Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
2
Replies

Not able to get outside of network on wireless - 1811W Router

Go to solution
rrealy
Level 1
Level 1

‎08-30-2013 05:16 PM - edited ‎03-07-2019 03:14 PM

I have configured router to issue ip's on two vlan's. Vlan1 works fine, vlan2 is for the wirless issues the correct ip but not will not

let me go the internet.

Any help will be greatly appreciated.

Current configuration : 9574 bytes

!

! Last configuration change at 17:43:57 PCTime Fri Aug 30 2013

! NVRAM config last updated at 15:36:03 PCTime Fri Aug 30 2013 by patrick

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname St.Patricks

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

no logging buffered

enable secret 5 $1$lvNA$wGnkzv7kjLmif0RNDxf2g0

!

no aaa new-model

clock timezone PCTime -6

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-3607837666

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3607837666

revocation-check none

rsakeypair TP-self-signed-3607837666

!

!

crypto pki certificate chain TP-self-signed-3607837666

certificate self-signed 01

30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33363037 38333736 3636301E 170D3133 30383239 30363232

34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36303738

33373636 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100E525 0425ECCD 2F904636 B21AF280 AD7993E4 8F79564C 6203B366 E769FAF5

62DACE0A 40CFD386 0F5BD78F FE7C6A7C EACC4A3C 3F84A48C AC7D3280 9FF029BE

D5BA4E83 00F7BD4B 11984721 76F5CCDF D03E6CD7 84195C8F 73D770C8 99734F0D

4F583941 0BE9FD8D 87F3D876 FFDB0588 2BECA057 79DA62D2 AC47D3ED 6AE5C7F4

B3AB0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603

551D1104 0F300D82 0B53742E 50617472 69636B73 301F0603 551D2304 18301680

146385C7 4B02E815 B28909F2 2A604395 37FB3F60 21301D06 03551D0E 04160414

6385C74B 02E815B2 8909F22A 60439537 FB3F6021 300D0609 2A864886 F70D0101

04050003 81810067 7A20CF98 7D7FAC17 A5B73A4A 00BEAE11 3BFFF9BC 1A74E61A

E7DC833C FDBA0BB8 A0F74011 C3B1F3AA 0CF39238 66A9AF5F EB62E3C3 D92A4289

E6000537 D253E03F A1B95F7C A545EC84 14724057 E72DAEE2 568A7B40 174FEB03

1373CFAE 4BEC84B1 794E3E1B D56E2DDC DD2B1162 7B0A782C A4D2391E 83DA63D6

4CD7029D B9F668

       quit

dot11 syslog

dot11 vlan-name Wireless_VLAN vlan 2

!

dot11 ssid St.Patricks_WiFi

vlan 2

authentication open

authentication key-management wpa

guest-mode

mbssid guest-mode

infrastructure-ssid optional

wpa-psk ascii 0 patrick1

!

ip source-route

!

!

ip dhcp excluded-address 10.10.10.1 10.10.10.99

ip dhcp excluded-address 10.10.11.1 10.10.11.99

!

ip dhcp pool DHCP_POOL

   import all

   network 10.10.10.0 255.255.255.0

   dns-server 208.67.222.123 208.67.220.123

   default-router 10.10.10.1

   domain-name St.Patricks

!

ip dhcp pool WireLess_Pool

   import all

   network 10.10.11.0 255.255.255.0

   domain-name St.Patricks_Wireless

   dns-server 208.67.222.123 208.67.220.123

   default-router 10.10.10.1

!

!

ip cef

ip name-server 208.67.222.123

ip name-server 208.67.220.123

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

username patrick privilege 15 secret 5 $1$MLJt$jLLnyQkm61ukzlwxHB/7f0

!

!

!

archive

log config

hidekeys

!

!

!

class-map type inspect match-any SDM_BOOTPC

match access-group name SDM_BOOTPC

class-map type inspect match-any SDM_HTTPS

match access-group name SDM_HTTPS

class-map type inspect match-any SDM_SSH

match access-group name SDM_SSH

class-map type inspect match-any SDM_SHELL

match access-group name SDM_SHELL

class-map type inspect match-any sdm-cls-access

match class-map SDM_HTTPS

match class-map SDM_SSH

match class-map SDM_SHELL

class-map type inspect match-any SDM_DHCP_CLIENT_PT

match class-map SDM_BOOTPC

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

class-map type inspect match-any sdm-cls-bootps

match protocol bootps

class-map type inspect match-any ccp-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

class-map type inspect match-all sdm-access

match class-map sdm-cls-access

match access-group 101

class-map type inspect match-any ccp-h323-inspect

match protocol h323

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-any ccp-sip-inspect

match protocol sip

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

inspect

class class-default

pass

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

drop log

class type inspect ccp-protocol-http

inspect

class type inspect ccp-insp-traffic

inspect

class type inspect ccp-sip-inspect

inspect

class type inspect ccp-h323-inspect

inspect

class type inspect ccp-h323annexe-inspect

inspect

class type inspect ccp-h225ras-inspect

inspect

class type inspect ccp-h323nxg-inspect

inspect

class type inspect ccp-skinny-inspect

inspect

policy-map type inspect ccp-permit

class class-default

drop

!

zone security in-zone

zone security out-zone

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

bridge irb

!

!

!

interface FastEthernet0

description WAN$FW_OUTSIDE$

ip address dhcp

ip nat outside

ip virtual-reassembly

zone-member security out-zone

duplex auto

speed auto

!

interface FastEthernet1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Dot11Radio0

no ip address

no dot11 extension aironet

!

encryption vlan 2 mode ciphers tkip

!

broadcast-key vlan 2 change 30

!

!

ssid St.Patricks_WiFi

!

mbssid

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.2

encapsulation dot1Q 2 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio1

no ip address

no dot11 extension aironet

!

encryption vlan 2 mode ciphers tkip

!

broadcast-key vlan 2 change 30

!

!

ssid St.Patricks_WiFi

!

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio1.2

encapsulation dot1Q 2 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description $FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

zone-member security in-zone

!

interface Vlan2

ip address 10.10.11.1 255.255.255.0

bridge-group 1

!

interface Async1

no ip address

encapsulation slip

!

interface BVI1

ip address 10.10.11.1 255.255.255.0

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 1 interface FastEthernet0 overload

!

ip access-list extended SDM_BOOTPC

remark CCP_ACL Category=0

permit udp any any eq bootpc

ip access-list extended SDM_HTTPS

remark CCP_ACL Category=1

permit tcp any any eq 443

ip access-list extended SDM_SHELL

remark CCP_ACL Category=1

permit tcp any any eq cmd

ip access-list extended SDM_SSH

remark CCP_ACL Category=1

permit tcp any any eq 22

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 1 remark Wireless

access-list 1 permit 10.10.11.0 0.0.0.255

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 101 remark CCP_ACL Category=128

access-list 101 permit ip any any

!

!

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner motd ^C

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

YOU ARE NO AUTHORIZED -------- SEE ADMINISTRATOR

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

^C

alias exec s show ip int br

alias exec sr show run

!

line con 0

exec-timeout 0 0

logging synchronous

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

login

transport input telnet ssh

!

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Elton Babcock
Level 1
Level 1

‎08-30-2013 08:18 PM

Things looks a little weird with the VLAN 2 interface having an IP address. Once you create the BVI interface that is where all of the layer 3 stuff should go.

I would so try adding IP NAT inside to the BVI interface.

Elton

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Elton Babcock
Level 1
Level 1

‎08-30-2013 08:18 PM

Things looks a little weird with the VLAN 2 interface having an IP address. Once you create the BVI interface that is where all of the layer 3 stuff should go.

I would so try adding IP NAT inside to the BVI interface.

Elton

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
rrealy
Level 1
Level 1
In response to Elton Babcock

‎08-31-2013 10:29 AM

I failed to do the IP NAT ...

Thansk!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card