Discussions

SSH2 Access to Cisco 851w

+
0 Votes
Locked

SSH2 Access to Cisco 851w

tmccas
Hello, I am having trouble accessing my Cisco 851w using ssh2 and believe it may be related to access lists but am not sure. Listed below is my config. Anu help would be appreciated. Thanks

Lab-192#sh run
Building configuration...

Current configuration : 5603 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Lab-192
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.151
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool Internal-net
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name mccasland5.local
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
lease 4
!
!
ip cef
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ip domain lookup
ip domain name mccasland5.local
ip ssh time-out 60
ip ssh version 2
!
!
crypto pki trustpoint TP-self-signed-3781702872
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3781702872
revocation-check none
rsakeypair TP-self-signed-3781702872
!
!
crypto pki certificate chain TP-self-signed-3781702872
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373831 37303238 3732301E 170D3032 30343034 32333536
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37383137
30323837 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AACF 7E62C78E 427D5386 E92EB2E3 B5B7BEA3 5FF08E13 70A22BA8 2DA7F2F4
22151522 530FA0E3 CBBB5BBE 7AFE3B0E 4A2462AD F07578BE 1D4130E7 92FDCF9A
DB606948 8F71E976 2DDBF717 6DFEF715 D816B334 E1B714E8 CD423954 A5C0383F
5DA4BB7B 6FB6F5D2 FC2F80A9 85E30EA7 1733020A 66180E1F BF06544E A1E4DC11
56570203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 140AE96C 1857FD1C 2E690683 93A4A262 57DAB81A
16301D06 03551D0E 04160414 0AE96C18 57FD1C2E 69068393 A4A26257 DAB81A16
300D0609 2A864886 F70D0101 04050003 818100A1 CAC9A81E A6BC87AB 6514D797
AA930D27 5645F19B 47168FE4 D42388DE C9B73885 845AD185 89A2814F D6BE3E8C
BB9DF46D 0526826D C6A33C31 F2DA8944 28761F26 5507FDB0 72E97E7A 956CFF35
88468681 A0C98B25 B495121C E7B80588 7CF2CE25 9B37FDAA A3E99E97 C664354B
46AE97C0 F874F9D0 85CB1714 C3C56CAB 9D1F5A
quit
username tmccasland privilege 15 secret 5 $1$NFGg$oYyZfrSvHNduKg68O4Osk1
username administrator privilege 15 secret 5 $1$0qSn$67H9qo7DJuu3f0CM9XIjV1
!
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
ip address dhcp
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 40bit 7 697765791EAF transmit-key
encryption mode ciphers tkip wep40
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid PubWiFi
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 087918195B4B5640415355
!
ssid SecWiFi
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 1241514040595F5379737D
!
world-mode dot11d country US indoor
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN - routed WLAN
encapsulation dot1Q 20
ip access-group Guest-ACL in
ip inspect MYFW out
no snmp trap link-status
no cdp enable
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended Guest-ACL
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 route ip
banner login ^C
***********************
Unauthorized access is forbidden
***********************^C
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 070D2D4D4D024D3732
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
end