mun_84
asked on
cisco wireless no dhcp no internet
Hi experts,
I've done my best to configure my wireless on a seperate VLAN (WLan2) and i've put int the DHCP scope of 192.168.100.0/24. I can see the wireless ssid however there is no DHCP and internet connection. Here is a list of my running config.
Current configuration : 6303 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pfcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$u72h$7LBDWXc1cupMYDu5co nB81
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
server 192.168.100.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_mac1
server 192.168.100.10 auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login mac_methods1 group rad_mac1
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
clock timezone PCTime 8
!
crypto pki trustpoint TP-self-signed-223618724
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-22361 8724
revocation-check none
rsakeypair TP-self-signed-223618724
!
!
crypto pki certificate chain TP-self-signed-223618724
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323336 31383732 34301E17 0D303230 33303130 30303835
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3232 33363138
37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C14C325F 999A0888 8A446F30 9F4ED8DD 25994CA0 37712BB0 3087A411 F4B762A8
CC5F9932 647B4FDE BE0EF344 7C60418F 75A0DE3B 776B5340 843CBC11 91524A2B
9355C296 454EB064 9FD03BAD 4418B22A 8FB9770E FF036F63 4121C186 AFE2F78C
2DC7B2A6 6BE59571 C6AEF9BA C979F24C A76D5964 B5C93B52 769D2FC3 8C596FE9
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821370 66636973 636F2E70 66656E67 2E6C6F63 616C301F 0603551D
23041830 16801442 85B55C32 492BEBBB CEBF70ED 15E87AFB 1F5CDF30 1D060355
1D0E0416 04144285 B55C3249 2BEBBBCE BF70ED15 E87AFB1F 5CDF300D 06092A86
4886F70D 01010405 00038181 006E69F1 2181D2AA F638B98D 73202E32 F278AC61
8C6B3E75 39D047A8 9B8D8A14 477D6390 86BA9C17 1890D70D C92CFF40 71BEFF33
CE1BD671 AC00598C 068E6AE2 98C80E30 90F89027 62CA379C 87C0C8A9 22A95706
58A8CD90 985D0A3D AC258EE5 60809EAE A878B9DD 0FD8945E 86B6C12A 4B3DF103
9625C207 4B013741 EF87E3A5 7D
quit
!
dot11 ssid pfwifi
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 075E731F1A5C4F524F4B5B
!
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool wireless
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 203.161.127.1
!
!
no ip bootp server
ip domain name pfeng.local
ip name-server 192.168.0.1
ip name-server 203.161.127.1
!
!
!
username admin privilege 15 secret xxxxxxxxxxxxxx
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 2 mode ciphers tkip
!
ssid pfwifi
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.
54.0
channel least-congested 2412 2442 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
description Wireless vlan2
encapsulation dot1Q 2
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO- HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan2
no ip address
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pfeng2
ppp chap password 7 03145D0E0808314D5D1A415D
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.1 1723 interface Dialer0 1723
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.166 3389 interface Dialer0 3389
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source list 103 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 102 remark Wireless traffic
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^CSuccessful Login! Save Settings before making any changes.^C
banner login ^C
Authorised Users only! Please Contact Administrator.^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 1 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
I've done my best to configure my wireless on a seperate VLAN (WLan2) and i've put int the DHCP scope of 192.168.100.0/24. I can see the wireless ssid however there is no DHCP and internet connection. Here is a list of my running config.
Current configuration : 6303 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pfcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$u72h$7LBDWXc1cupMYDu5co
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
server 192.168.100.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_mac1
server 192.168.100.10 auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login mac_methods1 group rad_mac1
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
clock timezone PCTime 8
!
crypto pki trustpoint TP-self-signed-223618724
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-223618724
!
!
crypto pki certificate chain TP-self-signed-223618724
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323336 31383732 34301E17 0D303230 33303130 30303835
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3232 33363138
37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C14C325F 999A0888 8A446F30 9F4ED8DD 25994CA0 37712BB0 3087A411 F4B762A8
CC5F9932 647B4FDE BE0EF344 7C60418F 75A0DE3B 776B5340 843CBC11 91524A2B
9355C296 454EB064 9FD03BAD 4418B22A 8FB9770E FF036F63 4121C186 AFE2F78C
2DC7B2A6 6BE59571 C6AEF9BA C979F24C A76D5964 B5C93B52 769D2FC3 8C596FE9
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821370 66636973 636F2E70 66656E67 2E6C6F63 616C301F 0603551D
23041830 16801442 85B55C32 492BEBBB CEBF70ED 15E87AFB 1F5CDF30 1D060355
1D0E0416 04144285 B55C3249 2BEBBBCE BF70ED15 E87AFB1F 5CDF300D 06092A86
4886F70D 01010405 00038181 006E69F1 2181D2AA F638B98D 73202E32 F278AC61
8C6B3E75 39D047A8 9B8D8A14 477D6390 86BA9C17 1890D70D C92CFF40 71BEFF33
CE1BD671 AC00598C 068E6AE2 98C80E30 90F89027 62CA379C 87C0C8A9 22A95706
58A8CD90 985D0A3D AC258EE5 60809EAE A878B9DD 0FD8945E 86B6C12A 4B3DF103
9625C207 4B013741 EF87E3A5 7D
quit
!
dot11 ssid pfwifi
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 075E731F1A5C4F524F4B5B
!
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool wireless
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 203.161.127.1
!
!
no ip bootp server
ip domain name pfeng.local
ip name-server 192.168.0.1
ip name-server 203.161.127.1
!
!
!
username admin privilege 15 secret xxxxxxxxxxxxxx
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 2 mode ciphers tkip
!
ssid pfwifi
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.
54.0
channel least-congested 2412 2442 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
description Wireless vlan2
encapsulation dot1Q 2
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.0.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan2
no ip address
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pfeng2
ppp chap password 7 03145D0E0808314D5D1A415D
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.1 1723 interface Dialer0 1723
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.166 3389 interface Dialer0 3389
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source list 103 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 102 remark Wireless traffic
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^CSuccessful Login! Save Settings before making any changes.^C
banner login ^C
Authorised Users only! Please Contact Administrator.^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 1 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
try this:
dot11 ssid pfwifi
vlan 1
no interface Dot11Radio0.1
interface Dot11Radio0
ip nat inside
ip address 192.168.100.1 255.255.255.0
dot11 ssid pfwifi
vlan 1
no interface Dot11Radio0.1
interface Dot11Radio0
ip nat inside
ip address 192.168.100.1 255.255.255.0
ASKER
vlan 1 or 2?
why vlan 1?
can you explain why
no interface Dot11Radio0.1
interface Dot11Radio0
ip nat inside
ip address 192.168.100.1 255.255.255.0
why vlan 1?
can you explain why
no interface Dot11Radio0.1
interface Dot11Radio0
ip nat inside
ip address 192.168.100.1 255.255.255.0
ty it...
you want to separate the wifi from lan?
ASKER
YES PLEASE.
wireless on vlan 2, 192.168.100.0/24
Leave Vlan 1 alone as it is working (if im not wrong its sorting the LAN side 192.168.0.0/24)
I tried your commands it didn't work. No DHCP provided.
JUST to double confirm WPA key can be 10 numbers right?
wireless on vlan 2, 192.168.100.0/24
Leave Vlan 1 alone as it is working (if im not wrong its sorting the LAN side 192.168.0.0/24)
I tried your commands it didn't work. No DHCP provided.
JUST to double confirm WPA key can be 10 numbers right?
WPA key can be as long as you like
Do you have any routers inbetween or is the Cisco WiFi router as well?
if you have routers inbetween, configure DHCP relay to point to Cisco DHCP.
Install wireshark, www.wireshark.org on a wireless station.
Start capture and try to connect to wireless.
Stop capture after some time:
look for DHCP protocol packets.
Do the station send DHCP DISCOVERY packets? (looking for DHCP server)?
Do you have any routers inbetween or is the Cisco WiFi router as well?
if you have routers inbetween, configure DHCP relay to point to Cisco DHCP.
Install wireshark, www.wireshark.org on a wireless station.
Start capture and try to connect to wireless.
Stop capture after some time:
look for DHCP protocol packets.
Do the station send DHCP DISCOVERY packets? (looking for DHCP server)?
I advise to use this macro
cli-config-worksheet.xls
cli-config-worksheet.xls
ASKER
i've done this worksheet but the problem is i got other NAT settings and i cant afford to reconfigure the entire router. Anyone else can help me out?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
have copied word for word and deleted my old resettings however i cant test the wifi till i get back to work with a laptop. Will update tomorrow. Will definately reward points if this works. I seriously never understood why we need to bridge with cisco routers?
One question how do remove these commands ( i tried using NO in front and they still wont remove, does it matter):
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 20 mode ciphers tkip
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
One question how do remove these commands ( i tried using NO in front and they still wont remove, does it matter):
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 20 mode ciphers tkip
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio0
no encryption vlan 20 mode ciphers tkip
no encryption vlan 20 mode ciphers tkip
ASKER
My config below after the changes now the Access point is not up at all.
Current configuration : 5692 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pfcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 xxxx
!
no aaa new-model
clock timezone PCTime 8
!
crypto pki trustpoint TP-self-signed-223618724
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-22361 8724
revocation-check none
rsakeypair TP-self-signed-223618724
!
!
crypto pki certificate chain TP-self-signed-223618724
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323336 31383732 34301E17 0D303230 33303130 30303835
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3232 33363138
37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C14C325F 999A0888 8A446F30 9F4ED8DD 25994CA0 37712BB0 3087A411 F4B762A8
CC5F9932 647B4FDE BE0EF344 7C60418F 75A0DE3B 776B5340 843CBC11 91524A2B
9355C296 454EB064 9FD03BAD 4418B22A 8FB9770E FF036F63 4121C186 AFE2F78C
2DC7B2A6 6BE59571 C6AEF9BA C979F24C A76D5964 B5C93B52 769D2FC3 8C596FE9
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821370 66636973 636F2E70 66656E67 2E6C6F63 616C301F 0603551D
23041830 16801442 85B55C32 492BEBBB CEBF70ED 15E87AFB 1F5CDF30 1D060355
1D0E0416 04144285 B55C3249 2BEBBBCE BF70ED15 E87AFB1F 5CDF300D 06092A86
4886F70D 01010405 00038181 006E69F1 2181D2AA F638B98D 73202E32 F278AC61
8C6B3E75 39D047A8 9B8D8A14 477D6390 86BA9C17 1890D70D C92CFF40 71BEFF33
CE1BD671 AC00598C 068E6AE2 98C80E30 90F89027 62CA379C 87C0C8A9 22A95706
58A8CD90 985D0A3D AC258EE5 60809EAE A878B9DD 0FD8945E 86B6C12A 4B3DF103
9625C207 4B013741 EF87E3A5 7D
quit
!
dot11 ssid GuestWLAN
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxx
no ip source-route
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server xxxx
domain-name pfeng.local
lease 4
!
!
no ip bootp server
ip domain name pfeng.local
ip name-server 192.168.0.1
ip name-server xxxx
!
!
!
username admin privilege 15 secret 5 xxxx
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 20 mode ciphers tkip
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no cdp enable
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO- HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pfeng2
ppp chap password 7 xxxx
!
interface BVI20
description Bridge to Guest Network
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.1 1723 interface Dialer0 1723
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.166 3389 interface Dialer0 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 102 remark Wireless traffic
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^CSuccessful Login! Save Settings before making any changes.^C
banner login ^C
Authorised Users only! Please Contact Administrator.^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 1 in
privilege level 15
login
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Current configuration : 5692 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pfcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 xxxx
!
no aaa new-model
clock timezone PCTime 8
!
crypto pki trustpoint TP-self-signed-223618724
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-223618724
!
!
crypto pki certificate chain TP-self-signed-223618724
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323336 31383732 34301E17 0D303230 33303130 30303835
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3232 33363138
37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C14C325F 999A0888 8A446F30 9F4ED8DD 25994CA0 37712BB0 3087A411 F4B762A8
CC5F9932 647B4FDE BE0EF344 7C60418F 75A0DE3B 776B5340 843CBC11 91524A2B
9355C296 454EB064 9FD03BAD 4418B22A 8FB9770E FF036F63 4121C186 AFE2F78C
2DC7B2A6 6BE59571 C6AEF9BA C979F24C A76D5964 B5C93B52 769D2FC3 8C596FE9
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821370 66636973 636F2E70 66656E67 2E6C6F63 616C301F 0603551D
23041830 16801442 85B55C32 492BEBBB CEBF70ED 15E87AFB 1F5CDF30 1D060355
1D0E0416 04144285 B55C3249 2BEBBBCE BF70ED15 E87AFB1F 5CDF300D 06092A86
4886F70D 01010405 00038181 006E69F1 2181D2AA F638B98D 73202E32 F278AC61
8C6B3E75 39D047A8 9B8D8A14 477D6390 86BA9C17 1890D70D C92CFF40 71BEFF33
CE1BD671 AC00598C 068E6AE2 98C80E30 90F89027 62CA379C 87C0C8A9 22A95706
58A8CD90 985D0A3D AC258EE5 60809EAE A878B9DD 0FD8945E 86B6C12A 4B3DF103
9625C207 4B013741 EF87E3A5 7D
quit
!
dot11 ssid GuestWLAN
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxx
no ip source-route
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server xxxx
domain-name pfeng.local
lease 4
!
!
no ip bootp server
ip domain name pfeng.local
ip name-server 192.168.0.1
ip name-server xxxx
!
!
!
username admin privilege 15 secret 5 xxxx
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 20 mode ciphers tkip
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no cdp enable
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.0.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pfeng2
ppp chap password 7 xxxx
!
interface BVI20
description Bridge to Guest Network
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.1 1723 interface Dialer0 1723
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.166 3389 interface Dialer0 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 102 remark Wireless traffic
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^CSuccessful Login! Save Settings before making any changes.^C
banner login ^C
Authorised Users only! Please Contact Administrator.^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 1 in
privilege level 15
login
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
your computer sse this ssid?
ASKER
i manage to fix it without the bridges instead just created vlan 2 with dhcp pool . My only problem is VLAN 2 can access VLAN 1 how do i prevent this from happening.
ACL or vrf
interface Vlan2
no ip address