Problem with my config

Xintruder · ‎04-08-2007

Hello,

I have the following goals of implementing my 877w:

1) Two vlans, one for wired, one for wireless.

2) DHCP giving IP leases for both vlans, using a pool for each vlan.

3) Allowing the clients of both vlans to access the internet through my adsl modem.

I worked for over 8 hours during the past two days, repeating all gui setup on cli. I reached a point where I can't verify what I did correctly and what I didn't.

Someone please, recalibrate me. This is all self effort, I'm a college student trying to learn (experiance), never got into cisco wireless or ccnp. Just basic ccna. I'm kind of, loosing out.

Here is my config:

Current configuration : 1957 bytes

!

! Last configuration change at 12:35:40 UTC Sun Apr 8 2007

! NVRAM config last updated at 11:21:19 UTC Sun Apr 8 2007

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 877w

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret xxx

!

no aaa new-model

!

resource policy

!

ip subnet-zero

ip cef

no ip dhcp use vrf connected

!

ip dhcp pool wireless.AlKhaldi.net

network 10.99.99.64 255.255.255.192

domain-name wireless.AlKhaldi.net

dns-server 212.77.192.59

lease infinite

!

ip dhcp pool Wired

network 10.99.99.192 255.255.255.192

dns-server 212.77.192.59

domain-name wired.AlKhaldi.net

lease infinite

!

shutdown vlan 2

shutdown vlan 12

!

bridge irb

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

!

broadcast-key vlan 1 change 45

!

encryption vlan 1 mode ciphers tkip

!

encryption vlan 2 mode ciphers tkip

!

ssid Alkhaldi.net

vlan 1

authentication open

authentication shared

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

rts threshold 2312

station-role root

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

!

interface Vlan2

no ip address

!

interface BVI1

ip address 10.10.10.1 255.255.255.248

ip nat inside

ip virtual-reassembly

shutdown

!

ip classless

!

no ip http server

no ip http secure-server

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 0 0

timeout login response 300

logging synchronous

no modem enable

line aux 0

line vty 0 4

!

scheduler max-task-time 5000

end

Thanks in advance

wiluszm · ‎04-09-2007

Ok... config looks good so far. I'll go out on a limb and see if I can help. It appears as though you have the right idea... but you never fully configured NAT. The only NAT statement I see is on your BVI interface. You need to set you NAT perimeters... your outside should be your DSL interface. Then you have to build a PAT pool for which clients can be translated. Why? You have configured your internal clients on private address schemes (10.x.x.x). In order for these clients to be Internet routable, you must translate these addresses to the public address of the DSL interface. This happens on most home-based routers without any configuration, but is required for Cisco's to work in an Internet environment. Lots of examples available for this... check out here: http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

Anymore questions let use know. Hope this helped!

-Mike

http://cs-mars.blogspot.com