1. Home
  2. Cisco Systems
  3. Cisco 871w config error.. no internet connection from lan/wlan

Cisco 871w config error.. no internet connection from lan/wlan

Hi All.

Im new here so be gentle. I am also quite new to cisco CLI, but i bit the bullet and brought a nice 871W with the bundle.

I have made a config, partyl using the help from a spreadsheet on the internet, evertything fine, both WLANS work, i can use SDM etc, but when i try and use my internet connection, it doesnt allow me access from either LAN/WLAN.

I have another config,which im running at the moment, that is allowing me access, and im really stumped and cant tell the difference (its a really simple one with :access-list 100 permit ip 192.168.1.0

0.0.0.255 any.

Can somebody look at the following and explain where i am going wrong?

Thanks

!This is the running config of the router: 10.10.128.1 !---------------------------------------------------------------------------- !version 12.4 no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption service sequence-numbers ! hostname 871w ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log logging buffered 16000 warnings enable secret 5 xxxxxx ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! aaa session-id common clock timezone gmt 0 ! crypto pki trustpoint TP-self-signed-296088904 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-296088904 revocation-check none rsakeypair TP-self-signed-296088904 ! ! crypto pki certificate chain TP-self-signed-296088904 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101

04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32393630 38383930 34301E17 0D303630 39323731 39333934 345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3239 36303838 39303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 DCE664A4 B45E25C5 5134E853 994DEA62 B77A9086 CD58084A 1ECC12DB 4C71B74C 086849D5 E801B54C C3475C22 D376F07B 5A9000BC C1C882E7 64D36885 6EE026ED E9CC3311 BB55C234 62385615 5F36F503 6628A477 E8BFA704 678FA112 8A8AD0E3 61538518 6D0570E6 EFF08BE0 34B049BB BBE4E6EE A0B16A44 F7DB23D5 3FD3737F 02030100 01A36430 62300F06 03551D13 0101FF04 05300301 01FF300F 0603551D 11040830 06820438 37317730 1F060355 1D230418 30168014 ECB0CA37 F835F9BD 9D0B8B98 716AD208 BADCAA97 301D0603 551D0E04 160414EC B0CA37F8 35F9BD9D 0B8B9871 6AD208BA DCAA9730 0D06092A 864886F7 0D010104 05000381 8100C24B 21A23921 E99F7049 5AA132A1 0B24232D 94EBC310 AFC75C54 37D86DBA 79FAE8FB 50106CB8 3AAA6A2E FF2F3F39 C624C50B 7EE89812 BE84A97E 274AFB15 54263059 41DE4512 D340BDDD E1B033AD 42746EFD 33A40784 E047B343 CAA33B63 D3273E25 217997BC 00C341A6 F9DCA496 D22323FE C7C82861 D2955A8D CD582022 6A6B quit ! dot11 ssid emotionography vlan 10 authentication open authentication key-management wpa wpa-psk ascii 0 xxxxx ! dot11 ssid groovesalad vlan 20 authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 xxxxx ! ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.128.1 10.10.128.50 ip dhcp excluded-address 10.9.16.1 10.9.16.50 ip dhcp excluded-address 192.168.0.1 192.168.0.50 ip dhcp excluded-address 192.168.0.101 192.168.0.254 ! ip dhcp pool VLAN10 network 10.10.128.0 255.255.248.0 default-router 10.10.128.1 domain-name xxxxx lease 7 ! ip dhcp pool VLAN20 network 10.9.16.0 255.255.255.0 default-router 10.9.16.1 domain-name xxxxx lease 7 ! ip dhcp pool DMZone import all network 192.168.0.0 255.255.255.0 lease 7 ! ! ip domain name xxxxxx ip name-server 194.168.4.100 ip name-server 194.168.8.100 ip inspect name MyFirewall tcp ip inspect name MyFirewall udp ip inspect name MyFirewall pop3 ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ip urlfilter source-interface BVI20 ip urlfilter exclusive-domain deny doubleclick.net ip urlfilter urlf-server-log ip ddns update method xxxxx HTTP add http://xxxx:/nic/update?system=dyndns&hostname=&myip= interval maximum 0 1 0 0 ! ! multilink bundle-name authenticated ! ! username admin privilege 15 password 0 password username xxxxx privilege 15 view root secret 5 xxxxxx ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! bridge irb ! ! interface FastEthernet0 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet1 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet2 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet3 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet4 description $FW_OUTSIDE$ ip ddns update hostname xxxxx.dyndns.org ip ddns update xxxxx ip address dhcp ip access-group Internet-inbound-ACL in ip nat outside ip inspect MyFirewall out ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1460 duplex auto speed auto no cdp enable ! interface Dot11Radio0 no ip address ip route-cache flow no dot11 extension aironet ! encryption vlan 10 mode ciphers tkip ! encryption vlan 20 mode ciphers tkip ! ssid xxxxx ! ssid xxxxx ! mbssid speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2437 station-role root no cdp enable ! interface Dot11Radio0.10 encapsulation dot1Q 10 bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 spanning-disabled bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding ! interface Dot11Radio0.20 encapsulation dot1Q 20 bridge-group 20 bridge-group 20 subscriber-loop-control bridge-group 20 spanning-disabled bridge-group 20 block-unknown-source no bridge-group 20 source-learning no bridge-group 20 unicast-flooding ! interface Vlan1 no ip address ip route-cache flow ! interface Vlan10 description Internal Network 1 no ip address ip nat inside ip virtual-reassembly bridge-group 10 bridge-group 10 spanning-disabled ! interface Vlan20 description Guest Network 1 no ip address ip nat inside ip virtual-reassembly bridge-group 20 bridge-group 20 spanning-disabled ! interface Vlan30 description for DMZone ip address 192.168.0.1 255.255.255.0 ip route-cache flow ! interface BVI20 description Bridge to Guest Network 1$FW_INSIDE$ ip address 10.9.16.1 255.255.255.0 ip access-group Guest-ACL in ip nat inside ip virtual-reassembly ip route-cache flow ! interface BVI10 description Bridge to Internal Network 1$FW_INSIDE$ ip address 10.10.128.1 255.255.248.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip route-cache flow ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 dhcp ! ! ip http server ip http access-class 2 ip http secure-server ip nat inside source list 1 interface FastEthernet4 overload ! ip access-list extended Guest-ACL deny ip any 10.2.0.0 0.248.255.255 permit ip any any ip access-list extended Internet-inbound-ACL permit udp any eq bootps any eq bootpc permit icmp any any echo permit icmp any any echo-reply permit icmp any any traceroute permit gre any any permit esp any any ! logging trap warnings access-list 1 permit 10.2.0.0 0.248.255.255 access-list 1 permit 10.0.0.0 0.255.255.255 access-list 2 remark Auto generated by SDM Management Access feature access-list 2 remark SDM_ACL Category=1 access-list 2 permit 10.10.128.0 0.0.7.255 access-list 100 remark Auto generated by SDM Management Access feature access-list 100 remark SDM_ACL Category=1 access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq telnet access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq 22 access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq www access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq 443 access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq cmd access-list 100 deny tcp any host 10.10.128.1 eq telnet access-list 100 deny tcp any host 10.10.128.1 eq 22 access-list 100 deny tcp any host 10.10.128.1 eq www access-list 100 deny tcp any host 10.10.128.1 eq 443 access-list 100 deny tcp any host 10.10.128.1 eq cmd access-list 100 deny udp any host 10.10.128.1 eq snmp access-list 100 permit ip any any access-list 101 remark Only allow these hosts to access HTTP/S/SSH/ Telnet/RPC access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 10.10.128.0 0.0.7.255 any ! ! ! ! control-plane ! bridge 10 route ip bridge 20 route ip banner login ^CLogin Here:^C ! line con 0 logging synchronous no modem enable transport output telnet line aux 0 transport output telnet line vty 0 4 access-class 101 in password d1mma20 logging synchronous transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end
Reply to
mrflash
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.