10-22-2010 11:02 AM - edited 03-06-2019 01:42 PM
I am having problems getting my second Vlan (VLAN2) to have internet as the first one (VLAN1). I setup two Vlans:
Vlan1 IP's 10.10.10.1-254 "SSID Cisco", this one works fine and works over wireless and wired clients.
Vlan2 IP's 192.168.1.1-254 "SSID Andonis", i gave this one DNS from OPENDNS (familyshield to be able to block bad sites for my kids) and its giving away the IP's just fine but there is no internet.
What do you think i am doing wrong?
Here is my config:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname **********
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2990631934
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2990631934
revocation-check none
rsakeypair TP-self-signed-2990631934
!
!
crypto pki certificate chain TP-self-signed-2990631934
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393930 36333139 3334301E 170D3032 30333036 31383231
31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393036
33313933 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CF07 6A309C0C 4B515D27 80F794F7 5C94C05F 1968DA5F A9286BFF D0090DD0
8CE3CB05 90F2091E FAF5AEA3 A215E095 94BC1CF9 25F79DC2 F2682FBD D22B1934
B9B230F8 42A5F460 178BA4C2 C94188A0 5111E3FB E39CA9B6 1D3C2415 3EE19AB2
E0655341 B03E4B19 205F47F0 B23FC3D4 D20097FE 76B2D9CF 99912446 E0B6A79A
B83B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 146BD667 6566BFB9 5B6ED3FE 7FCCC66E 84A3D8E6
77301D06 03551D0E 04160414 6BD66765 66BFB95B 6ED3FE7F CCC66E84 A3D8E677
300D0609 2A864886 F70D0101 04050003 81810090 ED81DE0E 0CD42EBC 1DF3C08E
BEC4C55B FB617092 C6A61C20 B2B46CB3 0719660B A776E879 02D903D7 BB9483CB
72DC966E 1A293038 C0FA6D1D BBEDCA48 A422774F CE233657 2FDD452A 0F076814
606C3820 284F226A 3895FD0D E49E10E8 3FD6F443 6685408E B06188DA DDE4BFC1
FB307732 5872DA81 F1B61A8F C8DAE0E0 D06821
quit
dot11 syslog
!
dot11 ssid cisco
vlan 1
authentication open
mbssid guest-mode
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 62.169.194.17 62.169.194.18
lease 0 2
!
!
no ip domain lookup
ip domain name ********!
!
!
username ********* privilege 15 secret 5 **********************
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 key 1 size 40bit 0 *********** transmit-key
encryption vlan 1 mode wep mandatory
!
broadcast-key vlan 1 change 30
!
!
ssid cisco
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname *****************
ppp chap password 0 ***********
ppp pap sent-username ********** password 0 *********
!
interface BVI1
ip address 10.10.10.1 255.255.255.0
ip access-group 2 in
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=1
access-list 2 permit any
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp any any
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
10-23-2010 08:06 AM
Hi,
The reason VLAN 1 (10.10.10.x) is getting internet is because the LAN is directly connected to the router and the router has an interface belonging to that subnet (the router knows how to handle that subnet).
VLAN 2 is not configured on the router nor it has a route to reach it (the router has no clue about where VLAN 2 is supposed to be or how to handle it).
Please explain what you want to do with VLAN 2.
Federico.
10-24-2010 10:38 PM
Thank you, i did an ACL for the second set of IP's (192.168.1.0/24) and it works fine. The problem is that i can't lock the second "SSID Andonis".
It gives me this error message when i try to put in the key:
"key is not accepted
no more than one static keysets can be configured for dot11"
I have the Advanced Security IOS, do you think i need to get the Advanced IP Sevises IOS in order for it to work ?
V/r
Andonis
10-25-2010 09:44 AM
I don't think that you need to upgrade the IOS since the current IOS allows up to 10 SSIDs.
Can you post the part of the configuration for both SSIDs?
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide