Pagina 1 di 1
Problemi con DHCP WIFI su 887W
Inviato: mar 18 set , 2012 8:11 pm
da Alex13
Rieccomi quà, ho guasi completato la configurazion del mio nuovo 887W, ma mi sono imbattuto in un problema... in poche parole ho configurao due SSID WIFI associati ciscuno ad un indirizzo IP diverso il problema è che uno mi funziona benissimo VLAN 1 mentre l'altro (collegato sulla VLAN 2 ssid = Nutralife Free WIFI) no... quando mi provo a collegare non mi restituisce nessun indirizzo IP...
invio configurazione del WIFI
Codice: Seleziona tutto
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Nutralife_AP
!
logging rate-limit console 9
enable secret 5 $1$a1L/$kl/qFESSfse7KxMiqK0i41
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid Nutralife Free WIFI
vlan 2
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxx
!
dot11 ssid Nutralife_intranet
vlan 1
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 xxxxxxxxxxxxxx
!
!
!
username admin privilege 15 secret 5 $1$BLl8$QQVaJim3tOgbk/0l24jbX.
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
broadcast-key vlan 2 change 30
!
!
ssid Nutralife Free WIFI
!
ssid Nutralife_intranet
!
antenna gain 0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 192.168.1.3 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
Re: Problemi con DHCP WIFI su 887W
Inviato: mar 18 set , 2012 8:14 pm
da Alex13
e quella del router
Codice: Seleziona tutto
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Nutralife
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$1slc$7MfSxs/VoerugCILJlSXN.
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
!
!
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.19
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool Nutralife
import all
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.1.1
lease 6
!
ip dhcp pool nutralife_public
import all
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.10.10.1
!
!
no ip bootp server
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 212.216.112.112
ip name-server 212.216.172.62
ip ddns update method ccp_ddns1
DDNS both
!
ip cef
!
parameter-map type regex ccp-regex-nonascii
pattern [^\x00-\x80]
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
!
license udi pid C887VA-W-E-K9 sn FCZ1635C10A
!
!
object-group network group1
description ret interna
192.168.1.0 255.255.255.0
!
object-group network group2
description rete esterna
10.10.10.0 255.255.255.0
!
username admin privilege 15 view root secret 5 $1$LMWd$e1MGXGBwCcHgYm7BKRH3F.
!
!
!
!
!
controller VDSL 0
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect smtp match-any ccp-app-smtp
match data-length gt 5000000
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect http match-any ccp-app-nonascii
match req-resp header regex ccp-regex-nonascii
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol tcp
match protocol udp
class-map type inspect pop3 match-any ccp-app-pop3
match invalid-command
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 101
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method post
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
match request port-misuse tunneling
match req-resp protocol-violation
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect match-all ccp-protocol-smtp
match protocol smtp
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
!
policy-map type inspect urlfilter cppolicymap-1
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
reset
policy-map type inspect smtp ccp-action-smtp
class type inspect smtp ccp-app-smtp
reset
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
reset
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-protocol-smtp
inspect
service-policy smtp ccp-action-smtp
class type inspect ccp-protocol-imap
inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
drop log
class type inspect ccp-protocol-im
drop log
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
reset
class type inspect http ccp-app-httpmethods
log
reset
class type inspect http ccp-app-nonascii
log
reset
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
!
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description physical ADSL WAN port
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan1
description LAN vlan$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface Vlan2
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
!
interface Dialer0
description Connection to ADSL$FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxpassword 7 xxxxxxxxxxxxxxx
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 deny any
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
!
!
!
banner login ^CAttenzione !! Accesso Negato, proprieta di Nutralife Srl Italia.
^C
!
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler allocate 20000 1000
scheduler interval 500
!
end
Re: Problemi con DHCP WIFI su 887W
Inviato: mer 19 set , 2012 7:42 am
da Rizio
Non ho letto la conf perchè sono di fretta ma prova a vedere la voce "dhcp relay" applicata alla vlan che non ti va.
Rizio
Re: Problemi con DHCP WIFI su 887W
Inviato: mer 19 set , 2012 5:36 pm
da Alex13
Rizio ha scritto:Non ho letto la conf perchè sono di fretta ma prova a vedere la voce "dhcp relay" applicata alla vlan che non ti va.
Rizio
scusa davvero l'ignoranza, ma da dove posso settare tale parametro?
![Sad :(](./images/smilies/icon_sad.gif)
Re: Problemi con DHCP WIFI su 887W
Inviato: gio 20 set , 2012 7:53 am
da Rizio
Scusa ma tu la vedi la vlan 2 del router sul ap?
Perchè immagino che i due apparati siano collegati ma non vedo l'interfaccia in trunk con cui li colleghi.
E se non hai nessuna interfaccia in trunk tra i 2 apparati e nessuna interfaccia sulla vlan 2 l'unica vlan che passa nel cavo è la 1 ed è per quello che non ti funziona.
Sull'AP vedo che hai le 2 virtuali (G0/0.1 e G0/0.2 per le rispettive vlan) ma sul router non ho visto nulla in trunk per far transitare le 2 vlan.
Se è la fastethernet 0 sul router quella che usi per collegarti verso l'AP devi metterla in trunk.
Se non ti accetta il comando per metterla in trunk vuol dire che è un'ethernet tipo router e non tipo switch non ti accetta il comando switchport che ti serve per gestire le vlan e l'unico sistema che hai per far transitare le vlan è simile a quello che hai fatto sull'AP, delle subinterface.
Per far la prova comunque dovrebbe bastare mettere il cavo che va verso l'AP su una delle altre quattro interfacce e dare lì il comando
.
Se è come penso dovrebbe bastare altrimenti cè da approfondire meglio il discorso.
Rizio
Re: Problemi con DHCP WIFI su 887W
Inviato: gio 20 set , 2012 9:17 am
da Alex13
.... il cavo?
In realtà l'AP è integrato nel router essendo l'887 W e sul router vedo la Vlan2. Ieri ho provato a rimuovere la Vlan2 da router e ricrearla e sembra che abbia preso a funzionare (infatti vedo che sul PC mi appare l'indirizzo 10.10.10.5) però non si connette a internet... eppure il NAT l'ho configurato ... almeno credo...
Re: Problemi con DHCP WIFI su 887W
Inviato: gio 20 set , 2012 9:57 am
da Rizio
Hai postato la conf separata e pensavo che usassi l'877 solo come wireless.
Il fatto che ricreandla abbia preso ad andare può voler dire che era in disable, non sò, altro motivo non mi viene in mente.
Per la navigazione prova a riscrivere questa
cosi
Rizio
Re: Problemi con DHCP WIFI su 887W
Inviato: gio 20 set , 2012 6:31 pm
da Alex13
risolto !!! che errore stupido, mi vergogno anche a dirlo... avevo sbagliato ad inserire il default server nella parte del dhcp che differiva da qullo impostato nella VLAN 2...
grazie tante Rizio
![Very Happy :D](./images/smilies/icon_biggrin.gif)
Re: Problemi con DHCP WIFI su 887W
Inviato: ven 21 set , 2012 8:32 am
da Rizio
Bene, meglio cosi dai, la caccia alle streghe è sempre difficile per me
![Smile :)](./images/smilies/icon_smile.gif)