CiscoForums.it

Inviato: **dom 23 nov , 2014 1:33 pm**

Ciao,

Mi sono appena iscritto al forum, spero di aver azzeccato la sezione.
Sto configurando il mio 877w con operatore Fastweb linea adsl 20M.
Solamente che quando collego il router non riesco a navigare, qualcuno porrebbe dirmi cosa sbaglio nella configurazione??

!
! Last configuration change at 18:36:28 IT Fri Mar 1 2002 by rossi
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.151-2.T1.bin
boot-end-marker
!
!
enable secret mia password
!
no aaa new-model
!
clock timezone IT 1 0
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid HomeNet
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii Mia password
!
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.0 10.10.10.1
!
ip dhcp pool Lan
network 10.10.10.0 255.255.255.0
dns-server 213.140.2.12
default-router 10.10.10.1
!
ip dhcp pool PC1-1
host 10.10.10.4 255.255.255.0
hardware-address 4016.7e29.c6f6
client-name Pc-1
!
ip dhcp pool Ra-3
host 10.10.10.11 255.255.255.0
hardware-address b827.eb9b.7a37
client-name Ra-3
!
ip dhcp pool PC-2
host 10.10.10.3 255.255.255.0
hardware-address 94de.80b3.5e62
client-name Pc-2
!
!
!
ip cef
no ip domain lookup
ip domain name rossi-casa.it
ip name-server 213.140.2.12
ip name-server 213.140.2.21
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
no ipv6 cef
!
multilink bundle-name authenticated
!
parameter-map type inspect global
log dropped-packets enable
!
!
archive
log config
hidekeys
username rossi password Mia Password
!
!
!
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no shutdown
no atm ilmi-keepalive
hold-queue 224 in
!
interface ATM0.1 point-to-point
description ADSL2+
ip address dhcp
ip access-group 101 in
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
atm route-bridged ip
pvc 8/36
encapsulation aal5snap
!
!
interface FastEthernet0
switchport access vlan 20
no cdp enable
!
interface FastEthernet1
switchport access vlan 20
no cdp enable
!
interface FastEthernet2
switchport access vlan 20
no cdp enable
!
interface FastEthernet3
switchport access vlan 30
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid HomeNet
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country IT indoor
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 20 native
ip virtual-reassembly in
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
shutdown
!
interface Vlan20
description Lan-WiFi
no ip address
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
bridge-group 1
!
interface Vlan30
no ip address
!
interface BVI1
ip address 10.10.10.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface ATM0.1 overload
ip nat inside source static tcp 10.10.10.4 4662 interface ATM0.1 4662
ip nat inside source static udp 10.10.10.4 4672 interface ATM0.1 4672
ip nat inside source static tcp 10.10.10.4 44396 interface ATM0.1 44396
ip nat inside source static udp 10.10.10.4 44396 interface ATM0.1 44396
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
logging esm config
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 101 remark Traffico abilitato ad entrare nel router da internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet
access-list 102 permit ip any host 10.10.10.1
access-list 102 deny ip any host 10.10.10.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner motd ^CCCCC Accesso non Consentito ^C
!
line con 0
password Mia password
login
no modem enable
line aux 0
line vty 0 4
password Mia password
login local
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
sntp server 207.46.197.32
sntp server 192.43.244.18
end

Grazie mille

Inviato: **mer 26 nov , 2014 1:18 pm**

Ciao,

Non navighi da rete WIFI o da LAN?
Mi sembra che tu abbia applicato l'ACL 101 sia alla ATM0 che alla ATM0.1, lascia l'ACL solamente sulla ATM0.1

Prova a vedere su questo Topic se può esserti utile:
http://www.ciscoforums.it/viewtopic.php?f=22&t=56323

Inviato: **mer 26 nov , 2014 2:07 pm**

Ciao,

Non navigo ne da lan che da wlan.

Ho provato anche a togliere l'acl ma non cambia nulla. Dopo aver fatto un debug dell'atm0 ho potuto verificare che l'ip da fastweb viene negoziato.
Però non navigo in ogni caso.

Qualche idea?

Inviato: **mer 26 nov , 2014 3:14 pm**

Ciao Riccardo,

Io pulirei la configurazione nel senso, almeno secondo il mio punto di vista, hai inserito BVI, diverse Vlan, Inspect, ACL
Farei una conf stringata stringata con solo la navigazione con:

1) Vlan 1 con IP address
2) ATM0.1 in Bridge Mode con IP Negotiated
3)Nat e IP Route

Se navighi inserisci le ACL, quindi la Parte WIFI

Inviato: **ven 28 nov , 2014 10:07 pm**

Intanto hai tutte le fastethernet assegnate alla vlan 20 che è la wifi, quindi di sicuro via cavo non navigherai mai.
Immagino che la vlan per la ethernet sia la vlan 1 (vedo un ip nat inside), ma non c'è configurato nessun ip e poi va assegnata ad almeno una delle fastethernet

Inviato: **sab 29 nov , 2014 12:13 pm**

Ciao,

Grazie per le dritte.
Il punto è che vorrei avere sia lan e WiFi sulla stessa vlan. Solo che non so bene come funzioni la BVI e quindi potrei aver fatto un po di confusione

Inviato: **sab 29 nov , 2014 3:41 pm**

Intanto questo non va bene:

Codice: Seleziona tutto

ip dhcp excluded-address 10.10.10.0 10.10.10.1
!
ip dhcp pool Lan
network 10.10.10.0 255.255.255.0
dns-server 213.140.2.12
default-router 10.10.10.1
!
ip dhcp pool PC1-1
host 10.10.10.4 255.255.255.0
hardware-address 4016.7e29.c6f6
client-name Pc-1
!
ip dhcp pool Ra-3
host 10.10.10.11 255.255.255.0
hardware-address b827.eb9b.7a37
client-name Ra-3
!
ip dhcp pool PC-2
host 10.10.10.3 255.255.255.0
hardware-address 94de.80b3.5e62
client-name Pc-2
!
!

Tu assegni staticamente gli ip 10.10.10.4,10.10.10.3 e 10.10.10.11, ma allo stesso tempo gli usi nel pool dhcp.

cambia il seguente comando:

Codice: Seleziona tutto

ip dhcp excluded-address 10.10.10.0 10.10.10.1

con:

Codice: Seleziona tutto

ip dhcp excluded-address 10.10.10.0 10.10.10.11

UNa domanda, se col cavo ti colleghi al router, ti rilascia correttamente gli ip della vlan 20?

Inviato: **sab 29 nov , 2014 4:17 pm**

Ok.

Si se mi collego con il cavo di rete ad una porta mi da un indirizzo del mio pool.

Inviato: **sab 29 nov , 2014 4:21 pm**

il 10.10.10.1 lo pinghi?

posta poi quello che ti dice il comando:

Codice: Seleziona tutto

sh ip route

Inviato: **sab 29 nov , 2014 4:26 pm**

Si lo pingo, ora non ho il router sotto mano.
Tra oggi e domani vedo di postare lo sh ip route.
Intanto grazie mille per l'aiuto

Inviato: **dom 18 gen , 2015 9:55 am**

Ciao ho avuto una serie d'imprevisti e non ho potuto continuare a configurare il router.
P.s Ho cancellato tutta la config e l'ho rifatta e adesso funziona

Codice: Seleziona tutto

!
! Last configuration change at 18:47:49 IT Sat Jan 17 2015
! NVRAM config last updated at 18:47:50 IT Sat Jan 17 2015
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Pollastro
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret 5 Mia password
!
no aaa new-model
!
clock timezone IT 1 0
crypto pki token default removal timeout 0
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool Lan
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 85.18.200.200
!
!
!
ip cef
ip domain name gallo-casa.it
ip name-server 85.18.200.200
ip name-server 89.97.140.140
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip inspect name Firewall time
ip inspect name Firewall timed
ip inspect name Firewall pop3s
ip inspect name Firewall imaps
ip inspect name Firewall ntp
ip inspect name Firewall bittorrent
ip inspect name Firewall echo
ip inspect name Firewall gnutella
ip inspect name Firewall kazaa2
ip inspect name Firewall ftps
no ipv6 cef
!
multilink bundle-name authenticated
!
parameter-map type inspect global
 log dropped-packets enable
!
!
username Mio ID secret Mia Password
!
!
!
!
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 ip address dhcp
 ip access-group anti-spoof in
 ip mtu 1492
 ip flow ingress
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 atm route-bridged ip
 pvc 8/36
  encapsulation aal5snap
 !
!
interface FastEthernet0
 switchport access vlan 20
!
interface FastEthernet1
 switchport access vlan 20
!
interface FastEthernet2
 switchport access vlan 20
!
interface FastEthernet3
 switchport access vlan 20
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan20
 ip address 10.10.10.1 255.255.255.0
 ip mtu 1492
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 no autostate
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface ATM0.1 overload
ip nat inside source static tcp 10.10.10.9 4662 interface ATM0.1 4662
ip nat inside source static udp 10.10.10.9 4672 interface ATM0.1 4672
ip nat inside source static tcp 10.10.10.9 44396 interface ATM0.1 44396
ip nat inside source static udp 10.10.10.9 44396 interface ATM0.1 44396
ip nat inside source static udp 10.10.10.9 9987 interface ATM0.1 9987
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended anti-spoof
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   icmp any any echo log
 permit gre any any
 permit ip any any
!
logging esm config
access-list 10 permit 10.10.10.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!
banner exec ^C
*** Ensure that you update the system configuration ***
*** documentation after making system changes.      ***
^C
banner login ^C
*** Login Required. Unauthorized use is prohibited ***
^C
banner motd ^C
This device is for authorized personnel only.
If you have not been provided with permission to
access this device - disconnect at once.
^C
!
line con 0
 password Mia password
 login
 no modem enable
line aux 0
line vty 0 4
 password Mia password
 login local
 transport input ssh
 transport output ssh
!
ntp server 193.204.114.231
ntp server 193.204.114.232
end

Adesso vorrei capire perche quando imposto il dhcp con la reservation il router non mi rilascia l'ip desiderato, ho provato a mettere anche un ip che sia compreso nel pool ma niente.

Codice: Seleziona tutto

ip dhcp pool PC1-1
host 10.10.10.9 255.255.255.0
hardware-address 4016.7e29.c6f6
client-name Pc-1

Inoltre ho provato a configurare anche il wifi con questa configurazione ma la velocità di navigazione del wifi è lentissima anche se sono vicinissimo al router

Codice: Seleziona tutto

Current configuration : 5016 bytes
!
! No configuration change since last restart
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Pollastro
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret Mia password
!
no aaa new-model
!
clock timezone IT 1 0
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid HomeNet
 authentication open
 authentication key-management wpa
 guest-mode
 wpa-psk ascii Mia password
!
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool Lan
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 85.18.200.200
!
!
!
ip cef
ip domain name gallo-casa.it
ip name-server 85.18.200.200
ip name-server 89.97.140.140
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip inspect name Firewall time
ip inspect name Firewall timed
ip inspect name Firewall pop3s
ip inspect name Firewall imaps
ip inspect name Firewall ntp
ip inspect name Firewall bittorrent
ip inspect name Firewall echo
ip inspect name Firewall gnutella
ip inspect name Firewall kazaa2
ip inspect name Firewall ftps
no ipv6 cef
!
multilink bundle-name authenticated
!
parameter-map type inspect global
 log dropped-packets enable
!
!
username Mio ID secret Mia password
!
!
!
!
!
!
bridge irb
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 ip address dhcp
 ip access-group anti-spoof in
 ip mtu 1492
 ip flow ingress
 ip nat outside
 ip inspect Fi
Jrewall out
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 atm route-bridged ip
 pvc 8/36
  encapsulation aal5snap
 !
!
interface FastEthernet0
 switchport access vlan 20
!
interface FastEthernet1
 switchport access vlan 20
!
interface FastEthernet2
 switchport access vlan 20
!
interface FastEthernet3
 switchport access vlan 20
!
interface Dot11Radio0
 no ip address
 no ip proxy-arp
 load-interval 30
 !
 encryption mode ciphers aes-ccm tkip
 !
 ssid HomeNet
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 station-role root
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan20
 no ip aanddress
 ip mtu 1492
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 no autostate
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.10.10.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface ATM0.1 overload
ip nat inside source static tcp 10.10.10.9 4662 interface ATM0.1 4662
ip nat inside source static udp 10.10.10.9 4672 interface ATM0.1 4672
ip nat inside source static tcp 10.10.10.9 44396 interface ATM0.1 44396
ip nat inside source static udp 10.10.10.9 44396 interface ATM0.1 44396
ip nat inside source static udp 10.10.10.9 9987 interface ATM0.1 9987
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended anti-spoof
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   icmp any any echo log
 permit gre any any
 permit ip any any
!
logging esm config
access-list 10 permit 10.10.10.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
*** Ensure that you update the system configuration ***
*** documentation after making system changes.      ***
^C
banner login ^C
*** Login Required. Unauthorized use is prohibited ***
^C
banner motd ^C
This device is for authorized personnel only.
If you have not been provided with permission to
access this device - disconnect at once.
^C
!
line con 0
 password Mia password
 login
 no modem enable
line aux 0
line vty 0 4
 password Mia password
 login local
 transport input ssh
 transport output ssh
!
ntp server 193.204.114.231
ntp server 193.204.114.232
end

Magari tutti questi problemi potrebbero esserei dei bug dell'ios

Codice: Seleziona tutto

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 15.1(2)T1, R                                                                                                                                                             ELEASE SOFTWARE (fc1)
System image file is "flash:c870-advipservicesk9-mz.151-2.T1.bin"

E come ultima cosa vorrei riuscire a configurare il router come server vpn
Sperò di non chiedere troppo aiuto

Grazie
Aspetto numerose risposte

CiscoForums.it

Config 877w Fastweb

Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb

Re: Config 877w Fastweb