Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problem with Internet in Second VLAN (Cisco 877W)

Unanswered Question
Oct 22nd, 2010
User Badges:

I am having problems getting my second Vlan (VLAN2) to have internet as the first one (VLAN1).  I setup two Vlans:

Vlan1  IP's  "SSID Cisco", this one works fine and works over wireless and wired clients.

Vlan2  IP's "SSID Andonis", i gave this one DNS from OPENDNS (familyshield to be able to block bad sites for my kids) and its giving away the IP's just                                            fine but there is no internet.

What do you think i am doing wrong?

Here is my config:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname **********





logging buffered 51200 warnings


no aaa new-model


crypto pki trustpoint TP-self-signed-2990631934

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2990631934

revocation-check none

rsakeypair TP-self-signed-2990631934



crypto pki certificate chain TP-self-signed-2990631934

certificate self-signed 01

  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32393930 36333139 3334301E 170D3032 30333036 31383231

  31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393036

  33313933 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100CF07 6A309C0C 4B515D27 80F794F7 5C94C05F 1968DA5F A9286BFF D0090DD0

  8CE3CB05 90F2091E FAF5AEA3 A215E095 94BC1CF9 25F79DC2 F2682FBD D22B1934

  B9B230F8 42A5F460 178BA4C2 C94188A0 5111E3FB E39CA9B6 1D3C2415 3EE19AB2

  E0655341 B03E4B19 205F47F0 B23FC3D4 D20097FE 76B2D9CF 99912446 E0B6A79A

  B83B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603

  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D

  301F0603 551D2304 18301680 146BD667 6566BFB9 5B6ED3FE 7FCCC66E 84A3D8E6

  77301D06 03551D0E 04160414 6BD66765 66BFB95B 6ED3FE7F CCC66E84 A3D8E677

  300D0609 2A864886 F70D0101 04050003 81810090 ED81DE0E 0CD42EBC 1DF3C08E

  BEC4C55B FB617092 C6A61C20 B2B46CB3 0719660B A776E879 02D903D7 BB9483CB

  72DC966E 1A293038 C0FA6D1D BBEDCA48 A422774F CE233657 2FDD452A 0F076814

  606C3820 284F226A 3895FD0D E49E10E8 3FD6F443 6685408E B06188DA DDE4BFC1

  FB307732 5872DA81 F1B61A8F C8DAE0E0 D06821


dot11 syslog


dot11 ssid cisco

   vlan 1

   authentication open

   mbssid guest-mode


ip cef

no ip dhcp use vrf connected


ip dhcp pool ccp-pool

   import all




   lease 0 2



no ip domain lookup

ip domain name ********!



username ********* privilege 15 secret 5 **********************




log config





bridge irb



interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto


interface ATM0.1 point-to-point

pvc 8/35

  pppoe-client dial-pool-number 1



interface FastEthernet0


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface Dot11Radio0

no ip address


encryption vlan 1 key 1 size 40bit 0 *********** transmit-key

encryption vlan 1 mode wep mandatory


broadcast-key vlan 1 change 30



ssid cisco



speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root


interface Dot11Radio0.1

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding


interface Vlan1

no ip address

bridge-group 1


interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname *****************

ppp chap password 0 ***********

ppp pap sent-username ********** password 0 *********


interface BVI1

ip address

ip access-group 2 in

ip nat inside

ip virtual-reassembly


ip forward-protocol nd

ip route Dialer0


ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload


access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit

access-list 2 remark CCP_ACL Category=1

access-list 2 permit any

access-list 23 remark CCP_ACL Category=17

access-list 23 permit

access-list 100 remark CCP_ACL Category=1

access-list 100 permit tcp any any

dialer-list 1 protocol ip permit

snmp-server community public RO

no cdp run






bridge 1 protocol ieee

bridge 1 route ip

banner exec ^C

% Password expiration warning.


Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you

want to use.



banner login ^C


Cisco Configuration Professional (Cisco CP) is installed on this device.

This feature requires the one-time use of the username "cisco" with the

password "cisco". These default credentials have a privilege level of 15.



Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>

no username cisco

Replace <myuser> and <mypassword> with the username and password you want

to use.



For more information about Cisco CP please follow the instructions in the

QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp




line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh


scheduler max-task-time 5000


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Sat, 10/23/2010 - 08:06
User Badges:
  • Green, 3000 points or more


The reason VLAN 1 (10.10.10.x) is getting internet is because the LAN is directly connected to the router and the router has an interface belonging to that subnet (the router knows how to handle that subnet).

VLAN 2 is not configured on the router nor it has a route to reach it (the router has no clue about where VLAN 2 is supposed to be or how to handle it).

Please explain what you want to do with VLAN 2.


andonisvoug Sun, 10/24/2010 - 22:38
User Badges:

Thank you, i did an ACL for the second set of IP's ( and it works fine. The problem is that i can't lock the second "SSID Andonis".

It gives me this error message when i try to put in the key:

"key is not accepted
no more than one static keysets can be configured for dot11"

I have the Advanced Security IOS, do you think i need to get the Advanced IP Sevises IOS in order for it to work ?



Federico Coto F... Mon, 10/25/2010 - 09:44
User Badges:
  • Green, 3000 points or more

I don't think that you need to upgrade the IOS since the current IOS allows up to 10 SSIDs.

Can you post the part of the configuration for both SSIDs?



This Discussion