Configurazione SSID per ospiti

Configurazioni per connettività ADSL, ISDN e switch per privati e piccole network

Moderatore: Federico.Lagni

Rispondi
ManuelHd
n00b
Messaggi: 23
Iscritto il: lun 27 giu , 2011 12:12 am

Ciao a tutti,

possiedo un router 877w, vorrei attivare una connessione wireless per gli ospiti, oltre a quella che utilizzo normalmente per i dispositivi che ho in casa.

Ho scritto quella che mi sembra essere un configurazione sensata, e infatti il pc "ospite" riesce a connettersi alla rete per gli ospiti, riceve l'ip dal server dhcp e gli indirizzi dns, pinga l'indirizzo gateway del router, ma non riesce a connettersi a internet.
Potrebbe essere qualche regola acl mancante?

ecco la config:

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco877W
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 52000
enable secret [...]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 syslog
!
dot11 ssid HDDPS
 vlan 1
 authentication open
 authentication key-management wpa
 wpa-psk ascii [...]
!
dot11 ssid HDDPS (guest)
 vlan 3
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii [...]
!
ip source-route
!
!
ip dhcp excluded-address 192.168.0.221 192.168.0.254
ip dhcp excluded-address 192.168.3.221 192.168.3.254
!
ip dhcp pool dpool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.221
   dns-server 8.8.8.8 8.8.4.4
   lease infinite
!
ip dhcp pool STATIC-WD-NAS
   host 192.168.0.3 255.255.255.0
   client-identifier 0100.90a9.8147.5d
   client-name WD-NAS
!
ip dhcp pool dpool3
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.221
   dns-server 8.8.8.8 8.8.4.4
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode adsl2+
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no dot11 extension aironet
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 encryption vlan 3 mode ciphers tkip
 !
 ssid HDDPS
 !
 ssid HDDPS (guest)
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel least-congested 2412 2437 2462
 station-role root
 world-mode dot11d country IT both
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 ip flow ingress
 ip virtual-reassembly
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 ip flow ingress
 ip virtual-reassembly
 no cdp enable
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 spanning-disabled
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
!
interface Vlan1
 description internal Vlan
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Vlan3
 description guest wireless Vlan
 no ip address
 bridge-group 3
!
interface Vlan4
 no ip address
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname benvenuto
 ppp chap password 7 0209174B02120A
 ppp pap sent-username benvenuto password 7 082E5F5E000D00
!
interface BVI1
 ip address 192.168.0.221 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface BVI3
 ip address 192.168.3.221 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 3 protocol ieee
bridge 3 route ip
banner login ^C
*************************************************************
************** Unauthorized access prohibited ***************
* Disconnect IMMEDIATELY if you are not an authorized user! *
*************************************************************
^C
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 session-timeout 10
 password [...]
 login
!
scheduler max-task-time 5000
ntp server 1.it.pool.ntp.org
!
end
Grazie,
Manuel
Top
ManuelHd
n00b
Messaggi: 23
Iscritto il: lun 27 giu , 2011 12:12 am

Ok, risolto.
Fondamentalmente era un problema di acl, bastava unire l'access list per la vlan3 (access-list 3) all'access-list 1 che è quella usata effettivamente dal dialer 0, tramite dialer-group 1.

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco877W
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 52000
enable secret [...]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 syslog
!
dot11 ssid HDDPS
 vlan 1
 authentication open
 authentication key-management wpa
 wpa-psk ascii [...]
!
dot11 ssid HDDPS (guest)
 vlan 3
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii [...]
!
ip source-route
!
!
ip dhcp excluded-address 192.168.0.221 192.168.0.254
ip dhcp excluded-address 192.168.3.221 192.168.3.254
!
ip dhcp pool dpool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.221
   dns-server 8.8.8.8 8.8.4.4
   lease infinite
!
ip dhcp pool STATIC-WD-NAS
   host 192.168.0.3 255.255.255.0
   client-identifier 0100.90a9.8147.5d
   client-name WD-NAS
!
ip dhcp pool dpool3
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.221
   dns-server 8.8.8.8 8.8.4.4
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode adsl2+
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no dot11 extension aironet
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 encryption vlan 3 mode ciphers tkip
 !
 ssid HDDPS
 !
 ssid HDDPS (guest)
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel least-congested 2412 2437 2462
 station-role root
 world-mode dot11d country IT both
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 ip flow ingress
 ip virtual-reassembly
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 ip flow ingress
 ip virtual-reassembly
 no cdp enable
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 spanning-disabled
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
!
interface Vlan1
 description internal Vlan
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Vlan3
 description guest wireless Vlan
 no ip address
 bridge-group 3
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname benvenuto
 ppp chap password 7 0209174B02120A
 ppp pap sent-username benvenuto password 7 082E5F5E000D00
!
interface BVI1
 ip address 192.168.0.221 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface BVI3
 ip address 192.168.3.221 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255                <---------
access-list 101 deny   ip any 192.168.0.0 0.0.0.255
access-list 101 permit ip any any
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 3 protocol ieee
bridge 3 route ip
banner login ^C
*************************************************************
************** Unauthorized access prohibited ***************
* Disconnect IMMEDIATELY if you are not an authorized user! *
*************************************************************
^C
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 session-timeout 10
 password 7 095F1E1D4A0815131E1E23
 login
!
scheduler max-task-time 5000
ntp server 1.it.pool.ntp.org
!
end
Le regole:

Codice: Seleziona tutto

access-list 101 deny   ip any 192.168.0.0 0.0.0.255
access-list 101 permit ip any any
applicate a BVI3 servono per non far vedere gli "host casalinghi" agli "host ospiti".

Manuel
Top
Rispondi

Torna a “Configurazioni End User”