Simple 871W Config

jesusguillen428918715 · ‎12-29-2019

Hi all,

I have an old 871W that i am using to learn on. Having an issue where I can connect to the wifi but get no internet. I'm assuming NAT is the issue but it could be something else. If you could point me in the right direction, I would appreciate. THANKS

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_auth local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool EXTERNAL
import all
network 10.0.0.0 255.255.255.0
dns-server 10.0.0.1
default-router 10.0.0.1
domain-name EXTERNAL
!
ip dhcp pool INTERNAL
import all
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.1
default-router 192.168.2.1
domain-name INTERNAL
!
!
no ip bootp server
no ip domain lookup
ip domain name GROUP
!
!
crypto pki trustpoint TP-self-signed-2033969614
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2033969614
revocation-check none
rsakeypair TP-self-signed-2033969614
!
!
crypto pki certificate chain TP-self-signed-2033969614
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303333 39363936 3134301E 170D3038 30343133 31353233
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333339
36393631 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B244 BF7A047C 7220695A DDE5F370 2C344474 F5206604 A5FDCA28 28301A4A
4CE5D338 60EBB4A2 9E0D6AB1 87362F81 73AA8AFA CB181A11 F20C5528 95022563
A3E42A20 D78E9993 FB396E0E 77188AC7 E0E57BDB 422E0494 3FEC45EC 9C468CF9
19E2D254 51D1F4ED ECF0B384 237DDB57 35967171 E5CBB57F 57B79149 F5F0746C
E1490203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B4D4154 454F2E4D 4154454F 301F0603 551D2304 18301680
14F7AE10 D300E5AB 7F09D6E8 E58562AD D6EEB368 00301D06 03551D0E 04160414
F7AE10D3 00E5AB7F 09D6E8E5 8562ADD6 EEB36800 300D0609 2A864886 F70D0101
04050003 81810022 E2B01A6B DBCAC039 225B29E0 5799AD10 A8CA083C BDB53262
5B9B0F6D 84B28D6B 2BE2035A 914414F4 B1B80CB0 6E4FF022 49F1569C B8F1B16A
6C680858 B39523F7 DA270952 845A3552 3C4239AE 45C3445E F4F2BA78 F27D0E10
C4E9EFFB A2520D8F 4107DD2D 609E0B7B FCB98773 675B2382 1830EA62 90C65B5F
1BF556EB 3DA921
quit
username admin privilege 15 password 7 03304902080635551C5F
!
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport access vlan 20
!
interface FastEthernet1
switchport access vlan 20
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
switchport access vlan 20
!
interface FastEthernet4
ip address dhcp
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid External
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 14230002020D3E32767E
!
ssid Internal
vlan 20
authentication open
authentication key-management wpa
wpa-psk ascii 7 107A1B100B1E06125E52
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 5 4.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
ip access-group EXTERNAL out
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 20
ip access-group INTERNAL out
no snmp trap link-status
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan20
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface BVI1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip dns server
!
ip http server
ip http secure-server
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source list 102 interface FastEthernet4 overload
!
ip access-list extended External
permit ip any any
deny ip 192.168.2.0 0.0.0.255 any
ip access-list extended Internal
permit ip any any
deny ip 10.0.0.0 0.0.0.255 any
!
access-list 100 permit udp any any eq bootpc
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
password 7 0127140D55021216731A
no modem enable
line aux 0
line vty 0 4
password 7 073B334540000D1C4544
!
scheduler max-task-time 5000
end

Georg Pauwen · ‎12-29-2019

Hello,

make the changes/additions marked in bold to your configuration.

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_auth local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool EXTERNAL
import all
network 10.0.0.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.0.1
domain-name EXTERNAL
!
ip dhcp pool INTERNAL
import all
network 192.168.2.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.2.1
domain-name INTERNAL
!
no ip bootp server
no ip domain lookup
ip domain name GROUP
!
crypto pki trustpoint TP-self-signed-2033969614
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2033969614
revocation-check none
rsakeypair TP-self-signed-2033969614
!
crypto pki certificate chain TP-self-signed-2033969614
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303333 39363936 3134301E 170D3038 30343133 31353233
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333339
36393631 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B244 BF7A047C 7220695A DDE5F370 2C344474 F5206604 A5FDCA28 28301A4A
4CE5D338 60EBB4A2 9E0D6AB1 87362F81 73AA8AFA CB181A11 F20C5528 95022563
A3E42A20 D78E9993 FB396E0E 77188AC7 E0E57BDB 422E0494 3FEC45EC 9C468CF9
19E2D254 51D1F4ED ECF0B384 237DDB57 35967171 E5CBB57F 57B79149 F5F0746C
E1490203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B4D4154 454F2E4D 4154454F 301F0603 551D2304 18301680
14F7AE10 D300E5AB 7F09D6E8 E58562AD D6EEB368 00301D06 03551D0E 04160414
F7AE10D3 00E5AB7F 09D6E8E5 8562ADD6 EEB36800 300D0609 2A864886 F70D0101
04050003 81810022 E2B01A6B DBCAC039 225B29E0 5799AD10 A8CA083C BDB53262
5B9B0F6D 84B28D6B 2BE2035A 914414F4 B1B80CB0 6E4FF022 49F1569C B8F1B16A
6C680858 B39523F7 DA270952 845A3552 3C4239AE 45C3445E F4F2BA78 F27D0E10
C4E9EFFB A2520D8F 4107DD2D 609E0B7B FCB98773 675B2382 1830EA62 90C65B5F
1BF556EB 3DA921
quit
username admin privilege 15 password 7 03304902080635551C5F
!
bridge irb
!
interface FastEthernet0
switchport access vlan 20
!
interface FastEthernet1
switchport access vlan 20
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
switchport access vlan 20
!
interface FastEthernet4
ip address dhcp
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid External
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 14230002020D3E32767E
!
ssid Internal
vlan 20
authentication open
authentication key-management wpa
wpa-psk ascii 7 107A1B100B1E06125E52
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 5 4.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
ip access-group EXTERNAL out
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 20
ip access-group INTERNAL out
no snmp trap link-status
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan20
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface BVI1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
!
ip dns server
!
ip http server
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended External
permit ip any any
deny ip 192.168.2.0 0.0.0.255 any
ip access-list extended Internal
permit ip any any
deny ip 10.0.0.0 0.0.0.255 any
!
access-list 100 permit udp any any eq bootpc
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
password 7 0127140D55021216731A
no modem enable
line aux 0
line vty 0 4
password 7 073B334540000D1C4544
!
scheduler max-task-time 5000
end

paul driver · ‎12-29-2019

Hello

Change the unicast reverse path forwarding to loose mode without the acl 100 and add the dhcp option to you default static route, Then test again

@jesusguillen428918715 wrote:
interface FastEthernet4
ip verify unicast source reachable-via any allow-default
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jesusguillen428918715 · ‎01-03-2020

I am still not able to get out to internet.

Any more help would be appreciated.

Thanks!

boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_auth local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool EXTERNAL
import all
network 10.0.0.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.0.1
domain-name EXTERNAL
!
ip dhcp pool INTERNAL
import all
network 192.168.2.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.2.1
domain-name INTERNAL
!
!
no ip bootp server
no ip domain lookup
ip domain name MATEO
!
!
crypto pki trustpoint TP-self-signed-2033969614
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2033969614
revocation-check none
rsakeypair TP-self-signed-2033969614
!
!
crypto pki certificate chain TP-self-signed-2033969614
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303333 39363936 3134301E 170D3038 30343133 31353233
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333339
36393631 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B244 BF7A047C 7220695A DDE5F370 2C344474 F5206604 A5FDCA28 28301A4A
4CE5D338 60EBB4A2 9E0D6AB1 87362F81 73AA8AFA CB181A11 F20C5528 95022563
A3E42A20 D78E9993 FB396E0E 77188AC7 E0E57BDB 422E0494 3FEC45EC 9C468CF9
19E2D254 51D1F4ED ECF0B384 237DDB57 35967171 E5CBB57F 57B79149 F5F0746C
E1490203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B4D4154 454F2E4D 4154454F 301F0603 551D2304 18301680
14F7AE10 D300E5AB 7F09D6E8 E58562AD D6EEB368 00301D06 03551D0E 04160414
F7AE10D3 00E5AB7F 09D6E8E5 8562ADD6 EEB36800 300D0609 2A864886 F70D0101
04050003 81810022 E2B01A6B DBCAC039 225B29E0 5799AD10 A8CA083C BDB53262
5B9B0F6D 84B28D6B 2BE2035A 914414F4 B1B80CB0 6E4FF022 49F1569C B8F1B16A
6C680858 B39523F7 DA270952 845A3552 3C4239AE 45C3445E F4F2BA78 F27D0E10
C4E9EFFB A2520D8F 4107DD2D 609E0B7B FCB98773 675B2382 1830EA62 90C65B5F
1BF556EB 3DA921
quit
username admin privilege 15 password 7 03304902080635551C5F
!
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport access vlan 20
!
interface FastEthernet1
switchport access vlan 20
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
switchport access vlan 20
!
interface FastEthernet4
ip address dhcp
ip verify unicast source reachable-via any allow-default
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid External
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 14230002020D3E32767E
!
ssid Internal
vlan 20
authentication open
authentication key-management wpa
wpa-psk ascii 7 107A1B100B1E06125E52
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
ip access-group EXTERNAL out
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 20
ip access-group INTERNAL out
no snmp trap link-status
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan20
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface BVI1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
!
ip dns server
!
ip http server
ip http secure-server
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source list 102 interface FastEthernet4 overload
!
ip access-list extended External
permit ip any any
deny ip 192.168.2.0 0.0.0.255 any
ip access-list extended Internal
permit ip any any
deny ip 10.0.0.0 0.0.0.255 any
!
access-list 100 permit udp any any eq bootpc
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
password 7 0127140D55021216731A
no modem enable
line aux 0
line vty 0 4
password 7 073B334540000D1C4544
!
scheduler max-task-time 5000
end

Georg Pauwen · ‎01-03-2020

Hello,

I have simplified your configuration, important parts are marked in bold, see if you get it to work this way. The assumption is that the wireless is connected to FastEthernet0. I have taken out all access lists except access list 1, which is used for NAT.

Make sure Vlan 10 and Vlan 20 exist on your router (sh vlan), otherwise globally create them:

871W#conf t

871W(config)#vlan 10

871W(config-vlan)#exit

871W(config)#vlan 20

871W(config-vlan)#end

boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
!
aaa new-model
!
aaa authentication login default local
aaa authentication login local_auth local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
no ip dhcp use vrf connected
!
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool EXTERNAL
import all
network 10.0.0.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.0.1
!
ip dhcp pool INTERNAL
import all
network 192.168.2.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.2.1
!
no ip bootp server
no ip domain lookup
ip domain name MATEO
!
crypto pki trustpoint TP-self-signed-2033969614
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2033969614
revocation-check none
rsakeypair TP-self-signed-2033969614
!
crypto pki certificate chain TP-self-signed-2033969614
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303333 39363936 3134301E 170D3038 30343133 31353233
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333339
36393631 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B244 BF7A047C 7220695A DDE5F370 2C344474 F5206604 A5FDCA28 28301A4A
4CE5D338 60EBB4A2 9E0D6AB1 87362F81 73AA8AFA CB181A11 F20C5528 95022563
A3E42A20 D78E9993 FB396E0E 77188AC7 E0E57BDB 422E0494 3FEC45EC 9C468CF9
19E2D254 51D1F4ED ECF0B384 237DDB57 35967171 E5CBB57F 57B79149 F5F0746C
E1490203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B4D4154 454F2E4D 4154454F 301F0603 551D2304 18301680
14F7AE10 D300E5AB 7F09D6E8 E58562AD D6EEB368 00301D06 03551D0E 04160414
F7AE10D3 00E5AB7F 09D6E8E5 8562ADD6 EEB36800 300D0609 2A864886 F70D0101
04050003 81810022 E2B01A6B DBCAC039 225B29E0 5799AD10 A8CA083C BDB53262
5B9B0F6D 84B28D6B 2BE2035A 914414F4 B1B80CB0 6E4FF022 49F1569C B8F1B16A
6C680858 B39523F7 DA270952 845A3552 3C4239AE 45C3445E F4F2BA78 F27D0E10
C4E9EFFB A2520D8F 4107DD2D 609E0B7B FCB98773 675B2382 1830EA62 90C65B5F
1BF556EB 3DA921
quit
username admin privilege 15 password 7 03304902080635551C5F
!
bridge irb
!
interface FastEthernet0
switchport mode trunk
!
interface FastEthernet1
switchport access vlan 20
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
switchport access vlan 20
!
interface FastEthernet4
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid External
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 14230002020D3E32767E
!
ssid Internal
vlan 20
authentication open
authentication key-management wpa
wpa-psk ascii 7 107A1B100B1E06125E52
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 20
no snmp trap link-status
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Vlan20
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
!
interface BVI1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
!
ip dns server
!
ip http server
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
password 7 0127140D55021216731A
no modem enable
line aux 0
line vty 0 4
password 7 073B334540000D1C4544
!
scheduler max-task-time 5000
end