
    !
    ip forward-protocol nd
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 172.16.2.0 255.255.255.0 172.16.5.2
    ip route 172.16.3.0 255.255.255.0 172.16.5.2
    ip route 172.16.4.0 255.255.255.0 172.16.5.2
    !
    access-list 1 permit 172.16.0.0 0.0.255.255
    access-list 23 permit 172.16.0.0 0.0.255.255
    !
    no cdp run
    !
    !
    !
    !
    control-plane
    !

  • The wireless clients get their IPs from VLAN1 (172.16.1.0/24) since the ssid is attached to VLAN1. The gateway is 172.16.1.1 which is the IP of VLAN1. There are wired clients in the IP range (172.16.1.0/24). The devices in the other networks both wired and wireless (there is another wifeless device, a linksys in another part of the network. That is in the 172.16.3.0/24 network) are able to communicate well.

    When I changed the default gateway of the wireless VLAN (1) to the IP of the BVI1 interface, the devices were no longer able to connect to the internet.

    The wireless devices in VLAN1 are unable to communicate with the wireless printers in that same IP Range (172.16.1.0/24).

     

    Thank you

  • The other 4 networks are on other switches. There is however, a network (172.16.5.0/24) between this router and another switch. That switch is also connected to the following networks

    172.16.3.0 (shared with the linksys router)

    172.16.2.0 (local)

    172.16.4.0 (shared with a Cisco small business 200 switch)

     

    There is only one VLAN on the main router.

     

    Thanks

  • What is this "ip route 0.0.0.0 0.0.0.0 Dialer1" command I'm seeing?

    Follow this link for configuration help with your Cisco 1941 router:
    http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/software_configuration.pdf


    Also, without a routing protocol (RIP, EIGRP, or OSPF), the users on other VLANS will not be able to ping each other.  You have to have a layer 3 device in place to do this.  You could also create a 'router on a stick' configuration if needed but based on your gear, I would recommend defining all of those subnets into some sort of interface.  If the IOS allows you to define more than 1 VLAN (default), then great, you can do that.  But if it doesn't, then you could create loopbacks 2, 3, 4, etc (logical, not physical) in the router configuration.  You could also use IP addresses within those DHCP reserved address space (.1 through .20) you have already reserved to make things easier.
    Last note, be careful with those static routes, it looks like you have the 172.16.x.0 (x = 2,3,and 4) routing to the switch IP address of 172.16.5.2?  If you implement a routing protocol, I would get rid of these static commands as they will have a lower Admin Distance and trump any routing protocol you wish to implement.

    Hope this helps,

    -Brandon

Sign In or Register to comment.