 Cisco851W,  dpride, 20-Авг-10, 17:32 [смотреть все]Есть Cisco 851W с IOS c850-advsecurityk9-mz.124-15.T1.bin. Настроил две беспроводные сети, пока пользуються только одной (192.168.3.0) и почему-то нет пинга между беспроводными клиентами. Соответственно от беспроводных клиентов пингуеться сам маршрутизатор, а также, то что в него воткнуто через Ethernet. Вопрос: Как это побороть? Пинг 2 или 3 раза появлялся после перезагрузки, а потом исчезал. Конфиг ниже.Building configuration... Current configuration : 6110 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw-ics-krasnodar
!
boot-start-marker
boot-end-marker
!
enable secret 5 SECRET
!
no aaa new-model
clock timezone msk 3
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 3600
crypto isakmp key KEY address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set STS_VPN esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile tun_prof
set transform-set STS_VPN
!
!
!
!
!
dot11 ssid ICS-KRASNODAR
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 KEY
information-element ssidl advertisement
!
dot11 ssid ICS-KRASNODAR-GUEST
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 KEY
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.120.1 10.10.120.19
ip dhcp excluded-address 192.168.3.1 192.168.3.59
!
ip dhcp pool ICS-KRASNODAR
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.0.2 192.168.3.1
domain-name ics.local
netbios-name-server 192.168.0.2
!
ip dhcp pool ICS-KRASNODAR-GUEST
import all
network 10.10.120.0 255.255.255.0
dns-server 10.10.120.1
domain-name ics.local
default-router 10.10.120.1
!
!
ip cef
ip name-server NAME SERVER
!
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface Tunnel1
description Main tunnel to ofice
ip address 10.10.200.6 255.255.255.252
ip mtu 1400
ip rip v2-broadcast
delay 1000
tunnel source FastEthernet4
tunnel destination OFFICE IP
tunnel path-mtu-discovery
tunnel protection ipsec profile tun_prof
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address EXT IP ADD
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers tkip
!
ssid ICS-KRASNODAR
!
ssid ICS-KRASNODAR-GUEST
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
description ICS Krasnodar main interface
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 192.168.3.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface BVI2
ip address 10.10.120.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
!
router rip
version 2
network 10.0.0.0
network 192.168.3.0
!
ip route 0.0.0.0 0.0.0.0 PROVIDER GW
ip flow-export version 9
ip flow-export destination 192.168.0.2 9996
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source list 150 interface FastEthernet4 overload
!
access-list 1 permit 192.168.0.2
access-list 1 permit 192.168.0.6
access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 150 permit ip 10.10.120.0 0.0.0.255 any
snmp-server community vgH97nKv RO 1
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
password CONSPWD
login
!
scheduler max-task-time 5000
end
|
- Cisco851W, dpride, 15:59 , 26-Авг-10 (2)
Народ, умные мысли у кого-нибудь появились
- Cisco851W, dpride, 12:10 , 08-Сен-10 (3)
>Народ, умные мысли у кого-нибудь появились Отвечаю сам себе, как только убрал Vlan, и множественные SSID, так сразу все и заработало. Вопрос: как правильно сделать с Vlan.
|
Версия для распечатки
