• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Android wifi connectivity and cisco wireless router

kinggoo

Lurker
Oct 12, 2010
5
0
So, I will try to be as detailed as possible, but this may be outside the scope of this forum. I will respond to any direct questions in regards to my configuration.

I have a brand new Motorola Droid 2 and a Cisco 851w wireless router which I have configured myself.

I can successfully associate the droid 2 to my wireless network. It obtains an IP address, subnet mask, gateway, etc.

Using an android market ping utility, however I cannot ping externally or even to my gateway.

I've tried the following in the process of my troubleshooting:


  • Statically assigning my droid's internal addresses (and explicitly naming DNS).

  • Unhiding my SSID

  • Provisioning an alternate completely unsecured, unhidden wireless SSID (as opposed to an original hidden SSID, WPA2/PSK configuration)

  • Restarting the phone and router
  • Laptop devices are able and have been able to associate, and pass traffic without issue for over a year.
I cannot really pinpoint an issue with this setup, as I am able to associate and browse consumer/business wireless networks elsewhere without issue. Searches for the above described issue yield the same suggestions I have attempted in the process of my troubleshooting.

Any help would be greatly appreciated.
 
Welcome to the Android Forums, Kinggoo.

I'm wondering if you router is set up for MAC address control, either filtering or "white list."

Also wondering if the firewall is enabled, and if it is, can it be configured to lesser strictness.

Is your errant device matched up with the router's 802.11g/n, etc settings?

Finally, have you experimented with the router's channels?
 
Upvote 0
Welcome to the Android Forums, Kinggoo.

I'm wondering if you router is set up for MAC address control, either filtering or "white list."

Also wondering if the firewall is enabled, and if it is, can it be configured to lesser strictness.

Finally, have you experimented with the router's channels?

Thanks for the welcome.

MAC address control is not enabled, nor has it ever been.
The firewall is definitely enabled, but this wouldn't prevent me from accessing my own gateway and I am able to utilize PCs on the same wireless SSID(s) for connectivity internally, and externally.
I have surveyed the wireless at my location and I definitely have a predominant signal.

I will also mention that a friend of mine has an Android Moment, and is experiencing the same issues.
 
Upvote 0
What IOS version are you running on the router? What type of security do you have defined on the router?

I'm currently using my DX with an Aironet 1141 and an Aironet 1132 and it associates well with either. That said I think your issue may be either configuration or IOS based.

Martimus:

Thanks for the reply. I am leaning towards IOS based :)

IOS: C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T7

I've been using the Guest wifi as the non-secured/least inhibited network:

interface Dot11Radio0.20
description Guest wireless
encapsulation dot1Q 20
ip address 10.10.2.1 255.255.255.0
ip access-group Guest-ACL in
ip inspect fw out
ip nat inside
ip virtual-reassembly

ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw icmp timeout 3600

ip access-list extended Guest-ACL
deny ip any 10.10.1.0 0.0.0.255
permit ip any any
 
Upvote 0
Using Network Ping - Android app on AppBrain from the market, I am able to ping the gateway, public addresses and through the VPN. Router is a Cisco WVRS4400N.

Are you saying that you have no connectivity or that you simply cannot execute a ping? It could be that the guest account is configured to block ping traffic.

You might want to take it to a different WiFi hotspot and see if you can ping from there.
 
Upvote 0
Using Network Ping - Android app on AppBrain from the market, I am able to ping the gateway, public addresses and through the VPN. Router is a Cisco WVRS4400N.

Are you saying that you have no connectivity or that you simply cannot execute a ping? It could be that the guest account is configured to block ping traffic.

You might want to take it to a different WiFi hotspot and see if you can ping from there.

I get network errors from any networked app. I really just used the ping app to confirm that I couldn't speak to the gateway. Ping works from PCs using either wireless network, and I have confirmed the droid 2 works through other wifi networks.

I have been mulling bringing my IOS to 12.4(15)T14, but it looks like I will be giving it a try.
 
Upvote 0
Martimus:

Thanks for the reply. I am leaning towards IOS based :)

IOS: C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T7

I've been using the Guest wifi as the non-secured/least inhibited network:

interface Dot11Radio0.20
description Guest wireless
encapsulation dot1Q 20
ip address 10.10.2.1 255.255.255.0
ip access-group Guest-ACL in
ip inspect fw out
ip nat inside
ip virtual-reassembly

ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw icmp timeout 3600

ip access-list extended Guest-ACL
deny ip any 10.10.1.0 0.0.0.255
permit ip any any

From looking at your config it looks like you are creating sub-interfaces on your radio. In the case of the code snippet provided it also looks like you are assigning a DOT1.Q trunk (vlan 20) to the sub-interface.

Now unless I'm totally reading this wrong, which is always a possibility, I'm wondering why you chose to do this? If I remember my Cisco training (and it's been a while...) by making the sub-interface a trunk you limit traffic on the trunk to only packets tagged with vlan 20. Packets coming off of your connected devices aren't going to be tagged (or trunked) so I'd guess that they'll be ignored by the interface.

If you are wanting to isolate traffic onto vlan's, wouldn't you want to tag them and drop them onto the proper vlan on the Ethernet side of the connection rather than the wireless side of the connection?
 
Upvote 0
From looking at your config it looks like you are creating sub-interfaces on your radio. In the case of the code snippet provided it also looks like you are assigning a DOT1.Q trunk (vlan 20) to the sub-interface.

Now unless I'm totally reading this wrong, which is always a possibility, I'm wondering why you chose to do this? If I remember my Cisco training (and it's been a while...) by making the sub-interface a trunk you limit traffic on the trunk to only packets tagged with vlan 20. Packets coming off of your connected devices aren't going to be tagged (or trunked) so I'd guess that they'll be ignored by the interface.

If you are wanting to isolate traffic onto vlan's, wouldn't you want to tag them and drop them onto the proper vlan on the Ethernet side of the connection rather than the wireless side of the connection?

The 851 is kind of screwy in that it doesn't provide VLAN support. The 871 does, for an added cost of course.

It was setup this way to segment guest network access from "internal" and LAN access.

My "internal" wifi interface is bridged with the LAN.

Really wishing I got the 871 instead, but here we are.
 
Upvote 0
The 851 is kind of screwy in that it doesn't provide VLAN support. The 871 does, for an added cost of course.

It was setup this way to segment guest network access from "internal" and LAN access.

My "internal" wifi interface is bridged with the LAN.

Really wishing I got the 871 instead, but here we are.

Well I'm thinking that trunking the radio isn't going to work well... if at all. Maybe you'd be better off picking up an older AP like an 1131 or an 1120 and applying the vlan inside the network rather than with the router at the edge. Yes it's much more pricey but it's also more of a workable solution.

I've done some searching and, so far, I can't find any examples of people getting this type of config to work in a production environment.
 
Upvote 0
I'm the roommate to this issue (we aren't a buisness). I have a rooted Samsung Moment. We just updated to the latest IOS on the router and are still having an issue. My phone will intermittently connect to the hidden private SSID, and I can SSH the router and ping the file server but not connect with astro. I cannot reach or browse the internet from my phone. However my win7 laptop works just fine on private. On our public SSID, I can do the same thing as the private, except it stays connected consistently.

On the Droid2 we can connect to both public and private and keep a connection, but neither will pass traffic to anything.

Anyone have anymore thoughts?
 
Upvote 0
I'm the roommate to this issue (we aren't a buisness). I have a rooted Samsung Moment. We just updated to the latest IOS on the router and are still having an issue. My phone will intermittently connect to the hidden private SSID, and I can SSH the router and ping the file server but not connect with astro. I cannot reach or browse the internet from my phone. However my win7 laptop works just fine on private. On our public SSID, I can do the same thing as the private, except it stays connected consistently.

On the Droid2 we can connect to both public and private and keep a connection, but neither will pass traffic to anything.

Anyone have anymore thoughts?

Did the IOS update reset all settings on the router to default values? If not, I'd back up the configuration and reset the router to default. From that point out it's a matter of connecting first and then configuring your network. Since you've already established the Droid and the Moment work on other networks, it's reasonable to assume that it's a router issue.
 
Upvote 0
hello iam using xperiax10 in my home it is connecting to wifi there is no prob in connecting to wifi but in my office its cisco iam loging in successfully but web page its not opening can any one help me how to solve this prob please

Have you discussed this with the I.T. staff at your office?

Depending on how they have the WiFi set up there might be any number of issues that could cause this.
 
Upvote 0
hello iam using xperiax10 in my home it is connecting to wifi there is no prob in connecting to wifi but in my office its cisco iam loging in successfully but web page its not opening can any one help me how to solve this prob please

Two causes come to mind. Your office might use a proxy for internet access. If you can log on to the local LAN but not ping a public IP, then this is most likely the case.

Or, if your office uses it's domain controller as a dns server, your pages might not resolve correctly if your phone tries to automatically identify the nameserver. If you can ping a public IP this may be the case.

Or, your phone could be possessed by evil spirits. In the case of the first two, you'll have to discuss it with IT. If it's the latter, talk to a priest.
 
Upvote 0
I'm having this same problem, just wanted to give more info: I have an HTC incredible and a Cisco WiFi at work. The phone gets an IP but can't send out any packets from what I can tell. I brought in my nook (color e-reader running android) and that had the same issue.

We are using WPA with TKIP. I think this might be the problem but we can't change this. WPA2 isn't on this access point. The IOS is from 2008.

Iphones work fine.
 
Upvote 0
I'm having this same problem, just wanted to give more info: I have an HTC incredible and a Cisco WiFi at work. The phone gets an IP but can't send out any packets from what I can tell. I brought in my nook (color e-reader running android) and that had the same issue.

We are using WPA with TKIP. I think this might be the problem but we can't change this. WPA2 isn't on this access point. The IOS is from 2008.

Iphones work fine.

WPA with TKIP isn't exactly a great security choice anymore. Hackers can now crack it in just a few short minutes.

Once thought safe, WPA Wi-Fi encryption is cracked | ITworld

Though it sounds like they aren't presently receptive to change you might want to suggest to your IT department that they update the IOS on that router. Cisco has literally released dozens of updates to IOS since 2008.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones