Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco 871w cannot get internet connection

Avatar of snoozeit
snoozeit asked on
Routers
12 Comments1 Solution301 ViewsLast Modified:
I am trying to configure the 871w but users on the wlan and lan cannot access the internet.

Any ideas
871w#
871w#show run
Building configuration...

Current configuration : 6270 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 871w
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network ezvpn_local local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2847771922
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2847771922
 revocation-check none
 rsakeypair TP-self-signed-2847771922
!
!
crypto pki certificate chain TP-self-signed-2847771922
 certificate self-signed 01
  3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383437 37373139 3232301E 170D3039 31303330 31383434
  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38343737
  37313932 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BFFD 6A9E4B33 6CA0EFDC F62D3BA5 9A9A1D41 9C9BAB10 4703468F EC6C2E85
  20894F6E FED9EB53 1D4CFAB7 EF7401F0 9D45E0F1 702EFCC6 4A356635 2C4084CF
  731A0847 F2C55C93 3CA6A693 D30B4684 877EB8B0 11589B90 15448B2C 76AB842A
  3AC80F53 B712998D 75E23B0B 0C6CD63F C66B74C2 845D981D 871A0F1A 573F6015
  679D0203 010001A3 64306230 0F060355 1D130101 FF040530 030101FF 300F0603
  551D1104 08300682 04383731 77301F06 03551D23 04183016 8014C7B3 1EF36151
  D8F807B2 8358EFB0 228668F1 2125301D 0603551D 0E041604 14C7B31E F36151D8
  F807B283 58EFB022 8668F121 25300D06 092A8648 86F70D01 01040500 03818100
  A6FF30A8 23AB8CE7 AE762B4D 64D6A8DE 7D09CD75 0EC8784D 50CE6699 453E5245
  15DD7242 0FDEC47F 42916325 E3294378 D6AFC0E1 A97020B4 20BB54DF 47B8289C
  7770CE87 3C373C01 5E0DB367 F826505A 2193920D C9C6D277 D0F991F7 DB8F9C0D
  D20D7D00 D192571D D99BB604 AAC5ADCB 17D2D6AB 533DF686 017CB67D 644A7399
        quit
dot11 syslog
!
dot11 ssid WLAN10
   vlan 10
   authentication open
   authentication key-management wpa
   wpa-psk ascii 0 123456789
!
dot11 ssid WLAN20
   vlan 20
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 12345678
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.4.2
ip dhcp excluded-address 192.168.3.2
!
ip dhcp pool vlan10
   import all
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.2
   lease 4
!
ip dhcp pool VLAN20
   import all
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.2
   lease 4
!
!
!
multilink bundle-name authenticated
!
!
username john privilege 15 password 0 cisco
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group easyvpn
 key bluesky
 pool ezvpnpool
 acl 125
crypto isakmp profile ike-profile-1
   match identity group easyvpn
   client authentication list default
   isakmp authorization list ezvpn_local
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile profile1
 set transform-set ESP-3DES-SHA
 set isakmp-profile ike-profile-1
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet1
interface FastEthernet1
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface FastEthernet4
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1460
 duplex auto
 speed auto
 no cdp enable
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 ip nat inside
 ip virtual-reassembly
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile profile1
!
interface Dot11Radio0
 no ip address
 no dot11 extension aironet
 !
 encryption vlan 10 mode ciphers tkip
 !
 encryption vlan 20 mode ciphers tkip
 !
 ssid WLAN10
 !
 ssid WLAN20
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 no cdp enable
!
interface Dot11Radio0.10
 encapsulation dot1Q 10
 bridge-group 10
 bridge-group 10 subscriber-loop-control
 bridge-group 10 spanning-disabled
 bridge-group 10 block-unknown-source
 no bridge-group 10 source-learning
 no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
 encapsulation dot1Q 20
 bridge-group 20
 bridge-group 20 subscriber-loop-control
 bridge-group 20 spanning-disabled
 bridge-group 20 block-unknown-source
 no bridge-group 20 source-learning
 no bridge-group 20 unicast-flooding
!
interface Vlan1
 no ip address
 bridge-group 10
 bridge-group 10 spanning-disabled
!
interface Vlan10
 description Internal Network
 no ip address
 ip nat inside
 ip virtual-reassembly
 bridge-group 10
 bridge-group 10 spanning-disabled
!
interface Vlan20
 description Guest Network
 no ip address
 ip nat inside
 ip virtual-reassembly
 bridge-group 20
 bridge-group 20 spanning-disabled
!
interface Vlan30
 no ip address
!
interface BVI10
 description Bridge to Internal Network
 ip address 192.168.3.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface BVI20
 description Bridge to Guest Network
 ip address 192.168.4.2 255.255.255.0
 ip access-group Guest-ACL in
 ip nat inside
 ip virtual-reassembly
!
ip local pool ezvpnpool 192.168.11.1 192.168.11.12
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
!
ip http server
ip http secure-server
!
ip access-list extended Guest-ACL
 deny   ip any 192.168.3.0 0.0.0.255
 permit ip any any
!
access-list 100 deny   ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 100 deny   ip 192.168.4.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 125 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255 log
access-list 125 permit ip 192.168.11.0 0.0.0.255 any
!
!
!
!
control-plane
!
bridge 10 route ip
bridge 20 route ip
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input all
 transport output all
!
scheduler max-task-time 5000
end

871w#
ASKER CERTIFIED SOLUTION
Avatar of Don Johnston
Don JohnstonFlag of United States of America imageInstructor
Commented:
This problem has been solved!
Unlock 1 Answer and 12 Comments.
See Answers