Cisco 871w config error.. no internet connection from lan/wlan

Hi All.

Im new here so be gentle.
I am also quite new to cisco CLI, but i bit the bullet and brought a
nice 871W with the bundle.

I have made a config, partyl using the help from a spread*** on the
internet, evertything fine, both WLANS work, i can use SDM etc, but
when i try and use my internet connection, it doesnt allow me access
from either LAN/WLAN.

I have another config,which im running at the moment, that is allowing
me access, and im really stumped and cant tell the difference (its a
really simple one with :access-list 100 permit ip 192.168.1.0
0.0.0.255 any.

Can somebody look at the following and explain where i am going wrong?

Thanks





!This is the running config of the router: 10.10.128.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname 871w
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 16000 warnings
enable secret 5 xxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone gmt 0
!
crypto pki trustpoint TP-self-signed-296088904
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-296088904
revocation-check none
rsakeypair TP-self-signed-296088904
!
!
crypto pki certificate chain TP-self-signed-296088904
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101
04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D
43657274
69666963 6174652D 32393630 38383930 34301E17 0D303630 39323731
39333934
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403
1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3239
36303838
39303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100
DCE664A4 B45E25C5 5134E853 994DEA62 B77A9086 CD58084A 1ECC12DB
4C71B74C
086849D5 E801B54C C3475C22 D376F07B 5A9000BC C1C882E7 64D36885
6EE026ED
E9CC3311 BB55C234 62385615 5F36F503 6628A477 E8BFA704 678FA112
8A8AD0E3
61538518 6D0570E6 EFF08BE0 34B049BB BBE4E6EE A0B16A44 F7DB23D5
3FD3737F
02030100 01A36430 62300F06 03551D13 0101FF04 05300301 01FF300F
0603551D
11040830 06820438 37317730 1F060355 1D230418 30168014 ECB0CA37
F835F9BD
9D0B8B98 716AD208 BADCAA97 301D0603 551D0E04 160414EC B0CA37F8
35F9BD9D
0B8B9871 6AD208BA DCAA9730 0D06092A 864886F7 0D010104 05000381
8100C24B
21A23921 E99F7049 5AA132A1 0B24232D 94EBC310 AFC75C54 37D86DBA
79FAE8FB
50106CB8 3AAA6A2E FF2F3F39 C624C50B 7EE89812 BE84A97E 274AFB15
54263059
41DE4512 D340BDDD E1B033AD 42746EFD 33A40784 E047B343 CAA33B63
D3273E25
217997BC 00C341A6 F9DCA496 D22323FE C7C82861 D2955A8D CD582022 6A6B
quit
!
dot11 ssid emotionography
vlan 10
authentication open
authentication key-management wpa
wpa-psk ascii 0 xxxxx
!
dot11 ssid groovesalad
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxx
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.128.1 10.10.128.50
ip dhcp excluded-address 10.9.16.1 10.9.16.50
ip dhcp excluded-address 192.168.0.1 192.168.0.50
ip dhcp excluded-address 192.168.0.101 192.168.0.254
!
ip dhcp pool VLAN10
network 10.10.128.0 255.255.248.0
default-router 10.10.128.1
domain-name xxxxx
lease 7
!
ip dhcp pool VLAN20
network 10.9.16.0 255.255.255.0
default-router 10.9.16.1
domain-name xxxxx
lease 7
!
ip dhcp pool DMZone
import all
network 192.168.0.0 255.255.255.0
lease 7
!
!
ip domain name xxxxxx
ip name-server 194.168.4.100
ip name-server 194.168.8.100
ip inspect name MyFirewall tcp
ip inspect name MyFirewall udp
ip inspect name MyFirewall pop3
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip urlfilter source-interface BVI20
ip urlfilter exclusive-domain deny doubleclick.net
ip urlfilter urlf-server-log
ip ddns update method xxxxx
HTTP
add http://xxxx:/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
!
!
multilink bundle-name authenticated
!
!
username admin privilege 15 password 0 password
username xxxxx privilege 15 view root secret 5 xxxxxx
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
bridge irb
!
!
interface FastEthernet0
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet4
description $FW_OUTSIDE$
ip ddns update hostname xxxxx.dyndns.org
ip ddns update xxxxx
ip address dhcp
ip access-group Internet-inbound-ACL in
ip nat outside
ip inspect MyFirewall out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
ip route-cache flow
no dot11 extension aironet
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid xxxxx
!
ssid xxxxx
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
channel 2437
station-role root
no cdp enable
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Vlan1
no ip address
ip route-cache flow
!
interface Vlan10
description Internal Network 1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled
!
interface Vlan20
description Guest Network 1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 20
bridge-group 20 spanning-disabled
!
interface Vlan30
description for DMZone
ip address 192.168.0.1 255.255.255.0
ip route-cache flow
!
interface BVI20
description Bridge to Guest Network 1$FW_INSIDE$
ip address 10.9.16.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface BVI10
description Bridge to Internal Network 1$FW_INSIDE$
ip address 10.10.128.1 255.255.248.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
ip http access-class 2
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended Guest-ACL
deny ip any 10.2.0.0 0.248.255.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
logging trap warnings
access-list 1 permit 10.2.0.0 0.248.255.255
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.128.0 0.0.7.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
telnet
access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
22
access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
www
access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
443
access-list 100 permit tcp 10.10.128.0 0.0.7.255 host 10.10.128.1 eq
cmd
access-list 100 deny tcp any host 10.10.128.1 eq telnet
access-list 100 deny tcp any host 10.10.128.1 eq 22
access-list 100 deny tcp any host 10.10.128.1 eq www
access-list 100 deny tcp any host 10.10.128.1 eq 443
access-list 100 deny tcp any host 10.10.128.1 eq cmd
access-list 100 deny udp any host 10.10.128.1 eq snmp
access-list 100 permit ip any any
access-list 101 remark Only allow these hosts to access HTTP/S/SSH/
Telnet/RPC
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 10.10.128.0 0.0.7.255 any
!
!
!
!
control-plane
!
bridge 10 route ip
bridge 20 route ip
banner login ^CLogin Here:^C
!
line con 0
logging synchronous
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 101 in
password d1mma20
logging synchronous
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
.

Quantcast