Poniżej zamieszczam fragment configu. Widać z niego jakieś moje błędy?
Kod: Zaznacz cały
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login userlist local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication dot1x default none
aaa authorization ipmobile default group rad_pmip
aaa authorization network grouplist local
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
!
!
dot11 syslog
dot11 vlan-name wifi vlan 2
!
!
dot11 ssid wifi-psk
vlan 2
authentication open
wpa-psk ascii 7 1542295C16242227033264704556
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.4
ip dhcp excluded-address 192.168.1.11 192.168.1.254
!
ip dhcp pool vlan2
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 194.204.152.34 194.204.159.1
!
!
!
!
!
!
crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
crypto ipsec transform-set AES esp-aes esp-sha-hmac
!
crypto dynamic-map DYNAMIC 10
set transform-set AES
!
!
set transform-set ASA-IPSEC
match address SDM_1
crypto map SDM_CMAP_1 65000 ipsec-isakmp dynamic DYNAMIC
!
!
interface Dot11Radio0
no ip address
!
ssid wifi-psk
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.2
encapsulation dot1Q 2
ip virtual-reassembly
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no dot11 extension aironet
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool PULA 192.168.100.1 192.168.100.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 79.187.248.169
!
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=18
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.1
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.2
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.3
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.4
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.5
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.6
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.7
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.8
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.9
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.100.10
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 deny ip 0.0.0.0 255.255.255.0 any
access-list 100 remark IPSec Rule
access-list 100 deny ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 deny ip any 192.168.0.0 0.0.0.255
access-list 100 permit ip host 192.168.0.3 any
access-list 100 permit ip host 192.168.0.11 any
access-list 100 permit ip host 192.168.0.12 any
access-list 100 permit ip host 192.168.0.20 any
access-list 100 permit ip host 192.168.0.21 any
access-list 100 permit ip host 192.168.0.22 any
access-list 100 permit ip host 192.168.0.23 any
access-list 100 permit ip host 192.168.0.26 any
access-list 100 permit ip host 192.168.0.27 any
access-list 100 permit ip host 192.168.0.28 any
access-list 100 permit ip host 192.168.0.29 any
access-list 100 permit ip host 192.168.0.31 any
access-list 100 permit ip host 192.168.0.44 any
access-list 100 permit ip host 192.168.0.66 any
access-list 100 permit ip host 192.168.0.67 any
access-list 100 permit ip host 192.168.0.75 any
access-list 100 permit ip host 192.168.0.77 any
access-list 100 permit ip host 192.168.0.88 any
access-list 100 permit ip host 192.168.0.99 any
access-list 100 permit tcp host 192.168.0.124 host 10.10.10.1 eq 3389
access-list 100 permit tcp host 192.168.0.125 host 10.10.10.1 eq 3389
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 199 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
arp 192.168.0.31 0011.095e.705f ARPA
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 100
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
end