Problem with Internet in Second VLAN (Cisco 877W)

andonisvoug · ‎10-22-2010

I am having problems getting my second Vlan (VLAN2) to have internet as the first one (VLAN1). I setup two Vlans:

Vlan1 IP's 10.10.10.1-254 "SSID Cisco", this one works fine and works over wireless and wired clients.

Vlan2 IP's 192.168.1.1-254 "SSID Andonis", i gave this one DNS from OPENDNS (familyshield to be able to block bad sites for my kids) and its giving away the IP's just fine but there is no internet.

What do you think i am doing wrong?

Here is my config:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname **********

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-2990631934

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2990631934

revocation-check none

rsakeypair TP-self-signed-2990631934

!

crypto pki certificate chain TP-self-signed-2990631934

certificate self-signed 01

3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 32393930 36333139 3334301E 170D3032 30333036 31383231

31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393036

33313933 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100CF07 6A309C0C 4B515D27 80F794F7 5C94C05F 1968DA5F A9286BFF D0090DD0

8CE3CB05 90F2091E FAF5AEA3 A215E095 94BC1CF9 25F79DC2 F2682FBD D22B1934

B9B230F8 42A5F460 178BA4C2 C94188A0 5111E3FB E39CA9B6 1D3C2415 3EE19AB2

E0655341 B03E4B19 205F47F0 B23FC3D4 D20097FE 76B2D9CF 99912446 E0B6A79A

B83B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603

551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D

301F0603 551D2304 18301680 146BD667 6566BFB9 5B6ED3FE 7FCCC66E 84A3D8E6

77301D06 03551D0E 04160414 6BD66765 66BFB95B 6ED3FE7F CCC66E84 A3D8E677

300D0609 2A864886 F70D0101 04050003 81810090 ED81DE0E 0CD42EBC 1DF3C08E

BEC4C55B FB617092 C6A61C20 B2B46CB3 0719660B A776E879 02D903D7 BB9483CB

72DC966E 1A293038 C0FA6D1D BBEDCA48 A422774F CE233657 2FDD452A 0F076814

606C3820 284F226A 3895FD0D E49E10E8 3FD6F443 6685408E B06188DA DDE4BFC1

FB307732 5872DA81 F1B61A8F C8DAE0E0 D06821

quit

dot11 syslog

!

dot11 ssid cisco

vlan 1

authentication open

mbssid guest-mode

!

ip cef

no ip dhcp use vrf connected

!

ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 62.169.194.17 62.169.194.18

lease 0 2

!

no ip domain lookup

ip domain name ********!

!

username ********* privilege 15 secret 5 **********************

!

archive

log config

hidekeys

!

bridge irb

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 8/35

pppoe-client dial-pool-number 1

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

!

encryption vlan 1 key 1 size 40bit 0 *********** transmit-key

encryption vlan 1 mode wep mandatory

!

broadcast-key vlan 1 change 30

!

ssid cisco

!

mbssid

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname *****************

ppp chap password 0 ***********

ppp pap sent-username ********** password 0 *********

!

interface BVI1

ip address 10.10.10.1 255.255.255.0

ip access-group 2 in

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 2 remark CCP_ACL Category=1

access-list 2 permit any

access-list 23 remark CCP_ACL Category=17

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 100 remark CCP_ACL Category=1

access-list 100 permit tcp any any

dialer-list 1 protocol ip permit

snmp-server community public RO

no cdp run

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^C

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device.

This feature requires the one-time use of the username "cisco" with the

password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE

PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>

no username cisco

Replace <myuser> and <mypassword> with the username and password you want

to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL

NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the

QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp

-----------------------------------------------------------------------

^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

Federico Coto Fajardo · ‎10-23-2010

Hi,

The reason VLAN 1 (10.10.10.x) is getting internet is because the LAN is directly connected to the router and the router has an interface belonging to that subnet (the router knows how to handle that subnet).

VLAN 2 is not configured on the router nor it has a route to reach it (the router has no clue about where VLAN 2 is supposed to be or how to handle it).

Please explain what you want to do with VLAN 2.

Federico.

andonisvoug · ‎10-24-2010

Thank you, i did an ACL for the second set of IP's (192.168.1.0/24) and it works fine. The problem is that i can't lock the second "SSID Andonis".

It gives me this error message when i try to put in the key:

"key is not accepted
no more than one static keysets can be configured for dot11"

I have the Advanced Security IOS, do you think i need to get the Advanced IP Sevises IOS in order for it to work ?

V/r

Andonis

Federico Coto Fajardo · ‎10-25-2010

I don't think that you need to upgrade the IOS since the current IOS allows up to 10 SSIDs.

Can you post the part of the configuration for both SSIDs?

Federico.