Banda Ancha EU

Comunidad de usuarios
de fibra, móvil y ADSL

hosting en interdominios
372 lecturas y 1 respuestas
  • Cisco 857w - problema wifi

    Hola a todos, abro este post porque tengo problemas con la configuración de un cisco 857w con ip estática de telefónica y no tengo experiencia en la configuración de routers cisco. La conexión por ethernet funciona correctamente, tanto para dhcp como para ip manual. El problema lo tengo en la conexión wifi. Si lo configuro por dhcp no me asigna una ip correcta (conectividad limitada o nula) mientras que si se la pongo manual sí que aparece como conectado pero no navega.

    La configuración que tengo es la siguiente:

    router#term len 0
    router#show run
    Building configuration...

    Current configuration : 7390 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200
    logging console critical
    enable secret 5 ***
    !
    aaa new-model
    !
    !
    aaa group server radius rad_eap
    !
    aaa group server radius rad_mac
    !
    aaa group server radius rad_acct
    !
    aaa group server radius rad_admin
    !
    aaa group server tacacs+ tac_admin
    !
    aaa group server radius rad_pmip
    !
    aaa group server radius dummy
    !
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization ipmobile default group rad_pmip
    aaa accounting network acct_methods start-stop group rad_acct
    !
    !
    aaa session-id common
    clock timezone PCTime 1
    clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
    !
    crypto pki trustpoint TP-self-signed-3975853955
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3975853955
    revocation-check none
    rsakeypair TP-self-signed-3975853955
    !
    !
    crypto pki certificate chain TP-self-signed-3975853955
    certificate self-signed 01
    ***
    quit
    dot11 syslog
    !
    dot11 ssid (nombre_red)
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 ***
    !
    no ip source-route
    ip dhcp excluded-address 10.10.10.1
    !
    !
    ip cef
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    no ip bootp server
    ip domain name yourdomain.com
    ip name-server 80.58.61.250
    ip name-server 80.58.61.254
    !
    !
    !
    username salas privilege 15 secret 5 ***
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$
    ip address (ip_publica) 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    pvc 8/32
    protocol ip (ip_publica) broadcast
    encapsulation aal5snap
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 23 mode ciphers aes-ccm tkip
    !
    encryption vlan 1 mode ciphers aes-ccm tkip
    !
    broadcast-key vlan 1 change 30
    !
    !
    ssid (nombre_red)
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no cdp enable
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 192.168.0.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Dialer0
    no ip address
    no cdp enable
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 ATM0.1
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 102 interface ATM0.1 overload
    ip nat inside source static tcp 192.168.0.*** 21 interface ATM0.1 21
    ip nat inside source static tcp 192.168.0.*** 8080 interface ATM0.1 8080
    ip nat inside source static tcp 192.168.0.*** 4662 interface ATM0.1 4662
    ip nat inside source static tcp 192.168.0.*** 4672 interface ATM0.1 4672
    !
    logging trap debugging
    access-list 100 remark auto generated by Cisco SDM Express firewall configuration
    access-list 100 remark CCP_ACL Category=1
    access-list 100 deny ip ***.0 0.0.0.63 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by Cisco SDM Express firewall configuration
    access-list 101 remark CCP_ACL Category=1
    access-list 101 permit udp host 80.58.61.254 eq domain host (ip_publica)
    access-list 101 permit udp host 80.58.61.250 eq domain host (ip_publica)
    access-list 101 deny ip 192.168.0.0 0.0.0.255 any
    access-list 101 permit icmp any host (ip_publica) echo-reply
    access-list 101 permit icmp any host (ip_publica) time-exceeded
    access-list 101 permit icmp any host (ip_publica) unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any
    access-list 102 remark CCP_ACL Category=2
    access-list 102 permit ip 192.168.0.0 0.0.0.255 any
    no cdp run
    radius-server attribute 32 include-in-access-req format %h
    radius-server vsa send accounting
    !
    control-plane
    !
    banner exec ^C
    % Password expiration warning.
    -----------------------------------------------------------------------

    Cisco Configuration Professional (Cisco CP) is installed on this device
    and it provides the default username "cisco" for one-time use. If you have
    already used the username "cisco" to login to the router and your IOS image
    supports the "one-time" user option, then this username has already expired.
    You will not be able to login to the router with this username after you exit
    this session.

    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.

    username <myuser> privilege 15 secret 0 <mypassword>

    Replace <myuser> and <mypassword> with the username and password you
    want to use.

    -----------------------------------------------------------------------
    ^C
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    no modem enable
    transport output telnet
    line aux 0
    transport output telnet
    line vty 0 4
    privilege level 15
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end

    ¿Hay algún error en la configuración?

    Muchas gracias de antemano

    Este tema lleva más de 6 meses inactivo. Es recomendable que abras un nuevo tema para retomar la conversación.
    1
    • BocaDePez BocaDePez
      6

      Saludos, Para empezar comparto esta plantilla básica de…

      Saludos,
      Para empezar comparto esta plantilla básica de configuración de un Router muy usado dentro de nuestro mercado, el Cisco Mod. 857W, este equipo lo utilizan mucho los operadores que ya conocemos sobre todo para lineas negocios dedicadas, para radio, enlaces, vpn, y otros tantos usos. Es un equipo robusto con muchas características entre las que destacan: FIREWALL, SOPORTE DHCP, SOPORTE NAT, SOPORTE VPN(HASTA 5 TUNELES), SOPORTE PAT, FILTRADO DE DIRECCION MAC, SOPORTE IPV6, PROTOCOLO DE TRANSPORTE(PPTP, L2TP, IPSec, PPPoE, PPPoA, Protocolo de interconexión de datos Ethernet, ATM, Fast Ethernet, IEEE 802.11b, IEEE 802.11g, Red / Protocolo de transporte PPTP, L2TP, IPSec, PPPoE, PPPoA, y demás.

      Bueno la plantilla es la que funciona con el operador que mas se usa y que ya sabemos su nombre, pronto colocaré la del otro operador; aunque no cambia mucho. Con un nateo basico pero que funciona por cierto. Si desean configuraciones adicionales me consultan nada más. Si tienen preguntas sobre los comandos, espero consultas. Gracias.

      CISCO857W1>en
      Password:
      CISCO857W1#sh run
      Building configuration...

      Current configuration : 5215 bytes
      !
      version 12.4
      no service pad
      service timestamps debug datetime msec
      service timestamps log datetime msec
      no service password-encryption
      !
      hostname CISCO857W1
      !
      boot-start-marker
      boot-end-marker
      !
      logging buffered 16000
      enable password 123456
      !
      aaa new-model
      !
      !
      aaa authentication login authenvpn local
      aaa authorization network authovpn local
      !
      !
      aaa session-id common
      !
      !
      dot11 syslog
      !
      dot11 ssid "nombre de la red"
      vlan 1
      authentication open
      guest-mode
      !
      no ip dhcp use vrf connected
      ip dhcp excluded-address 192.168.1.181 192.168.1.239 (ejemplo)
      ip dhcp excluded-address 192.168.1.254 (ejemplo)
      ip dhcp excluded-address 192.168.1.1 192.168.1.40 (ejemplo)
      !
      ip dhcp pool LAN-CLIENTE_1
      network 192.168.1.0 255.255.255.0 (ejemplo)
      default-router 192.168.1.240 (ejemplo)
      dns-server 8.8.8.8 4.4.4.4 (ejemplo)
      !
      ip dhcp pool TELEFONICA-NEGOCIOS
      import all
      default-router 192.168.1.240 (ejemplo)
      dns-server 8.8.8.8 4.4.4.4 (ejemplo)
      lease 3
      !
      !
      ip cef
      no ip bootp server
      ip domain name vpn_operador.com (ejemplo)
      ip name-server 8.8.8.8 (ejemplo)
      ip name-server 4.4.4.4 (ejemplo)
      !
      !
      !
      username cisco privilege 15 password 0 cisco (ejemplo)
      username vpnuser password 0 clave1 (ejemplo)
      username uservpn1 password 0 1234567890 (ejemplo)
      username usuario password 0 1234567890 (ejemplo)
      !
      !
      crypto isakmp policy 1
      encr 3des
      authentication pre-share
      group 2
      !
      crypto isakmp client configuration group thevpn
      key 1827hdyha2
      dns 212.73.32.3 212.73.32.67
      pool vpnpool
      acl 101
      max-users 30
      netmask 255.255.255.0
      !
      !
      crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
      !
      crypto dynamic-map dynmap1 1
      set security-association idle-time 3600
      set transform-set ESP-3DES-SHA
      reverse-route
      !
      !
      crypto map mymap client authentication list authenvpn
      crypto map mymap isakmp authorization list authovpn
      crypto map mymap client configuration address respond
      crypto map mymap 65535 ipsec-isakmp dynamic dynmap1
      !
      archive
      log config
      hidekeys
      !
      !
      !
      bridge irb
      !
      !
      interface ATM0
      description *** ENLACE WAN_RED DE OPERADOR *** (ejemplo)
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip route-cache flow
      no atm ilmi-keepalive
      dsl operating-mode auto
      !
      interface ATM0.1 point-to-point
      pvc 8/60
      pppoe-client dial-pool-number 1
      !
      !
      interface FastEthernet0
      !
      interface FastEthernet1
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface Dot11Radio0
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip virtual-reassembly
      !
      encryption vlan 1 key 1 size 40bit 0 9876543210 transmit-key (ejemplo)
      encryption vlan 1 mode wep mandatory
      !
      ssid "nombre de redwifi"
      !
      speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
      station-role root
      !
      interface Dot11Radio0.1
      encapsulation dot1Q 1 native
      bridge-group 1
      bridge-group 1 subscriber-loop-control
      bridge-group 1 spanning-disabled
      bridge-group 1 block-unknown-source
      no bridge-group 1 source-learning
      no bridge-group 1 unicast-flooding
      !
      interface Vlan1
      description *** VLAN 1 LAN ***
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip nat inside
      ip virtual-reassembly
      ip route-cache flow
      ip tcp adjust-mss 1360
      bridge-group 1
      bridge-group 1 spanning-disabled
      hold-queue 100 out
      !
      interface Dialer0
      description *** CONFIGURACION DEL USER - PASSW ***
      ip address negotiated
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip nat outside
      ip virtual-reassembly
      encapsulation ppp
      ip route-cache flow
      ip tcp adjust-mss 1360
      dialer pool 1
      dialer-group 1
      ppp authentication chap pap callin
      ppp chap hostname "usuario@operador"
      ppp chap password 0 "del usuario operador"
      ppp pap sent-username "usuario@operador" password 0 "del usuario operador"
      ppp ipcp address accept
      crypto map mymap
      !
      interface BVI1
      description $FW_INSIDE$
      ip address 192.168.1.240 255.255.255.0
      ip nat inside
      ip virtual-reassembly
      !
      ip local pool vpnpool 192.168.2.1 192.168.2.255
      ip forward-protocol nd
      ip route 0.0.0.0 0.0.0.0 Dialer0
      !
      no ip http server
      no ip http secure-server
      ip nat source route-map myrm interface Dialer0 overload
      ip nat inside source list 1 interface Dialer0 overload
      ip nat inside source static tcp 192.168.1.2 22 "0.0.0.0" 22 extendable (ejemplo)
      ip nat inside source static tcp 192.168.1.2 3306 "0.0.0.0 3306 extendable (ejemplo)
      ip nat inside source static tcp 192.168.1.102 7721 "0.0.0.0" 7721 extendable (ejemplo)
      !
      access-list 1 permit 192.168.1.0 0.0.0.255
      access-list 1 remark INSIDE_IF=Ethernet0
      access-list 1 remark SDM_ACL Category=2
      access-list 101 permit ip 192.168.1.0 0.0.0.255 any
      access-list 101 permit ip 192.168.2.0 0.0.0.255 any
      access-list 101 permit ip any any
      access-list 102 permit ip 192.168.1.0 0.0.0.255 any
      access-list 102 permit ip 192.168.2.0 0.0.0.255 any
      access-list 102 permit ip any any
      dialer-list 1 protocol ip permit
      route-map myrm permit 1
      match ip address 102
      !
      !
      control-plane
      !
      line con 0
      no modem enable
      line aux 0
      line vty 0 4
      password "12345" (ejemplo)
      !
      scheduler max-task-time 5000
      end

      CISCO857W1#