cisco 877W

[p33w5t3r]

Ik heb een vraag over mijn cisco 877W router. Mijn Lan werkt goed alleen nu mijn wireless nog. Hier een stukje van mijn config:

dot11 ssid @#@#@#@
authentication open
authentication key-management wpa
!

!
interface ATM0
description @#@#@#@#@
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
atm route-bridged ip
pvc 0/35
description @#@#@#@#@
encapsulation aal5snap


interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid @#@#@#@
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country NL indoor
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable


ideetjes ?

 

[nl18663]

Mijn router info:

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)T4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 13-Mar-08 13:50 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

a-nlhouten01 uptime is 14 weeks, 1 hour, 39 minutes
System returned to ROM by power-on
System restarted at 17:46:03 CDT Sun Jun 22 2008
System image file is "flash:c870-advsecurityk9-mz.124-15.T4.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 877W (MPC8272) processor (revision 0x300) with 118784K/12288K bytes of memory.
Processor board ID FCZ1217143Y
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

mijn Config, let op deze wireless is niet op de beste manier dicht getimmert, ik ben een linux doos aan het opzetten waar ik tacacs van ga draaien en op die manier certificates kan uitdelen over mijn clients, maar ik maak wel gebruik van level_0 beveiliging dus anti-spoofing

a-nlhouten01#sh run
Building configuration...

Current configuration : 5747 bytes
!
! Last configuration change at 12:04:13 CDT Fri Jun 27 2008 by nl18663
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname <Omited>
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
enable password 7 <Omited>
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication enable default enable
aaa authorization ipmobile default group rad_pmip 
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
clock timezone CDT 1
clock summer-time CDT recurring
!
!
!
dot11 ssid cisco
   vlan 2
   authentication open 
   guest-mode
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.252
ip dhcp excluded-address 192.168.1.253
!
ip dhcp pool Office
   network 192.168.1.0 255.255.255.0
   dns-server <Omited> <Omited> 
   default-router 192.168.1.1 
!
ip dhcp pool wireless
   network 192.168.2.0 255.255.255.0
   dns-server <Omited> <Omited> 
   default-router 192.168.2.1 
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name inter.nl.net
ip name-server <Omited>
ip name-server <Omited>
!
!
!
username <Omited> password 7 <Omited>
! 
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 atm ilmi-keepalive
 dsl operating-mode auto 
 dsl enable-training-log 
!
interface ATM0.1 point-to-point
 description ** Internet **
 pvc 0/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
 no cdp enable
!         
interface FastEthernet2
 switchport mode trunk
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 2 key 1 size 128bit 7 F7DDA30C82F2EF7D4BC0BE92FEFF transmit-key
 encryption vlan 2 mode wep mandatory 
 !
 ssid cisco
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan1
 description ** Wired LAN **
 ip address 192.168.1.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly
!
interface Vlan2
 no ip address
!
interface Dialer1
 ip address negotiated
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname <Omited>
 ppp chap password 7 <Omited>
 ppp pap sent-username <Omited> password 7 <Omited>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 100 interface Dialer1 overload
ip nat inside source static 192.168.1.13 <Omited>no-alias
ip nat inside source static 192.168.1.254 <Omited>no-alias
ip nat inside source static 192.168.1.252 <Omited>no-alias
!
logging 192.168.1.254
access-list 100 deny   ip host 192.168.1.252 any
access-list 100 deny   ip host 192.168.1.254 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip any 192.168.1.0 0.0.0.255
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.0.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip <Omited> 0.0.0.7 any
access-list 102 permit ip any any
access-list 103 permit ip 192.168.1.0 0.0.0.255 host 192.168.1.1
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane host
!
!
control-plane
!
banner exec ^C
<Omited>
^C
!         
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input ssh
 transport output ssh
!
scheduler max-task-time 5000
ntp clock-period 17175070
ntp server <Omited> source Dialer1
end

 

[p33w5t3r]

Ziet er ook leuk uit ja Ben inmiddels wel geholpen Moest nog wat extra regeltjes toevoegen aan mijn Dot1Radio0.1 interface.

 

[Alge]

Moest nog wat extra regeltjes toevoegen aan mijn Dot1Radio0.1 interface.

Welke regels heb je daar gebruikt?
Ik heb n.l. dezelfde 1483-bridged-ip + LLC config als jij (van BabyXL).

tnx.