×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problem with Internet in Second VLAN (Cisco 877W)

Unanswered Question
Oct 22nd, 2010
User Badges:

I am having problems getting my second Vlan (VLAN2) to have internet as the first one (VLAN1).  I setup two Vlans:


Vlan1  IP's 10.10.10.1-254  "SSID Cisco", this one works fine and works over wireless and wired clients.

Vlan2  IP's 192.168.1.1-254 "SSID Andonis", i gave this one DNS from OPENDNS (familyshield to be able to block bad sites for my kids) and its giving away the IP's just                                            fine but there is no internet.


What do you think i am doing wrong?

Here is my config:


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

version 12.4




no service pad




service timestamps debug datetime msec




service timestamps log datetime msec




no service password-encryption




!




hostname **********




!




boot-start-marker




boot-end-marker




!




logging buffered 51200 warnings




!




no aaa new-model




!




crypto pki trustpoint TP-self-signed-2990631934




enrollment selfsigned




subject-name cn=IOS-Self-Signed-Certificate-2990631934




revocation-check none




rsakeypair TP-self-signed-2990631934




!




!




crypto pki certificate chain TP-self-signed-2990631934




certificate self-signed 01




  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030




  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274




  69666963 6174652D 32393930 36333139 3334301E 170D3032 30333036 31383231




  31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649




  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393036




  33313933 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281




  8100CF07 6A309C0C 4B515D27 80F794F7 5C94C05F 1968DA5F A9286BFF D0090DD0




  8CE3CB05 90F2091E FAF5AEA3 A215E095 94BC1CF9 25F79DC2 F2682FBD D22B1934




  B9B230F8 42A5F460 178BA4C2 C94188A0 5111E3FB E39CA9B6 1D3C2415 3EE19AB2




  E0655341 B03E4B19 205F47F0 B23FC3D4 D20097FE 76B2D9CF 99912446 E0B6A79A




  B83B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603




  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D




  301F0603 551D2304 18301680 146BD667 6566BFB9 5B6ED3FE 7FCCC66E 84A3D8E6




  77301D06 03551D0E 04160414 6BD66765 66BFB95B 6ED3FE7F CCC66E84 A3D8E677




  300D0609 2A864886 F70D0101 04050003 81810090 ED81DE0E 0CD42EBC 1DF3C08E




  BEC4C55B FB617092 C6A61C20 B2B46CB3 0719660B A776E879 02D903D7 BB9483CB




  72DC966E 1A293038 C0FA6D1D BBEDCA48 A422774F CE233657 2FDD452A 0F076814




  606C3820 284F226A 3895FD0D E49E10E8 3FD6F443 6685408E B06188DA DDE4BFC1




  FB307732 5872DA81 F1B61A8F C8DAE0E0 D06821




      quit




dot11 syslog




!




dot11 ssid cisco




   vlan 1




   authentication open




   mbssid guest-mode




!




ip cef




no ip dhcp use vrf connected




!




ip dhcp pool ccp-pool




   import all




   network 10.10.10.0 255.255.255.0




   default-router 10.10.10.1




   dns-server 62.169.194.17 62.169.194.18




   lease 0 2




!




!




no ip domain lookup




ip domain name ********!




!




!




username ********* privilege 15 secret 5 **********************




!




!




archive




log config




  hidekeys




!




!




!




bridge irb




!




!




interface ATM0




no ip address




no atm ilmi-keepalive




dsl operating-mode auto




!




interface ATM0.1 point-to-point




pvc 8/35




  pppoe-client dial-pool-number 1




!




!




interface FastEthernet0




!




interface FastEthernet1




!




interface FastEthernet2




!




interface FastEthernet3




!




interface Dot11Radio0




no ip address




!




encryption vlan 1 key 1 size 40bit 0 *********** transmit-key




encryption vlan 1 mode wep mandatory




!




broadcast-key vlan 1 change 30




!




!




ssid cisco




!




mbssid




speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0




station-role root




!




interface Dot11Radio0.1




encapsulation dot1Q 1 native




no cdp enable




bridge-group 1




bridge-group 1 subscriber-loop-control




bridge-group 1 spanning-disabled




bridge-group 1 block-unknown-source




no bridge-group 1 source-learning




no bridge-group 1 unicast-flooding




!




interface Vlan1




no ip address




bridge-group 1




!




interface Dialer0




ip address negotiated




ip mtu 1452




ip nat outside




ip virtual-reassembly




encapsulation ppp




dialer pool 1




dialer-group 1




no cdp enable




ppp authentication chap pap callin




ppp chap hostname *****************




ppp chap password 0 ***********


ppp pap sent-username ********** password 0 *********




!




interface BVI1




ip address 10.10.10.1 255.255.255.0




ip access-group 2 in




ip nat inside




ip virtual-reassembly




!




ip forward-protocol nd




ip route 0.0.0.0 0.0.0.0 Dialer0




!




ip http server




ip http access-class 23




ip http authentication local




ip http secure-server




ip http timeout-policy idle 60 life 86400 requests 10000




ip nat inside source list 1 interface Dialer0 overload




!




access-list 1 remark INSIDE_IF=Vlan1




access-list 1 remark CCP_ACL Category=2




access-list 1 permit 10.10.10.0 0.0.0.255




access-list 2 remark CCP_ACL Category=1




access-list 2 permit any




access-list 23 remark CCP_ACL Category=17




access-list 23 permit 10.10.10.0 0.0.0.255




access-list 100 remark CCP_ACL Category=1




access-list 100 permit tcp any any




dialer-list 1 protocol ip permit




snmp-server community public RO




no cdp run




!




!




!




control-plane




!




bridge 1 protocol ieee




bridge 1 route ip




banner exec ^C




% Password expiration warning.




-----------------------------------------------------------------------







Cisco Configuration Professional (Cisco CP) is installed on this device




and it provides the default username "cisco" for  one-time use. If you have




already used the username "cisco" to login to the router and your IOS image




supports the "one-time" user option, then this username has already expired.




You will not be able to login to the router with this username after you exit




this session.







It is strongly suggested that you create a new username with a privilege level




of 15 using the following command.







username <myuser> privilege 15 secret 0 <mypassword>







Replace <myuser> and <mypassword> with the username and password you




want to use.







-----------------------------------------------------------------------




^C




banner login ^C




-----------------------------------------------------------------------




Cisco Configuration Professional (Cisco CP) is installed on this device.




This feature requires the one-time use of the username "cisco" with the




password "cisco". These default credentials have a privilege level of 15.







YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE 




PUBLICLY-KNOWN CREDENTIALS






Here are the Cisco IOS commands.






username <myuser>  privilege 15 secret 0 <mypassword>




no username cisco






Replace <myuser> and <mypassword> with the username and password you want




to use.






IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL




NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.







For more information about Cisco CP please follow the instructions in the




QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp




-----------------------------------------------------------------------




^C




!




line con 0




login local




no modem enable




line aux 0




line vty 0 4




access-class 23 in




privilege level 15




login local




transport input telnet ssh




!




scheduler max-task-time 5000




end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Sat, 10/23/2010 - 08:06
User Badges:
  • Green, 3000 points or more

Hi,


The reason VLAN 1 (10.10.10.x) is getting internet is because the LAN is directly connected to the router and the router has an interface belonging to that subnet (the router knows how to handle that subnet).


VLAN 2 is not configured on the router nor it has a route to reach it (the router has no clue about where VLAN 2 is supposed to be or how to handle it).


Please explain what you want to do with VLAN 2.


Federico.

andonisvoug Sun, 10/24/2010 - 22:38
User Badges:

Thank you, i did an ACL for the second set of IP's (192.168.1.0/24) and it works fine. The problem is that i can't lock the second "SSID Andonis".

It gives me this error message when i try to put in the key:


"key is not accepted
no more than one static keysets can be configured for dot11"


I have the Advanced Security IOS, do you think i need to get the Advanced IP Sevises IOS in order for it to work ?


V/r

Andonis

Federico Coto F... Mon, 10/25/2010 - 09:44
User Badges:
  • Green, 3000 points or more

I don't think that you need to upgrade the IOS since the current IOS allows up to 10 SSIDs.

Can you post the part of the configuration for both SSIDs?


Federico.

Actions

This Discussion