Καλησπέρα, θέλω να μετατρέψω έναν 877 σε access point για μερικά wireless interfaces (όλα guest, μόνο για πρόσβαση στο internet).
Ο router είναι πάλι ένας 877 ο οποίος έχει διάφορα ACL, VPN και μερικά wirelless πάνω του (κάποια bridged και κάποια guest) (ξέρω ότι έχει μικρή ισχύ, αλλά αυτός υπάρχει!!!).

Δηλαδή έχουμε:
ADSL-->877router (vlan1=10.101.101.1,dot11 0.21=10.101.106.1, dot11 0.22=10.101.107.1)--->[trunk line Fastethernet]--->

--->877AccessPoint(vlan1=10.101.101.252, dot11 0.31=10.101.111.252, dot11 0.32=10.101.112.252)

Από το IOS του AccessPoint μπορώ να κάνω ping στο router και στους διάφορους wired υπολογιστές, καθώς και ping σε
ιστοσελίδες ipv4.
Άρα το πρώτο πρόβλημα είναι ότι δεν έχω ipv6 resolution στο access point

Οι συσκευές συνδέονται στο access point ασύρματα (πχ ip 10.101.111.2, gateway 10.101.111.252) αλλά δεν μπορούν να
συνδεθούν στο internet (κάνουν resolveμέσω του DNS από url σε διεύθυνση ipv4, αλλά ούτε Ping δεν μπορούν να κάνουν εκεί)
Το δεύτερο πρόβλημα είναι λοιπόν ότι δεν γίνεται routing από τα wireless interfaces του access point στο router μέσω του trunk line.

Καμιά ιδέα;

Κώδικας:

!
! Last configuration change at 04:52:41 EET Sun Aug 7 2016 by XXX
! NVRAM config last updated at 04:52:42 EET Sun Aug 7 2016 by XXX
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
!
hostname ap_XXX
!
boot-start-marker
boot system flash:/c870-adventerprisek9-mz.124-24.T7.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging userinfo
logging buffered 32767
logging console informational
enable secret 5 XXX
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication ppp default local
aaa authorization exec local_author local 
!
!
aaa session-id common
clock timezone EET 2
clock summer-time EET recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-XXX
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-XXX
 revocation-check none
 rsakeypair TP-self-signed-XXX
!
!
crypto pki certificate chain TP-self-signed-XXX
 certificate self-signed 01 nvram:IOS-Self-SigXXX.cer
dot11 mbssid
dot11 syslog
!
dot11 ssid athena2
 vlan 31
 authentication open 
 authentication key-management wpa
 mbssid guest-mode
 wpa-psk ascii 7 XXX
!
dot11 ssid cronos2
 vlan 32
 authentication open 
 authentication key-management wpa
 mbssid guest-mode
 wpa-psk ascii 7 XXX
!
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.101.111.1
ip dhcp excluded-address 10.101.112.1
ip dhcp excluded-address 10.101.101.252
ip dhcp excluded-address 10.101.111.252
ip dhcp excluded-address 10.101.112.252
!
ip dhcp pool dhcp_wlanA
   import all
   network 10.101.111.0 255.255.255.0
   dns-server 10.101.111.252 
   default-router 10.101.111.252 
!
ip dhcp pool dhcp_wlanC
   import all
   network 10.101.112.0 255.255.255.0
   dns-server 10.101.112.252 
   default-router 10.101.112.252 
!
!
ip cef
no ip bootp server
ip name-server 10.101.101.1
ip multicast-routing 
ip inspect max-incomplete high 900
ip inspect max-incomplete low 800
no ip igmp snooping
login on-failure log
login on-success log
ipv6 unicast-routing
no ipv6 source-route
ipv6 cef
ipv6 dhcp pool lan6_dhcp
 import dns-server
 import domain-name
!
!
multilink bundle-name authenticated
!
!
!
vtp mode client
username XXX privilege 15 secret 5 XXX
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
no ip ftp passive
!
!
!
interface Null0
 no ip unreachables
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl bitswap both
!
interface FastEthernet0
 description -- trunk interface with basement router ---
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 description $WLAN$
 no ip address
 no ip redirects
 ip local-proxy-arp
 !
 encryption vlan 31 mode ciphers aes-ccm tkip 
 !
 encryption vlan 32 mode ciphers aes-ccm tkip 
 !
 broadcast-key vlan 31 change 60
 !
 broadcast-key vlan 32 change 60
 !
 !
 ssid athena2
 !
 ssid cronos2
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root access-point
 rts threshold 2312
!
interface Dot11Radio0.31
 description $athena2$vlan 31$
 encapsulation dot1Q 31
 ip address 10.101.111.252 255.255.255.0
 no ip redirects
 ip local-proxy-arp
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Dot11Radio0.32
 description $cronos2$vlan 32$
 encapsulation dot1Q 32
 ip address 10.101.112.252 255.255.255.0
 no ip redirects
 ip local-proxy-arp
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Vlan1
 ip address 10.101.101.252 255.255.255.0
 ip directed-broadcast 50
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 ipv6 address FE80::AAAA:BBBB:CCCC:1252 link-local
 ipv6 enable
 hold-queue 100 out
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Vlan1 10.101.101.1
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 180 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list 7 interface Vlan1 overload
!
logging trap notifications
logging facility local6
logging source-interface Vlan1
logging 10.101.101.30
access-list 1 permit 212.205.221.32 log
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.101.101.0 0.0.0.255 log
access-list 1 permit 10.101.102.0 0.0.0.255 log
access-list 1 permit 10.101.110.0 0.0.0.255 log
access-list 1 permit 10.101.111.0 0.0.0.255 log
access-list 1 permit 10.101.112.0 0.0.0.255 log
access-list 7 permit 10.101.111.0 0.0.0.255
access-list 7 permit 10.101.112.0 0.0.0.255
no cdp run


ipv6 route ::/0 Vlan1 FE80::AAAA:BBBB:CCCC:1
!
ipv6 access-list ipv6-internet-in
χχχχ
!
control-plane
!
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp server 62.103.129.253


!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
και μερικά print outs
Κώδικας:
ap#sh ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route


Gateway of last resort is 10.101.101.1 to network 0.0.0.0


     10.0.0.0/24 is subnetted, 2 subnets
C       10.101.110.0 is directly connected, Dot11Radio0.30
C       10.101.101.0 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 10.101.101.1, Vlan1
Βέβαια δεν έχω outside interface, όλα inside είναι.
Κώδικας:
------------------ show ip nat statistics ------------------




Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0, occurred 00:56:41 ago
Outside interfaces:
Inside interfaces:
  Dot11Radio0.30, Dot11Radio0.31, Dot11Radio0.32, Dot11Radio0.33, Vlan1
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 7 interface Vlan1 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0


------------------ show ip nat translations ------------------