Cisco 877W - Non riesco a connetermi da windows

[ManuelHd]

Ciao a tutti, sto cercando id configurare un cisco 877w, con linea ADSL 8M infostrada.
Fino ad ora ho impostato correttamente LAN e WAN, ma ho problemi con la connessione alla WLAN. Da windows, inserendo la password corrispondente al SSID non riesco a connettermi.
Ecco la configurazione:

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco877W
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret [...]
!
no aaa new-model
!
resource policy
!
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.221 192.168.0.254
!
ip dhcp pool dpool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.221
   dns-server 8.8.8.8 8.8.4.4
   lease infinite
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
!
!
!
bridge irb
!
!
interface ATM0
 no shutdown
 no ip address
 shutdown
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no shutdown
 no ip address
 no shutdown
 !
 broadcast-key vlan 1 change 45
 !
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid HDDPS
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 [...]
 !
 world-mode dot11d country IT both
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 station-role root
!
interface Dot11Radio0.1
 no shutdown
 encapsulation dot1Q 1 native
 no snmp trap link-status
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Dialer0
 ip address negotiated
 ip mtu 1490
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname benvenuto
 ppp chap password 7 0209174B02120A
 ppp pap sent-username benvenuto password 7 082E5F5E000D00
!
interface BVI1
 ip address 192.168.0.221 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 password 7 [...]
 login
!
scheduler max-task-time 5000
end

Qualcune vede dov'è il poroblema?

Inoltre, vorrei potermi autenticare tramite WPA2 (802.1x + AES-CCM + Key Management), ma a quanto pare l'aes non è disponibile fra le possibili scelte.

Come mai? ho visto altre configurazioni del 877w con IOS 12.4 che avevano

Codice: Seleziona tutto

authentication key-management aes-ccm

Ad ogni modo, anche autenticarmi solo con WPA (802.1x + TKIP + MIC + Key Management) sarebbe un buon risultato per me .

Grazie a tutti in anticipo!!

[ghira]

"Sh ver" cosa dice?

[ManuelHd]

Ciao ghira, grazie della risposta.

sh ver riporta:

Codice: Seleziona tutto

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Sat 11-Nov-06 00:28 by kellythw

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

cisco877W uptime is 2 minutes
System returned to ROM by power-on
System image file is "flash:c870-advsecurityk9-mz.124-4.T6.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FCZ105040NH
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Guardando un po' in giro mi rendo conto ora che è un po' vecchia, ma non ho a disposizione una versione più recente. Una versione aggiornata potrebbe essermi d'aiuto?

Già che ci sono posto anche

Codice: Seleziona tutto

show ip interface brief

, visto che prima non l'avervo fatto:

Codice: Seleziona tutto

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up
FastEthernet1              unassigned      YES unset  up                    down
FastEthernet2              unassigned      YES unset  up                    down
FastEthernet3              unassigned      YES unset  up                    down
Dot11Radio0                unassigned      YES TFTP   up                    up
Dot11Radio0.1              unassigned      YES unset  up                    up
ATM0                       unassigned      YES NVRAM  administratively down down
Vlan1                      unassigned      YES NVRAM  up                    up
Dialer0                    unassigned      YES NVRAM  up                    up
NVI0                       unassigned      YES unset  up                    up
BVI1                       192.168.0.221   YES NVRAM  up                    up
Virtual-Access1            unassigned      YES unset  up                    up
Virtual-Dot11Radio0        unassigned      YES TFTP   down                  down
Virtual-Dot11Radio0.1      unassigned      YES unset  down                  down

Qui l'ATM è down perché in questo momento il doppino non è connesso.

Grazie in anticipo per la risposta.
Manuel

[ghira]

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T6, RELEASE SOFTWARE (fc2)

L'ultima versione di 12.4T e' la 12.4(24)T5, quindi, si', da (4) a (24) avranno aggiunto varie cose.

E se ce la fai dovresti pensare di passare alla 15.0 o la 15.1 prima o poi.

[ManuelHd]

Uhm.. sai per caso dove posso trovare un IOS aggiornato? Non sono esperto in IOS, mi sembra non sia possibile scaricarlo direttamente dal loro sito.

Il router mi server come SOHO, quindi mi basterebbe anche la ver. 12(24), in modo da rimanere in linea con quei pochi comandi che ho imparato in questi giorni di configuraizone.

[ghira]

Uhm.. sai per caso dove posso trovare un IOS aggiornato? Non sono esperto in IOS, mi sembra non sia possibile scaricarlo direttamente dal loro sito.

Il router mi server come SOHO, quindi mi basterebbe anche la ver. 12(24), in modo da rimanere in linea con quei pochi comandi che ho imparato in questi giorni di configuraizone.

Nella 15.0 e 15.1 non cambia niente di fondamentale. Comunque, avresti bisogno di piu' flash+memoria. Su ebay
trovi gente che vende 32MB di flash + 128MB di RAM per un 877 per pochissimo. Vale la pena avere
lo spazio in piu'.

[ManuelHd]

Il fatto è che avrei bisogno di configurarlo entro breve tempo, e non vorrei spendere ulteriore denaro.

L'IOS 12.4(24) necessita di ulteriore RAM e flash memory o basta ciò che monta adesso il mio 877w?

Sai come posso ottenerlo?

Grazie,
Manuel

[ghira]

Il fatto è che avrei bisogno di configurarlo entro breve tempo, e non vorrei spendere ulteriore denaro.

L'IOS 12.4(24) necessita di ulteriore RAM e flash memory o basta ciò che monta adesso il mio 877w?

Sai come posso ottenerlo?

Grazie,
Manuel

Con 12.4(24)T5 non ci sono problemi. Per la memoria ecc. intendevo prima o poi, non oggi. Con solo
24 mega di flash _forse_ dovrai cancellare file inutili come IPS e SDM.

[ManuelHd]

Allora ho aggiornato l'IOS alla versione 12.4(24) ma ancora non riesco a connettermi tramite wireless.
Riesco a vedere il SSID ma quando cerco di connettermi, il router non mi autentica e windows mi dice che è impossibile connettersi.

questa la mia configurazione attuale

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco877W
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 52000
enable secret 5 [...]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 syslog
!
dot11 ssid HDDPS
 vlan 1
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii 7 [...]
!
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.221 192.168.0.254
!
ip dhcp pool dpool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.221
   dns-server 8.8.8.8 8.8.4.4
   lease infinite
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 ssid HDDPS
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 station-role root
 world-mode dot11d country IT both
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Dialer0
 ip address negotiated
 ip mtu 1490
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname benvenuto
 ppp chap password 7 0209174B02120A
 ppp pap sent-username benvenuto password 7 082E5F5E000D00
!
interface BVI1
 ip address 192.168.0.221 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 password 7 [...]
 login
!
scheduler max-task-time 5000
end

questo è ciò che mi da show ip interface brief:

Codice: Seleziona tutto

Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES manual administratively down down
BVI1                       192.168.0.221   YES manual up                    up
Dialer0                    unassigned      YES manual up                    up
Dot11Radio0                unassigned      YES manual up                    up
Dot11Radio0.1              unassigned      YES unset  up                    up
FastEthernet0              unassigned      YES unset  up                    up
FastEthernet1              unassigned      YES unset  up                    down
FastEthernet2              unassigned      YES unset  up                    down
FastEthernet3              unassigned      YES unset  up                    down
NVI0                       unassigned      NO  unset  up                    up
Virtual-Access1            unassigned      YES unset  up                    up
Vlan1                      unassigned      YES manual up                    up

questo è ciò che mi da show interface dot11Radio 0:

Codice: Seleziona tutto

 Hardware is 802.11G Radio, address is 001a.6d10.bf50 (bia 001a.6d10.bf50)
  MTU 1500 bytes, BW 54000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:01:38, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/126/0 (size/max/drops/flushes); Total output drops: 1
  Queueing strategy: fifo
  Output queue: 0/30 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1103 packets input, 57385 bytes, 0 no buffer
     Received 40650 broadcasts, 0 runts, 0 giants, 0 throttles
     3 input errors, 1274 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     1243 packets output, 42856 bytes, 0 underruns
     4 output errors, 0 collisions, 30 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

questo è ciò che mi da show interface dot11Radio 0.1:

Codice: Seleziona tutto

Dot11Radio0.1 is up, line protocol is up
  Hardware is 802.11G Radio, address is 001a.6d10.bf50 (bia 001a.6d10.bf50)
  MTU 1500 bytes, BW 54000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  1.
  ARP type: ARPA, ARP Timeout 04:00:00
  Last clearing of "show interface" counters never

questo è ciò che mi da show dot11 interface:

Codice: Seleziona tutto

 Interface Dot11Radio0 Statistics (Cumulative Total/
          Last 5 Seconds):
RECEIVER                               TRANSMITTER
Host Rx Bytes:        4893434 /5428    Host Tx Bytes:           6118562 /6958
Unicasts Rx:             1103 /   0    Unicasts Tx:                1640 /   0
Unicasts to host:        1103 /   0    Unicasts by host:           1640 /   0
Broadcasts Rx:          41542 /  46    Broadcasts Tx:             42407 /  49
Beacons Rx:             81454 /  92    Beacons Tx:                42407 /  49
Prob Req Rx:              704 /   0    Prob Resp Tx:                472 /   0
Broadcasts to host:     40838 /  46    Broadcasts by host:        42407 /  49
Multicasts Rx:              0 /   0    Multicasts Tx:                 0 /   0
Multicasts to host:         0 /   0    Multicasts by host:            0 /   0
Mgmt Packets Rx:        42646 /  46    Mgmt Packets Tx:           43531 /  49
RTS received:               0 /   0    RTS transmitted:               0 /   0
Duplicate frames:           0 /   0    CTS not received:              0 /   0
CRC errors:              1314 /   3    Unicast Fragments Tx:          0 /   0
WEP errors:                 0 /   0    Retries:                       9 /   0
Buffer full:                0 /   0    Packets one retry:             7 /   0
Host buffer full:           0 /   0    Packets > 1 retry:             1 /   0
Header CRC errors:          0 /   0    Protocol defers:               0 /   0
Invalid header:             0 /   0    Energy detect defers:          0 /   0
Length invalid:             0 /   0    Jammer detected:               0 /   0
Incomplete fragments:       0 /   0    Packets aged:                  0 /   0
Rx Concats:                 0 /   0    Tx Concats:                    0 /   0


PHY RX ERROR STATISTICS: total/last 5 sec (       3/   0)
Tx underrun:                 0 /   0    Error panic:                    0 /   0
Radar detect:                0 /   0    Abort:                          0 /   0
Tx override Rx:              0 /   0
OFDM timing:                 0 /   0    OFDM illegal parity:            0 /   0
OFDM illegal rate:           0 /   0    OFDM illegal length:            0 /   0
OFDM power drop:             0 /   0    OFDM illegal service:           0 /   0
OFDM restart:                3 /   0
CCK timing:                  0 /   0    CCK header CRC:                 0 /   0
CCK illegal rate:            0 /   0    CCK illegal service:            0 /   0
CCK restart:                 0 /   0    Misc errors:                    0 /   0


RATE 1.0 Mbps
Rx Packets:             41988 /  47    Tx Packets:                    0 /   0
Rx Bytes:             4884290 /5546    Tx Bytes:                      0 /   0
RTS Retries:                0 /   0    Data Retries:                  0 /   0

RATE 48.0 Mbps
Rx Packets:                 0 /   0    Tx Packets:                    6 /   0
Rx Bytes:                   0 /   0    Tx Bytes:                    610 /   0
RTS Retries:                0 /   0    Data Retries:                  1 /   0

RATE 54.0 Mbps
Rx Packets:                 0 /   0    Tx Packets:                  115 /   0
Rx Bytes:                   0 /   0    Tx Bytes:                   8726 /   0
RTS Retries:                0 /   0    Data Retries:                  8 /   0

Qualcuno vede il problema?

Qualche suggerimento?

Grazie,
Manuel

[ghira]

Non so quasi niente di wireless. so dell'esistenza di "ssid" e "access point" e, boh...

con google trovo cose come

http://www.vleeuwen.net/2009/05/877w-wireless-config

e

http://networking-forum.com/viewtopic.p ... 1&start=10

ci sono dei comandi "debug" utili? prova "debug dot11 ?". e fai "term mon" se sei entrato
via telnet o ssh.

[ghira]

http://www.certforums.co.uk/forums/rout ... onfig.html

http://www.certforums.co.uk/forums/gene ... tions.html

[ManuelHd]

Ok, risolto dopo diversi tentativi.

Questa é la mia configurazione con Wireless e LAN nella stessa VLAN, wirerless wpa2 psk con crittografia aes.

La configurazione non è definitiva, in quanto mancano probabilemente alcuni accorgimenti sulla sicurezza e sulla qualità del segnale, che non ho ancora imparato.

A questo proposito accetto volentieri consigli, e sicuramente vi romperò ancora le scatole qui sul forum

Un ringraziamento particolare a ghira, che è stato estremamente gentile e disponibile.

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco877W
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 [...]
!
no aaa new-model
!
resource policy
!
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip cef
!
!
!
dot11 ssid HDDPS
 vlan 1
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii 7 [...]
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.221 192.168.0.254
!
ip dhcp pool dpool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.221
   dns-server 8.8.8.8 8.8.4.4
   lease infinite
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
!
!
!
bridge irb
!
!
interface ATM0
 no shutdown
 no ip address
 shutdown
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no dot11 extension aironet
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 ssid HDDPS
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 station-role root
 channel least-congested 2412 2437 2462
 world-mode dot11d country IT both
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 ip flow ingress
 ip virtual-reassembly
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Dialer0
 ip address negotiated
 ip mtu 1490
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname benvenuto
 ppp chap password 7 0209174B02120A
 ppp pap sent-username benvenuto password 7 082E5F5E000D00
!
interface BVI1
 ip address 192.168.0.221 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 password 7 [...]
 login
!
scheduler max-task-time 5000
end