Cisco 871w config error.. no internet connection from lan/wlan

Discussion in 'Cisco' started by mrflash, Feb 28, 2008.

  1. mrflash

    mrflash Guest

    Hi All.

    Im new here so be gentle.
    I am also quite new to cisco CLI, but i bit the bullet and brought a
    nice 871W with the bundle.

    I have made a config, partyl using the help from a spreadsheet on the
    internet, evertything fine, both WLANS work, i can use SDM etc, but
    when i try and use my internet connection, it doesnt allow me access
    from either LAN/WLAN.

    I have another config,which im running at the moment, that is allowing
    me access, and im really stumped and cant tell the difference (its a
    really simple one with :access-list 100 permit ip 192.168.1.0
    0.0.0.255 any.

    Can somebody look at the following and explain where i am going wrong?

    Thanks





    !This is the running config of the router: 10.10.128.1
    !----------------------------------------------------------------------------
    !version 12.4
    no service pad
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    no service password-encryption
    service sequence-numbers
    !
    hostname 871w
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    logging buffered 16000 warnings
    enable secret 5 xxxxxx
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authorization exec default local
    !
    !
    aaa session-id common
    clock timezone gmt 0
    !
    crypto pki trustpoint TP-self-signed-296088904
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-296088904
    revocation-check none
    rsakeypair TP-self-signed-296088904
    !
    !
    crypto pki certificate chain TP-self-signed-296088904
    certificate self-signed 01
    3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101
    04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D
    43657274
    69666963 6174652D 32393630 38383930 34301E17 0D303630 39323731
    39333934
    345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403
    1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3239
    36303838
    39303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
    02818100
    DCE664A4 B45E25C5 5134E853 994DEA62 B77A9086 CD58084A 1ECC12DB
    4C71B74C
    086849D5 E801B54C C3475C22 D376F07B 5A9000BC C1C882E7 64D36885
    6EE026ED
    E9CC3311 BB55C234 62385615 5F36F503 6628A477 E8BFA704 678FA112
    8A8AD0E3
    61538518 6D0570E6 EFF08BE0 34B049BB BBE4E6EE A0B16A44 F7DB23D5
    3FD3737F
    02030100 01A36430 62300F06 03551D13 0101FF04 05300301 01FF300F
    0603551D
    11040830 06820438 37317730 1F060355 1D230418 30168014 ECB0CA37
    F835F9BD
    9D0B8B98 716AD208 BADCAA97 301D0603 551D0E04 160414EC B0CA37F8
    35F9BD9D
    0B8B9871 6AD208BA DCAA9730 0D06092A 864886F7 0D010104 05000381
    8100C24B
    21A23921 E99F7049 5AA132A1 0B24232D 94EBC310 AFC75C54 37D86DBA
    79FAE8FB
    50106CB8 3AAA6A2E FF2F3F39 C624C50B 7EE89812 BE84A97E 274AFB15
    54263059
    41DE4512 D340BDDD E1B033AD 42746EFD 33A40784 E047B343 CAA33B63
    D3273E25
    217997BC 00C341A6 F9DCA496 D22323FE C7C82861 D2955A8D CD582022 6A6B
    quit
    !
    dot11 ssid emotionography
    vlan 10
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 xxxxx
    !
    dot11 ssid groovesalad
    vlan 20
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 xxxxx
    !
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.128.1 10.10.128.50
    ip dhcp excluded-address 10.9.16.1 10.9.16.50
    ip dhcp excluded-address 192.168.0.1 192.168.0.50
    ip dhcp excluded-address 192.168.0.101 192.168.0.254
    !
    ip dhcp pool VLAN10
    network 10.10.128.0 255.255.248.0
    default-router 10.10.128.1
    domain-name xxxxx
    lease 7
    !
    ip dhcp pool VLAN20
    network 10.9.16.0 255.255.255.0
    default-router 10.9.16.1
    domain-name xxxxx
    lease 7
    !
    ip dhcp pool DMZone
    import all
    network 192.168.0.0 255.255.255.0
    lease 7
    !
    !
    ip domain name xxxxxx
    ip name-server 194.168.4.100
    ip name-server 194.168.8.100
    ip inspect name MyFirewall tcp
    ip inspect name MyFirewall udp
    ip inspect name MyFirewall pop3
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip urlfilter source-interface BVI20
    ip urlfilter exclusive-domain deny doubleclick.net
    ip urlfilter urlf-server-log
    ip ddns update method xxxxx
    HTTP
    add http://xxxx:/nic/update?system=dyndns&hostname=<h>&myip=<a>
    interval maximum 0 1 0 0
    !
    !
    multilink bundle-name authenticated
    !
    !
    username admin privilege 15 password 0 password
    username xxxxx privilege 15 view root secret 5 xxxxxx
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    !
    bridge irb
    !
    !
    interface FastEthernet0
    switchport access vlan 10
    spanning-tree portfast
    !
    interface FastEthernet1
    switchport access vlan 10
    spanning-tree portfast
    !
    interface FastEthernet2
    switchport access vlan 10
    spanning-tree portfast
    !
    interface FastEthernet3
    switchport access vlan 10
    spanning-tree portfast
    !
    interface FastEthernet4
    description $FW_OUTSIDE$
    ip ddns update hostname xxxxx.dyndns.org
    ip ddns update xxxxx
    ip address dhcp
    ip access-group Internet-inbound-ACL in
    ip nat outside
    ip inspect MyFirewall out
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1460
    duplex auto
    speed auto
    no cdp enable
    !
    interface Dot11Radio0
    no ip address
    ip route-cache flow
    no dot11 extension aironet
    !
    encryption vlan 10 mode ciphers tkip
    !
    encryption vlan 20 mode ciphers tkip
    !
    ssid xxxxx
    !
    ssid xxxxx
    !
    mbssid
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    channel 2437
    station-role root
    no cdp enable
    !
    interface Dot11Radio0.10
    encapsulation dot1Q 10
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 spanning-disabled
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    !
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    bridge-group 20
    bridge-group 20 subscriber-loop-control
    bridge-group 20 spanning-disabled
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    !
    interface Vlan1
    no ip address
    ip route-cache flow
    !
    interface Vlan10
    description Internal Network 1
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 10
    bridge-group 10 spanning-disabled
    !
    interface Vlan20
    description Guest Network 1
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 20
    bridge-group 20 spanning-disabled
    !
    interface Vlan30
    description for DMZone
    ip address 192.168.0.1 255.255.255.0
    ip route-cache flow
    !
    interface BVI20
    description Bridge to Guest Network 1$FW_INSIDE$
    ip address 10.9.16.1 255.255.255.0
    ip access-group Guest-ACL in
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    !
    interface BVI10
    description Bridge to Internal Network 1$FW_INSIDE$
    ip address 10.10.128.1 255.255.248.0
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 dhcp
    !
    !
    ip http server
    ip http access-class 2
    ip http secure-server
    ip nat inside source list 1 interface FastEthernet4 overload
    !
    ip access-list extended Guest-ACL
    deny ip any 10.2.0.0 0.248.255.255
    permit ip any any
    ip access-list extended Internet-inbound-ACL
    permit udp any eq bootps any eq bootpc
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any traceroute
    permit gre any any
    permit esp any any
    !
    logging trap warnings
    access-list 1 permit 10.2.0.0 0.248.255.255
    access-list 1 permit 10.0.0.0 0.255.255.255
    access-list 2 remark Auto generated by SDM Management Access feature
    access-list 2 remark SDM_ACL Category=1
    access-list 2 permit 10.10.128.0 0.0.7.255
    access-list 100 remark Auto generated by SDM Management Access feature
    access-list 100 remark SDM_ACL Category=1
    access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
    telnet
    access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
    22
    access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
    www
    access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
    443
    access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
    cmd
    access-list 100 deny tcp any host 10.10.128.1 eq telnet
    access-list 100 deny tcp any host 10.10.128.1 eq 22
    access-list 100 deny tcp any host 10.10.128.1 eq www
    access-list 100 deny tcp any host 10.10.128.1 eq 443
    access-list 100 deny tcp any host 10.10.128.1 eq cmd
    access-list 100 deny udp any host 10.10.128.1 eq snmp
    access-list 100 permit ip any any
    access-list 101 remark Only allow these hosts to access HTTP/S/SSH/
    Telnet/RPC
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit ip 10.10.128.0 0.0.7.255 any
    !
    !
    !
    !
    control-plane
    !
    bridge 10 route ip
    bridge 20 route ip
    banner login ^CLogin Here:^C
    !
    line con 0
    logging synchronous
    no modem enable
    transport output telnet
    line aux 0
    transport output telnet
    line vty 0 4
    access-class 101 in
    password d1mma20
    logging synchronous
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end
     
    mrflash, Feb 28, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silvabod

    1394 LAN, WLAN and LAN queries.

    Silvabod, Nov 1, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    9,981
    Silvabod
    Nov 2, 2005
  2. MedikDave
    Replies:
    2
    Views:
    1,167
    ckamila
    Sep 5, 2006
  3. Jan
    Replies:
    1
    Views:
    3,181
    www.BradReese.Com
    Aug 26, 2006
  4. septicdeath

    Cisco 871W dual Wlan configuration

    septicdeath, Nov 6, 2007, in forum: Cisco
    Replies:
    0
    Views:
    1,248
    septicdeath
    Nov 6, 2007
  5. mrflash
    Replies:
    0
    Views:
    603
    mrflash
    Feb 28, 2008
Loading...

Share This Page