BandaAncha.eu

Comunidad de usuarios
de fibra, móvil y ADSL

ADSL/VDSL

Cisco 857w - problema wifi

vicplavic

Hola a todos, abro este post porque tengo problemas con la configuración de un cisco 857w con ip estática de telefónica y no tengo experiencia en la configuración de routers cisco. La conexión por ethernet funciona correctamente, tanto para dhcp como para ip manual. El problema lo tengo en la conexión wifi. Si lo configuro por dhcp no me asigna una ip correcta (conectividad limitada o nula) mientras que si se la pongo manual sí que aparece como conectado pero no navega.

La configuración que tengo es la siguiente:

router#term len 0
router#show run
Building configuration...

Current configuration : 7390 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 ***
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3975853955
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3975853955
revocation-check none
rsakeypair TP-self-signed-3975853955
!
!
crypto pki certificate chain TP-self-signed-3975853955
certificate self-signed 01
***
quit
dot11 syslog
!
dot11 ssid (nombre_red)
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 ***
!
no ip source-route
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
no ip bootp server
ip domain name yourdomain.com
ip name-server 80.58.61.250
ip name-server 80.58.61.254
!
!
!
username salas privilege 15 secret 5 ***
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
ip address (ip_publica) 255.255.255.0
ip nat outside
ip virtual-reassembly
pvc 8/32
protocol ip (ip_publica) broadcast
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 23 mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
broadcast-key vlan 1 change 30
!
!
ssid (nombre_red)
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
no ip address
no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 102 interface ATM0.1 overload
ip nat inside source static tcp 192.168.0.*** 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.0.*** 8080 interface ATM0.1 8080
ip nat inside source static tcp 192.168.0.*** 4662 interface ATM0.1 4662
ip nat inside source static tcp 192.168.0.*** 4672 interface ATM0.1 4672
!
logging trap debugging
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark CCP_ACL Category=1
access-list 100 deny ip ***.0 0.0.0.63 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark CCP_ACL Category=1
access-list 101 permit udp host 80.58.61.254 eq domain host (ip_publica)
access-list 101 permit udp host 80.58.61.250 eq domain host (ip_publica)
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any host (ip_publica) echo-reply
access-list 101 permit icmp any host (ip_publica) time-exceeded
access-list 101 permit icmp any host (ip_publica) unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

¿Hay algún error en la configuración?

Muchas gracias de antemano

BocaDePez
BocaDePez

Saludos,
Para empezar comparto esta plantilla básica de configuración de un Router muy usado dentro de nuestro mercado, el Cisco Mod. 857W, este equipo lo utilizan mucho los operadores que ya conocemos sobre todo para lineas negocios dedicadas, para radio, enlaces, vpn, y otros tantos usos. Es un equipo robusto con muchas características entre las que destacan: FIREWALL, SOPORTE DHCP, SOPORTE NAT, SOPORTE VPN(HASTA 5 TUNELES), SOPORTE PAT, FILTRADO DE DIRECCION MAC, SOPORTE IPV6, PROTOCOLO DE TRANSPORTE(PPTP, L2TP, IPSec, PPPoE, PPPoA, Protocolo de interconexión de datos Ethernet, ATM, Fast Ethernet, IEEE 802.11b, IEEE 802.11g, Red / Protocolo de transporte PPTP, L2TP, IPSec, PPPoE, PPPoA, y demás.

Bueno la plantilla es la que funciona con el operador que mas se usa y que ya sabemos su nombre, pronto colocaré la del otro operador; aunque no cambia mucho. Con un nateo basico pero que funciona por cierto. Si desean configuraciones adicionales me consultan nada más. Si tienen preguntas sobre los comandos, espero consultas. Gracias.

CISCO857W1>en
Password:
CISCO857W1#sh run
Building configuration...

Current configuration : 5215 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO857W1
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
enable password 123456
!
aaa new-model
!
!
aaa authentication login authenvpn local
aaa authorization network authovpn local
!
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid "nombre de la red"
vlan 1
authentication open
guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.181 192.168.1.239 (ejemplo)
ip dhcp excluded-address 192.168.1.254 (ejemplo)
ip dhcp excluded-address 192.168.1.1 192.168.1.40 (ejemplo)
!
ip dhcp pool LAN-CLIENTE_1
network 192.168.1.0 255.255.255.0 (ejemplo)
default-router 192.168.1.240 (ejemplo)
dns-server 8.8.8.8 4.4.4.4 (ejemplo)
!
ip dhcp pool TELEFONICA-NEGOCIOS
import all
default-router 192.168.1.240 (ejemplo)
dns-server 8.8.8.8 4.4.4.4 (ejemplo)
lease 3
!
!
ip cef
no ip bootp server
ip domain name vpn_operador.com (ejemplo)
ip name-server 8.8.8.8 (ejemplo)
ip name-server 4.4.4.4 (ejemplo)
!
!
!
username cisco privilege 15 password 0 cisco (ejemplo)
username vpnuser password 0 clave1 (ejemplo)
username uservpn1 password 0 1234567890 (ejemplo)
username usuario password 0 1234567890 (ejemplo)
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group thevpn
key 1827hdyha2
dns 212.73.32.3 212.73.32.67
pool vpnpool
acl 101
max-users 30
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap1 1
set security-association idle-time 3600
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map mymap client authentication list authenvpn
crypto map mymap isakmp authorization list authovpn
crypto map mymap client configuration address respond
crypto map mymap 65535 ipsec-isakmp dynamic dynmap1
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
description *** ENLACE WAN_RED DE OPERADOR *** (ejemplo)
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/60
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
!
encryption vlan 1 key 1 size 40bit 0 9876543210 transmit-key (ejemplo)
encryption vlan 1 mode wep mandatory
!
ssid "nombre de redwifi"
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description *** VLAN 1 LAN ***
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1360
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 100 out
!
interface Dialer0
description *** CONFIGURACION DEL USER - PASSW ***
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname "usuario@operador"
ppp chap password 0 "del usuario operador"
ppp pap sent-username "usuario@operador" password 0 "del usuario operador"
ppp ipcp address accept
crypto map mymap
!
interface BVI1
description $FW_INSIDE$
ip address 192.168.1.240 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool vpnpool 192.168.2.1 192.168.2.255
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat source route-map myrm interface Dialer0 overload
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 22 "0.0.0.0" 22 extendable (ejemplo)
ip nat inside source static tcp 192.168.1.2 3306 "0.0.0.0 3306 extendable (ejemplo)
ip nat inside source static tcp 192.168.1.102 7721 "0.0.0.0" 7721 extendable (ejemplo)
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip any any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 permit ip any any
dialer-list 1 protocol ip permit
route-map myrm permit 1
match ip address 102
!
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
password "12345" (ejemplo)
!
scheduler max-task-time 5000
end

CISCO857W1#