877W - Alice business e 2 lan WIFI

[pinguins76]

Buongiorno, stò configurando l'adsl in oggetto per un ufficio, quelli di telecom mi hanno comunicato solo l'IP pubblico ma non mi hanno dato informazioni riguardo la modalità di accesso alla linea (autenticazione , pvc e encapsulation)presumo sia uguale a quella home, ma poi magari più in avanti vedrò di documentarmi meglio. Per ora vorrei sapere come configurare 2 reti Wifi, una delle due deve avere lo stesso indirizzamento di quella cablata e la seconda deve essere riservata solo agli ospiti ma soprattutto non deve poter accedere al server che si trova sulla cablata. Per adesso la mia configurazione è così:

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname SLV01
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-257969841
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-257969841
revocation-check none
rsakeypair TP-self-signed-257969841
!
!
crypto pki certificate chain TP-self-signed-257969841
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353739 36393834 31301E17 0D303230 33303130 32343133
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 37393639
38343130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BEFC064B 13B481F5 AD55A30C D0091A1E D34260E0 9DA45B06 00CE4E73 8578CE43
A465D285 410EB172 224703C5 3C889F67 C9BAE363 858A354F 2B45EF57 0E57C321
7E7642D3 E6862F2D CE6B4111 83B91864 F35C855C 5C9314AE 10A5F72D 4E0ACFF2
639D0F72 B05BAEBB DD22D427 7BC9F294 8DEF9CFA 37938DC4 4256A24B 4018A4C5
02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D
11041A30 18821653 4C563031 2E616C69 63656275 73696E65 73732E69 74301F06
03551D23 04183016 801408BD 73ABA735 4C74E7E2 859454B8 C236C9DD EB01301D
0603551D 0E041604 1408BD73 ABA7354C 74E7E285 9454B8C2 36C9DDEB 01300D06
092A8648 86F70D01 01040500 03818100 AFF60BBD 0865EBDF 27AE026A 250C2362
8816C317 A8629026 D3A2FD85 BCC31F10 A8B10280 97A71844 5703A504 F213761E
ED3EF8F3 0827530B 4DF9FF8C FD2048DE 402DBE5A 6905A77C 3AAAE683 014B2D39
B000D8C7 5C20CFE1 312578EF CF303244 5ECA5FC3 A6254B0E B2EEC05F B94B6F87
886147C0 7B5D41A9 147E5886 E6A258B4
quit
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.2
!
ip dhcp pool LAN_INTERNA
network 10.0.0.0 255.255.255.240
default-router 10.0.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool LAN_OSPITI
network 10.0.1.0 255.255.255.240
default-router 10.0.1.1
dns-server 8.8.8.8 8.8.4.4
domain-name wr
lease infinite
!
!
ip inspect name conn-uscenti ftp
ip inspect name conn-uscenti smtp
ip inspect name conn-uscenti udp
ip inspect name conn-uscenti tcp
ip inspect name conn-uscenti tftp
ip inspect name conn-entranti smtp
ip inspect name conn-entranti http
ip inspect name conn-entranti tcp
ip inspect name conn-entranti udp
no ip bootp server
no ip domain lookup
ip domain name alicebusiness.it
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
username XXXX password 0 XXXX
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Interfaccia ATM0.1 - Connessione ADSL
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
pvc 8/35
pppoe-client dial-pool-number 1

!
interface FastEthernet0
switchport access vlan 1
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country IT both
!
interface Vlan1
description LAN INTERNA
ip address 10.0.0.1 255.255.255.240
ip nat inside
ip virtual-reassembly
!
interface Vlan2
description LAN OSPITI
ip address 10.0.1.1 255.255.255.240
ip nat inside
ip virtual-reassembly
!
interface Dialer0
description Interfaccia Dialer0/0 - Alice Mega ADSL 7Mbit/s
ip address 95.225.185.214 255.255.255.252
ip access-group 101 in
ip mtu 1492
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXXX password 7 XXXX
!
ip forward-protocol nd
no ip forward-protocol udp bootps
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation timeout 420
ip nat translation syn-timeout 40
ip nat translation max-entries 5000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 10.0.0.0 0.0.255.255
no cdp run
!
!
!
control-plane
!
banner login ^CCCCC
|| ||
|| ||
|||| ||||
..|||||:..|||||:..
Cisco Systems Inc.
-
877W @ 95.225.185.214

*** Accesso alla configurazione del router. Ogni accesso viene loggato ***^C
banner prompt-timeout ^CCCCC
La sessione di lavoro e' scaduta. Per continuare e' necessario
riautenticarsi.^C

!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
end

Naturalmente si accettano consigli anche su come migliorare la configuazione postata.

Grazie

[pinguins76]

ho risolto per quanto riguarda le due WLAN, adesso l'ATM si allinea, riceve l'indirizzo pubblico ma non navigo. Dal router pingo i dns ma non pingo i PC connessi.

di seguito la configurazione:

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname SLV01
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-257969841
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-257969841
revocation-check none
rsakeypair TP-self-signed-257969841
!
!
crypto pki certificate chain TP-self-signed-257969841
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353739 36393834 31301E17 0D303230 33303130 32343133
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 37393639
38343130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BEFC064B 13B481F5 AD55A30C D0091A1E D34260E0 9DA45B06 00CE4E73 8578CE43
A465D285 410EB172 224703C5 3C889F67 C9BAE363 858A354F 2B45EF57 0E57C321
7E7642D3 E6862F2D CE6B4111 83B91864 F35C855C 5C9314AE 10A5F72D 4E0ACFF2
639D0F72 B05BAEBB DD22D427 7BC9F294 8DEF9CFA 37938DC4 4256A24B 4018A4C5
02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D
11041A30 18821653 4C563031 2E616C69 63656275 73696E65 73732E69 74301F06
03551D23 04183016 801408BD 73ABA735 4C74E7E2 859454B8 C236C9DD EB01301D
0603551D 0E041604 1408BD73 ABA7354C 74E7E285 9454B8C2 36C9DDEB 01300D06
092A8648 86F70D01 01040500 03818100 AFF60BBD 0865EBDF 27AE026A 250C2362
8816C317 A8629026 D3A2FD85 BCC31F10 A8B10280 97A71844 5703A504 F213761E
ED3EF8F3 0827530B 4DF9FF8C FD2048DE 402DBE5A 6905A77C 3AAAE683 014B2D39
B000D8C7 5C20CFE1 312578EF CF303244 5ECA5FC3 A6254B0E B2EEC05F B94B6F87
886147C0 7B5D41A9 147E5886 E6A258B4
quit
dot11 syslog
!
dot11 ssid Ospiti
vlan 2
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 XXX
!
dot11 ssid Studio
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 XXX
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1
ip dhcp excluded-address 10.10.1.2
ip dhcp excluded-address 10.10.2.1
!
ip dhcp pool LAN_OSPITI
network 10.10.2.0 255.255.255.240
default-router 10.10.2.1
dns-server 8.8.8.8 8.8.4.4
lease 1 15
!
ip dhcp pool LAN_INTERNA
network 10.10.1.0 255.255.255.240
default-router 10.10.1.1
dns-server 8.8.8.8 8.8.4.4
lease 1 15
!
!
ip inspect name conn-uscenti ftp
ip inspect name conn-uscenti smtp
ip inspect name conn-uscenti udp
ip inspect name conn-uscenti tcp
ip inspect name conn-uscenti tftp
ip inspect name conn-entranti smtp
ip inspect name conn-entranti http
ip inspect name conn-entranti tcp
ip inspect name conn-entranti udp
no ip bootp server
no ip domain lookup
ip domain name alicebusiness.it
ip name-server 208.67.222.222
ip name-server 208.67.220.220
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
username XXX password 0 XXX
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Interfaccia ATM0.1 - Connessione ADSL
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers tkip
!
ssid Ospiti
!
ssid Studio
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
world-mode dot11d country IT both
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
description LAN INTERNA
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan2
description LAN OSPITI
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface Dialer0
description Interfaccia Dialer0/0 - Alice Mega ADSL 7Mbit/s
bandwidth 8096
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXX password 7 XXX
!
interface BVI1
ip address 10.10.1.1 255.255.255.0
!
interface BVI2
ip address 10.10.2.1 255.255.255.0
!
ip default-gateway 10.10.1.1
ip forward-protocol nd
no ip forward-protocol udp bootps
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation timeout 420
ip nat translation syn-timeout 40
ip nat translation max-entries 5000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 10.10.0.0 0.0.255.255
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
banner login ^CCCCCCCC
|| ||
|| ||
|||| ||||
..|||||:..|||||:..
Cisco Systems Inc.
-
877W @ SLV01

*** Accesso alla configurazione del router. Ogni accesso viene loggato ***^C
banner prompt-timeout ^CCCCCCCC
La sessione di lavoro e' scaduta. Per continuare e' necessario
riautenticarsi.^C
!
line con 0
password XXX
login
no modem enable
transport output all
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
password XXX
login
transport input all
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
end


Dove sbaglio???

Grazie

[pinguins76]

stasera ho fatto delle prove e i risultati sono questi:

dal Router pingo i DNS e i PC

dal PC pingo l'IP pubblico (dialer) e la vlan, ma non pingo i DNS

dove sbaglio?

Grazie all'anima pia che mi aiuterà!

[pinguins76]

grazie per l'intervento ma sono riuscito a risolvere.