Jump to content
  • 0

Настройка внешней сети


Ильяс Тимир-Булатов
 Share

Question

Здравствуйте, конечная задача у меня такая: настроить роутер Zyxel Keeneric Giga II на то чтобы он выполнял роль точки доступа, локальные клиенты заворачиваются в 111 влан и к нему был доступ из внешней сети по влану 1000 (управление) и чтобы он мог обновляться по влану 102, в общем и целом всё получилось кроме одного - он не хочет видеть интернет, шлюз (192.168.2.1) не пингуется(пинг 100% открыт).

Вот мой конфиг:

Скрытый текст

! $$$ Model: ZyXEL Keenetic Giga II
! $$$ Version: 2.06.1
! $$$ Agent: http/ci
! $$$ Last change: Tue, 29 Oct 2013 00:00:39 GMT
! $$$ Md5 checksum: 3b393ed30e9804a5892d309374e08a29

system
    set net.ipv4.ip_forward 1
    set net.ipv4.tcp_fin_timeout 30
    set net.ipv4.tcp_keepalive_time 120
    set net.ipv4.netfilter.ip_conntrack_tcp_timeout_established 1200
    set net.ipv4.netfilter.ip_conntrack_max 10240
    set vm.swappiness 100
    clock timezone Europe/Moscow
    domainname WORKGROUP
    hostname Keenetic_Giga
!
ntp server 172.17.17.1
isolate-private
dyndns profile _WEBADMIN
!
interface GigabitEthernet0
    up
!
interface GigabitEthernet0/1
    name 1
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/2
    name 2
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/3
    name 3
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/4
    name 4
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/Vlan102
    name ISP
    description "Broadband connection"
    mac address factory wan
    security-level public
    ip address 192.168.2.20 255.255.255.0
    ip dhcp client dns-routes
    ip dhcp client name-servers
    ip mtu 1500
    ip global 700
    igmp upstream
    up
!
interface GigabitEthernet0/Vlan111
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
interface GigabitEthernet0/Vlan1000
    name management
    description "management port"
    mac address factory wan
    security-level private
    ip address 172.17.17.40 255.255.255.0
    ip dhcp client hostname Keenetic_Giga
    ip dhcp client dns-routes
    ip dhcp client name-servers
    ip mtu 1500
    up
!
interface GigabitEthernet0/0
    name 0
    role inet for ISP
    switchport mode trunk
    switchport access vlan 1
    switchport trunk vlan 1000
    switchport trunk vlan 111
    switchport trunk vlan 102
    up
!
interface WifiMaster0
    country-code RU
    compatibility BGN
    channel width 40-below
    power 100
    up
!
interface WifiMaster0/AccessPoint0
    name AccessPoint
    description "Wi-Fi access point"
    mac access-list type none
    security-level private
    authentication wpa-psk ns3 YicAYnD/DOsC53lfaMOPx7pG
    encryption enable
    encryption wpa2
    ip dhcp client dns-routes
    ip dhcp client name-servers
    ssid Keenetic-6813
    wmm
    up
!
interface Bridge2
    inherit GigabitEthernet0/Vlan111
    include AccessPoint
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
ip route default 192.168.2.1 ISP
ip route 192.168.1.0 255.255.255.0 172.17.17.1 management
ip dhcp pool _WEBADMIN
    enable
!
ip dhcp pool _WEBADMIN_GUEST_AP
    enable
!
ip name-server 8.8.8.8 ""
ip name-server 77.88.8.8 ""
ppe software
ppe hardware
user admin
    password nt 31d6cfe0d16ae931b73c59d7e0c089c0
    tag cli
    tag http
    tag ftp
    tag cifs
    tag printers
!
service dhcp
service dns-proxy
service igmp-proxy
service cifs
service http
service telnet
service ntp-client
service upnp
cifs
    automount
    permissive
!

 

Link to comment
Share on other sites

1 answer to this question

Recommended Posts

  • 0

решил, вот рабочий конфиг:

Скрытый текст

! $$$ Model: ZyXEL Keenetic Giga II
! $$$ Version: 2.06.1
! $$$ Agent: http/ci
! $$$ Last change: Mon,  6 Feb 2017 09:39:58 GMT
! $$$ Md5 checksum: 1242badabfedd537760146808c66090c

system
    set net.ipv4.ip_forward 1
    set net.ipv4.tcp_fin_timeout 30
    set net.ipv4.tcp_keepalive_time 120
    set net.ipv4.netfilter.ip_conntrack_tcp_timeout_established 1200
    set net.ipv4.netfilter.ip_conntrack_max 10240
    set vm.swappiness 100
    clock timezone Europe/Moscow
    clock date  6 Feb 2017 12:40:31
    domainname WORKGROUP
    hostname Keenetic_Giga
!
ntp server 172.17.17.1
isolate-private
dyndns profile _WEBADMIN
!
interface GigabitEthernet0
    up
!
interface GigabitEthernet0/1
    name 1
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/2
    name 2
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/3
    name 3
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/4
    name 4
    switchport mode access
    switchport access vlan 111
    up
!
interface GigabitEthernet0/Vlan1
    description "Home VLAN"
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
interface GigabitEthernet0/Vlan3
    description "Guest VLAN"
    security-level public
    ip address 10.1.30.1 255.255.255.0
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
interface GigabitEthernet0/Vlan102
    security-level public
    ip address 192.168.2.20 255.255.255.0
    ip dhcp client hostname Keenetic_Giga
    ip dhcp client dns-routes
    ip dhcp client name-servers
    ip mtu 1500
    ip global 700
    up
!
interface GigabitEthernet0/0
    name 0
    role inet for GigabitEthernet0/Vlan102
    switchport mode trunk
    switchport trunk vlan 102
    switchport trunk vlan 1000
    switchport trunk vlan 111
    up
!
interface GigabitEthernet0/Vlan111
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
interface GigabitEthernet0/Vlan1000
    name management
    description "management port"
    security-level private
    ip address 172.17.17.40 255.255.255.0
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
interface WifiMaster0
    country-code RU
    compatibility BGN
    up
!
interface WifiMaster0/AccessPoint0
    name AccessPoint
    description "Wi-Fi access point"
    mac access-list type deny
    mac access-list address 9c:b7:0d:4c:b2:cf
    security-level private
    authentication wpa-psk ns3 s7qihf7q3BO1FxvNiDcA7rS8kbrjZdOm4Q+6rM+f/+xJn1XO
    encryption enable
    encryption wpa2
    ip dhcp client dns-routes
    ip dhcp client name-servers
    ssid retro44
    wmm
    up
!
interface WifiMaster0/AccessPoint1
    name GuestWiFi
    description "Guest access point"
    mac access-list type none
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    ssid Guest
    wmm
    down
!
interface WifiMaster0/AccessPoint2
    mac access-list type none
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    down
!
interface WifiMaster0/AccessPoint3
    mac access-list type none
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    down
!
interface WifiMaster0/WifiStation0
    security-level public
    encryption disable
    ip address dhcp
    ip dhcp client dns-routes
    ip dhcp client name-servers
    down
!
interface Bridge0
    name Home
    description "Wi-Fi and Local network"
    inherit GigabitEthernet0/Vlan111
    include AccessPoint
    security-level private
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
interface Bridge1
    name Guest
    description "Guest network"
    include GuestWiFi
    security-level protected
    ip dhcp client dns-routes
    ip dhcp client name-servers
    up
!
ip route 192.168.1.0 255.255.255.0 172.17.17.1 management
ip route default 192.168.2.1 GigabitEthernet0/Vlan102
ip dhcp pool _WEBADMIN_GUEST_AP
    bind Guest
    enable
!
ip name-server 8.8.8.8 ""
ip name-server 77.88.8.8 ""
ip name-server 8.8.8.8 "" on GigabitEthernet0/Vlan102
ip name-server 8.8.4.4 "" on GigabitEthernet0/Vlan102

ip nat Guest
ppe software
ppe hardware

user admin
    password nt 31d6cfe0d16ae931b73c59d7e0c089c0
    tag cli
    tag http
    tag ftp
    tag cifs
    tag printers
!
service dhcp
service dns-proxy
service igmp-proxy
service cifs
service http
service telnet
service ntp-client
service upnp
cifs
    automount
    permissive
!
!

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...