Problemi con DHCP WIFI su 887W

Alex13 · mar 18 set , 2012 8:11 pm

Rieccomi quà, ho guasi completato la configurazion del mio nuovo 887W, ma mi sono imbattuto in un problema... in poche parole ho configurao due SSID WIFI associati ciscuno ad un indirizzo IP diverso il problema è che uno mi funziona benissimo VLAN 1 mentre l'altro (collegato sulla VLAN 2 ssid = Nutralife Free WIFI) no... quando mi provo a collegare non mi restituisce nessun indirizzo IP...

invio configurazione del WIFI

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Nutralife_AP
!
logging rate-limit console 9
enable secret 5 $1$a1L/$kl/qFESSfse7KxMiqK0i41
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid Nutralife Free WIFI
   vlan 2
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxx
!
dot11 ssid Nutralife_intranet
   vlan 1
   authentication open 
   authentication key-management wpa version 2
   wpa-psk ascii 7 xxxxxxxxxxxxxx
!
!
!
username admin privilege 15 secret 5 $1$BLl8$QQVaJim3tOgbk/0l24jbX.
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1 mode ciphers aes-ccm tkip 
 !
 encryption vlan 2 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 2 change 30
 !
 !
 ssid Nutralife Free WIFI
 !
 ssid Nutralife_intranet
 !
 antenna gain 0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface GigabitEthernet0
 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
 no ip address
 no ip route-cache
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
interface BVI1
 ip address 192.168.1.3 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!

Alex13 · mar 18 set , 2012 8:14 pm

e quella del router

Codice: Seleziona tutto

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Nutralife
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$1slc$7MfSxs/VoerugCILJlSXN.
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local 
!
!
!
!
!
aaa session-id common
!
!
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.19
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool Nutralife
 import all
 network 192.168.1.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4 
 default-router 192.168.1.1 
 lease 6
!
ip dhcp pool nutralife_public
 import all
 network 10.10.10.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4 
 default-router 10.10.10.1 
!
!
no ip bootp server
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 212.216.112.112
ip name-server 212.216.172.62
ip ddns update method ccp_ddns1
 DDNS both
!
ip cef
!
parameter-map type regex ccp-regex-nonascii
 pattern [^\x00-\x80]

parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com

!
license udi pid C887VA-W-E-K9 sn FCZ1635C10A
!
!
object-group network group1 
 description ret interna
 192.168.1.0 255.255.255.0
!
object-group network group2 
 description rete esterna
 10.10.10.0 255.255.255.0
!
username admin privilege 15 view root secret 5 $1$LMWd$e1MGXGBwCcHgYm7BKRH3F.
!
!
!
!
!
controller VDSL 0
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect imap match-any ccp-app-imap
 match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
 match protocol edonkey signature
 match protocol gnutella signature
 match protocol kazaa2 signature
 match protocol fasttrack signature
 match protocol bittorrent signature
class-map type inspect smtp match-any ccp-app-smtp
 match data-length gt 5000000
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect http match-any ccp-app-nonascii
 match req-resp header regex ccp-regex-nonascii
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
 match protocol ymsgr yahoo-servers
 match protocol msnmsgr msn-servers
 match protocol aol aol-servers
class-map type inspect match-all ccp-protocol-pop3
 match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol dns
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol tcp
 match protocol udp
class-map type inspect pop3 match-any ccp-app-pop3
 match invalid-command
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 101
class-map type inspect http match-any ccp-app-httpmethods
 match request method bcopy
 match request method bdelete
 match request method bmove
 match request method bpropfind
 match request method bproppatch
 match request method connect
 match request method copy
 match request method delete
 match request method edit
 match request method getattribute
 match request method getattributenames
 match request method getproperties
 match request method index
 match request method lock
 match request method mkcol
 match request method mkdir
 match request method move
 match request method notify
 match request method options
 match request method poll
 match request method post
 match request method propfind
 match request method proppatch
 match request method put
 match request method revadd
 match request method revlabel
 match request method revlog
 match request method revnum
 match request method save
 match request method search
 match request method setattribute
 match request method startrev
 match request method stoprev
 match request method subscribe
 match request method trace
 match request method unedit
 match request method unlock
 match request method unsubscribe
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect http match-any ccp-http-blockparam
 match request port-misuse im
 match request port-misuse p2p
 match request port-misuse tunneling
 match req-resp protocol-violation
class-map type inspect match-all ccp-protocol-imap
 match protocol imap
class-map type inspect match-all ccp-protocol-smtp
 match protocol smtp
class-map type inspect match-all ccp-protocol-http
 match protocol http
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-protocol-p2p
 match class-map ccp-cls-protocol-p2p
class-map type inspect match-all ccp-protocol-im
 match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
!
policy-map type inspect urlfilter cppolicymap-1
policy-map type inspect pop3 ccp-action-pop3
 class type inspect pop3 ccp-app-pop3
  log
  reset
policy-map type inspect smtp ccp-action-smtp
 class type inspect smtp ccp-app-smtp
  reset
policy-map type inspect imap ccp-action-imap
 class type inspect imap ccp-app-imap
  log
  reset
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-protocol-smtp
  inspect 
  service-policy smtp ccp-action-smtp
 class type inspect ccp-protocol-imap
  inspect 
  service-policy imap ccp-action-imap
 class type inspect ccp-protocol-pop3
  inspect 
  service-policy pop3 ccp-action-pop3
 class type inspect ccp-protocol-p2p
  drop log
 class type inspect ccp-protocol-im
  drop log
 class type inspect ccp-insp-traffic
  inspect 
 class type inspect ccp-sip-inspect
  inspect 
 class type inspect ccp-h323-inspect
  inspect 
 class type inspect ccp-h323annexe-inspect
  inspect 
 class type inspect ccp-h225ras-inspect
  inspect 
 class type inspect ccp-h323nxg-inspect
  inspect 
 class type inspect ccp-skinny-inspect
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
policy-map type inspect http ccp-action-app-http
 class type inspect http ccp-http-blockparam
  log
  reset
 class type inspect http ccp-app-httpmethods
  log
  reset
 class type inspect http ccp-app-nonascii
  log
  reset
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
! 
!
!
!
!
!
!
!
!
interface Null0
 no ip unreachables
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 description physical ADSL WAN port
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 no ip address
!
interface wlan-ap0
 description Embedded Service module interface to manage the embedded AP
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
!
interface Vlan1
 description LAN vlan$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
interface Vlan2
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
!
interface Dialer0
 description Connection to ADSL$FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxxxxx
 ppp chap password 7 xxxxxxxxxxxxxxxxxx
 ppp pap sent-username xxxxxxxxxxxxxxpassword 7 xxxxxxxxxxxxxxx
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 deny   any
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
!
!
!
banner login ^CAttenzione !! Accesso Negato, proprieta di Nutralife Srl Italia.


^C
!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 20000 1000
scheduler interval 500
!
end

Rizio · mer 19 set , 2012 7:42 am

Non ho letto la conf perchè sono di fretta ma prova a vedere la voce "dhcp relay" applicata alla vlan che non ti va.

Rizio

Alex13 · mer 19 set , 2012 5:36 pm

Rizio ha scritto:Non ho letto la conf perchè sono di fretta ma prova a vedere la voce "dhcp relay" applicata alla vlan che non ti va.

Rizio

scusa davvero l'ignoranza, ma da dove posso settare tale parametro?

Rizio · gio 20 set , 2012 7:53 am

Scusa ma tu la vedi la vlan 2 del router sul ap?
Perchè immagino che i due apparati siano collegati ma non vedo l'interfaccia in trunk con cui li colleghi.
E se non hai nessuna interfaccia in trunk tra i 2 apparati e nessuna interfaccia sulla vlan 2 l'unica vlan che passa nel cavo è la 1 ed è per quello che non ti funziona.
Sull'AP vedo che hai le 2 virtuali (G0/0.1 e G0/0.2 per le rispettive vlan) ma sul router non ho visto nulla in trunk per far transitare le 2 vlan.
Se è la fastethernet 0 sul router quella che usi per collegarti verso l'AP devi metterla in trunk.
Se non ti accetta il comando per metterla in trunk vuol dire che è un'ethernet tipo router e non tipo switch non ti accetta il comando switchport che ti serve per gestire le vlan e l'unico sistema che hai per far transitare le vlan è simile a quello che hai fatto sull'AP, delle subinterface.
Per far la prova comunque dovrebbe bastare mettere il cavo che va verso l'AP su una delle altre quattro interfacce e dare lì il comando

Codice: Seleziona tutto

switchport mode trunk

.

Se è come penso dovrebbe bastare altrimenti cè da approfondire meglio il discorso.
Rizio

Alex13 · gio 20 set , 2012 9:17 am

.... il cavo?
In realtà l'AP è integrato nel router essendo l'887 W e sul router vedo la Vlan2. Ieri ho provato a rimuovere la Vlan2 da router e ricrearla e sembra che abbia preso a funzionare (infatti vedo che sul PC mi appare l'indirizzo 10.10.10.5) però non si connette a internet... eppure il NAT l'ho configurato ... almeno credo...

Rizio · gio 20 set , 2012 9:57 am

Hai postato la conf separata e pensavo che usassi l'877 solo come wireless.
Il fatto che ricreandla abbia preso ad andare può voler dire che era in disable, non sò, altro motivo non mi viene in mente.

Per la navigazione prova a riscrivere questa

Codice: Seleziona tutto

access-list 2 permit 10.10.10.0 0.0.0.255

cosi

Codice: Seleziona tutto

access-list 2 permit ip 10.10.10.0 0.0.0.255 any

Rizio

Alex13 · gio 20 set , 2012 6:31 pm

risolto !!! che errore stupido, mi vergogno anche a dirlo... avevo sbagliato ad inserire il default server nella parte del dhcp che differiva da qullo impostato nella VLAN 2...

grazie tante Rizio

Rizio · ven 21 set , 2012 8:32 am

Bene, meglio cosi dai, la caccia alle streghe è sempre difficile per me

Problemi con DHCP WIFI su 887W

Login • Iscriviti