10-16-2014 01:45 PM - edited 03-07-2019 09:09 PM
We recently changed out routers at a location - our secure SSID is working as it should however our Guest SSID is not broadcasting. The DHCP server is at 10.27.129.31 which serves up the IP's. Nothing has changed on the AP's(they were not upgraded or changed out).
Is a statement or rule I'm missing fro the below config?
Thanks in advance.
Building configuration...
Current configuration : 6183 bytes
!
! Last configuration change at 20:20:52 UTC Thu Oct 16 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PB
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.26.129.1
ip dhcp excluded-address 10.26.129.253
ip dhcp excluded-address 10.26.129.254
ip dhcp excluded-address 10.26.129.2
!
!
!
ip domain name xxx.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1027700013
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1027700013
revocation-check none
rsakeypair TP-self-signed-1027700013
!
!
crypto pki certificate chain TP-self-signed-1027700013
certificate self-signed 01
quit
license udi pid CISCO1921/K9 sn FTX174784AZ
!
!
redundancy
!
!
!
!
!
ip ftp username ftpuser
ip ftp password pass
!
!
!
!
!
!
!
!
!
interface Tunnel5
ip address 172.17.5.4 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 12.118.xxx.xx
tunnel destination 199.47.xxx.xxx
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Data Networks
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description Main Data VLAN
encapsulation dot1Q 1 native
ip address 10.27.129.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.3
description DMZ VLAN
encapsulation dot1Q 3
ip address 10.28.129.2 255.255.255.0
!
interface GigabitEthernet0/0.20
description Guest VLAN
encapsulation dot1Q 20
ip address 10.26.129.2 255.255.255.0
ip access-group 101 in
ip helper-address 10.27.129.31
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description PhoneLAN
ip address 12.33.xxx.xxx 255.255.255.240
duplex auto
speed auto
!
interface Serial0/0/0
description PB T1
ip address 12.118.xxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
encapsulation ppp
service-module t1 cablelength short 440ft
service-module t1 timeslots 1-24
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 2 interface Serial0/0/0 overload
ip route 0.0.0.0 0.0.0.0 12.118.xxx.xxx
ip route 10.10.0.0 255.255.255.0 172.17.5.5
ip route 10.10.200.0 255.255.255.0 172.17.5.5
ip route 10.27.130.0 255.255.255.0 172.17.5.5
ip route 10.27.131.0 255.255.255.0 172.17.5.5
ip route 10.28.129.0 255.255.255.0 172.17.5.5
!
access-list 2 permit 12.218.xxx.xxx
access-list 2 permit 10.27.129.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 permit 10.27.131.0 0.0.0.255
access-list 2 permit 10.27.130.0 0.0.0.255
access-list 2 permit 10.10.0.0 0.0.0.255
access-list 2 permit 10.10.200.0 0.0.0.255
access-list 2 permit 172.17.5.0 0.0.0.255
access-list 101 permit tcp any host 10.27.129.31 eq 67
access-list 101 permit ip 10.27.129.0 0.0.0.255 any
access-list 101 permit udp any host 255.255.255.255 eq bootps
access-list 101 permit udp any host 10.27.129.31 eq bootps
access-list 101 deny ip 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny ip 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 101 deny ip 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.26.129.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
line con 0
login local
10-16-2014 02:24 PM
access-list 2 permit 12.218.xxx.xxx
Your ACL is incorrect.
10-17-2014 08:41 AM
If I remove the :
access-list 2 permit 12.218.xxx.xx
will the command (same public IP):
access-list 2 permit 12.218.xxx.xx 0.0.0.7 also need to be deleted?
10-17-2014 04:40 PM
interface Serial0/0/0 ip address 12.118.xxx.xxx 255.255.255.252
Your ACL is wrong. Look at the subnet of your point-to-point serial link. It's wrong.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide