Cisco 1200 ne propusta DHCP pod filterom

[ simor @ 18.01.2005. 21:00 ] @

Cao, sorry na kasnom odgovoru... Nisam bio u prilici da se javim ranije.

Snifer nisam mogao da pokrenem, posto je situacija malo komplikovanija... Trenutno je na taj cisco asocirano desetak pretplatnika, pa ne bih da ih izbacim bez najave...
Ali i to cu morati da sredim

Saljem verziju ios-a i konfiguraciju:

Evo sta mi kaze na "show version"

Code:

ap>show version
Cisco Internetwork Operating System Software
IOS (tm) C1200 Software (C1200-K9W7-M), Version 12.2(13)JA3, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 20-Feb-04 17:21 by kellythw
Image text-base: 0x00003000, data-base: 0x0053CEA4

ROM: Bootstrap program is C1200 boot loader
BOOTLDR: C1200 Boot Loader (C1200-BOOT-M) Version 12.2(8)JA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

ap uptime is 6 weeks, 7 hours, 49 minutes
System returned to ROM by power-on
System restarted at 13:56:58 UTC Tue Dec 7 2004
System image file is "flash:/c1200-k9w7-mx.122-13.JA3/c1200-k9w7-mx.122-13.JA3"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

cisco AIR-AP1231G-E-K9     (PowerPC405GP) processor (revision B0) with 14326K/2048K bytes of memory.
Processor board ID FOC08131YNX
PowerPC405GP CPU at 196Mhz, revision number 0x0145
Last reset from power-on
Bridging software.
1 FastEthernet/IEEE 802.3 interface(s)
1 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: xxxx.xxxx.xxxx
Part Number                          : 73-8704-07
PCA Assembly Number                  : 800-23211-08
PCA Revision Number                  : A0
PCB Serial Number                    : FOC08131YNX
Top Assembly Part Number             : 800-23304-07
Top Assembly Serial Number           : FHK0818J0XX
Top Revision Number                  : B0
Product/Model Number                 : AIR-AP1231G-E-K9

Configuration register is 0xF

A na "show configuration" kaze sledece:

Code:

ap#show configuration
Using 2413 out of 32768 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 ???
!
username ??? password ???
ip subnet-zero
no ip domain lookup
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid apalink_vt
    authentication open
    guest-mode
!
speed basic-1.0 2.0
rts threshold 2312
no preamble-short
channel 2422
beacon period 50
antenna receive right
antenna transmit right
station-role root
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
l2-filter bridge-group-acl
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.0.13 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
ip http help-path http://www.cisco.com/warp/publ...prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 permit xxxx.xxxx.xxxx   0000.0000.0000
access-list 700 deny   0000.0000.0000   ffff.ffff.ffff
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
!
line con 0
line vty 5 15
!
end