求助~~~~~【cisco 851w配置问题】

dfy***

前几天淘了台cisco 851w，到手后经过几天的摸索、配置、实验，有线接口现在能正常上网了，但无线接口不能上网，求网友同志给指点指点，谢谢！
说明一下，我非学IT，也非搞IT，更没学过任何网络知识！所以请肯给予指点的同志说点通俗易懂的，别给我说太专业的东东，年龄大了领悟不了.................................

~~~~~~~~~~~~~~~~~~~~

目前配置：
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime 8
!
!
dot11 syslog
!
dot11 ssid cisco851w
   authentication open
   guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.168.1
ip dhcp excluded-address 192.168.7.1 192.168.7.9
ip dhcp excluded-address 192.168.7.101 192.168.7.254
!
ip dhcp pool sdm-pool
   import all
   network 192.168.168.1 255.255.255.0
   default-router 192.168.168.1
   lease 0 2
!
ip dhcp pool sdm-pool1
   dns-server 61.166.150.123
   default-router 192.168.168.1
!
ip dhcp pool sdm-pool3
   network 192.168.7.0 255.255.255.0
   default-router 192.168.7.105
!
!
ip cef
ip domain name yourdomain.com
ip name-server 61.166.150.123
ip ddns update method sdm_ddns1
DDNS both
!
!
!
!
username dfyd privilege 15 password 0 dfyd
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.168.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.168.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet
!
scheduler max-task-time 5000
end
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
有线接口正常，无线接口能配置成产生一个SSID，发出信号，客户端自动获得ip能ping通无线接口的ip，但无法通过wan口去上网！
据说这个坛子里是藏龙卧虎，所以请龙或者虎在不太麻烦的情况下给指点指点，能给我写个配置那我更是感激不尽了！谢谢！

dfy***

求人不如求己！
网络是嘛鸟？有用麽？反正在这里没用！
自己找了cisco的配置手册，好多页全鸟语，正在啃.....................

dfy***

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname retail

!

boot-start-marker

boot-end-marker

!

enable password cisco123

!

username jsomeone password 0 cg6#107X

aaa new-model

!

aaa group server radius rad_eap

        server 10.0.1.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

aaa session-id common

ip subnet-zero

ip cef

!

vpdn enable

        vpdn-group 1

        request-dialin

        protocol pppoe

!

interface dialer 1

        ip address negotiated

        ppp authentication chap

        dialer pool 1

        dialer-group 1

!

dialer-list 1 protocol ip permit

        ip nat inside source list 1 interface dialer 0 overload

        ip classless (default)

        ip route 10.10.25.2 0.255.255.255 dialer 0

!

ip dhcp excluded-address 10.0.1.1 10.0.1.10

ip dhcp excluded-address 10.0.2.1 10.0.2.10

ip dhcp excluded-address 10.0.3.1 10.0.3.10

!

ip dhcp pool vlan1

   network 10.0.1.0 255.255.255.0

   default-router 10.0.1.1

!

ip dhcp pool vlan2

   network 10.0.2.0 255.255.255.0

   default-router 10.0.2.1

!

ip dhcp pool vlan3

   network 10.0.3.0 255.255.255.0

   default-router 10.0.3.1

!

ip ips po max-events 100

no ftp-server write-enable

!

bridge irb

!

interface FastEthernet0

        no ip address

!

interface FastEthernet1

        no ip address

!

interface FastEthernet2

        no ip address

!

interface FastEthernet3

        switchport mode trunk

        no ip address

!

interface FastEthernet4

        ip address 192.168.12.2 255.255.255.0

        no ip directed-broadcast (default)

        speed auto

        ip nat outside

        ip access-group 103 in

        no cdp enable

        crypto ipsec client ezvirtual** ezvirtual**client outside

        crypto map static-map

!

crypto isakmp policy 1

        encryption 3des

        authentication pre-share

        group 2

        lifetime 480

!

crypto isakmp client configuration group rtr-remote

        key secret-password

        dns 10.50.10.1 10.60.10.1

        domain company.com

        pool dynpool

!

crypto ipsec transform-set virtual**1 esp-3des esp-sha-hmac

!

crypto ipsec security-association lifetime seconds 86400

!

crypto dynamic-map dynmap 1

        set transform-set virtual**1

        reverse-route

!

crypto map static-map 1 ipsec-isakmp dynamic dynmap

crypto map dynmap isakmp authorization list rtr-remote

crypto map dynmap client configuration address respond


crypto ipsec client ezvirtual** ezvirtual**client

        connect auto

        group 2 key secret-password

        mode client

        peer 192.168.100.1

!

interface Dot11Radio0

        no ip address

        !

        broadcast-key vlan 1 change 45

        !

        encryption vlan 1 mode ciphers tkip

        !

        ssid cisco

                   vlan 1

                 authentication open

                 authentication network-eap eap_methods

                 authentication key-management wpa optional

        !

        ssid ciscowep

                vlan 2

                authentication open

                !

        ssid ciscowpa

                vlan 3

                authentication open

        !

        speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

        rts threshold 2312

        power local cck 50

        power local ofdm 30

        channel 2462

        station-role root

!

interface Dot11Radio0.1

        description Cisco Open

        encapsulation dot1Q 1 native

        no cdp enable

        bridge-group 1

        bridge-group 1 subscriber-loop-control

        bridge-group 1 spanning-disabled

        bridge-group 1 block-unknown-source

        no bridge-group 1 source-learning

        no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.2

        encapsulation dot1Q 2

        bridge-group 2

        bridge-group 2 subscriber-loop-control

        bridge-group 2 spanning-disabled

        bridge-group 2 block-unknown-source

        no bridge-group 2 source-learning

        no bridge-group 2 unicast-flooding

!

interface Dot11Radio0.3

        encapsulation dot1Q 3

        bridge-group 3

        bridge-group 3 subscriber-loop-control

        bridge-group 3 spanning-disabled

        bridge-group 3 block-unknown-source

        no bridge-group 3 source-learning

        no bridge-group 3 unicast-flooding

!

interface Vlan1

        no ip address

        no ip directed-broadcast (default)

        ip nat inside

        crypto ipsec client ezvirtual** ezvirtual**client inside

        ip inspect firewall in

        no cdp enable

        bridge-group 1

        bridge-group 1 spanning-disabled

!

interface Vlan2

        no ip address

        bridge-group 2

        bridge-group 2 spanning-disabled

!

interface Vlan3

        no ip address

        bridge-group 3

        bridge-group 3 spanning-disabled

!

interface BVI1

        ip address 10.0.1.1 255.255.255.0

!

interface BVI2

        ip address 10.0.2.1 255.255.255.0

!

interface BVI3

        ip address 10.0.3.1 255.255.255.0

!

ip classless

!

ip http server

no ip http secure-server

!

radius-server local

        nas 10.0.1.1 key 0 cisco123

        group rad_eap

!

user jsomeone nthash 7 0529575803696F2C492143375828267C7A760E1113734624452725707C010B065B

user AMER\jsomeone nthash 7
0224550C29232E041C6A5D3C5633305D5D560C09027966167137233026580E0B0D

!

radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 key cisco123

!

control-plane

!

bridge 1 route ip

bridge 2 route ip

bridge 3 route ip

!

ip inspect name firewall tcp       

ip inspect name firewall udp

ip inspect name firewall rtsp

ip inspect name firewall h323

ip inspect name firewall netshow

ip inspect name firewall ftp

ip inspect name firewall sqlnet

!

access-list 103 permit udp host 200.1.1.1 any eq isakmp

access-list 103 permit udp host 200.1.1.1 eq isakmp any

access-list 103 permit esp host 200.1.1.1 any

access-list 103 permit icmp any any

access-list 103 deny ip any any

access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255

no cdp run

!

line con 0

        password cisco123

        no modem enable

        transport preferred all

        transport output all

line aux 0

        transport preferred all

        transport output all

line vty 0 4

        password cisco123

        transport preferred all

        transport input all

        transport output all

!

dfy***

!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c851w
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$40/S$8hx8octAl9B1pRPwb0U8.0
!
no aaa new-model
clock timezone gmt 8
!
!
dot11 association mac-list 700
dot11 syslog
!
dot11 ssid c851
   authentication open
   guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.55.1
!
ip dhcp pool sdm-pool1
   network 192.168.55.0 255.255.255.0
   dns-server 61.166.150.123 8.8.8.8
   default-router 192.168.55.1
!
!
ip cef
ip name-server 8.8.8.8
ip ddns update method sdm_ddns1
DDNS both
!
!
!
!
username ***** privilege 15 password 0 *********
!
!
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip dhcp client update dns server none
ip ddns update hostname c851w.www.c851w.com
ip ddns update sdm_ddns1
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid c851
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface BVI1
ip address 192.168.55.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.55.0 0.0.0.255
access-list 700 permit c884.a0da.2b08   2552.5525.5000
access-list 700 permit 0021.001a.a525   2552.5525.5000
access-list 700 permit 0001.8a52.0d03   2552.5525.5000
access-list 700 deny   0000.0000.0000   ffff.ffff.ffff
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
scheduler max-task-time 5000
sntp server 210.72.145.44
end
{:soso_e113:}{:soso_e113:}

QQ285***

玩命令行的，应该找51CTO 那里是组织。帮你找了一个参考 。
http://bbs.51cto.com/thread-615559-1.html

dfy***

谢谢啦！
也到51CTO逛过，没找到想看的内容！
不过现在好了，我基本上能搞了。看我前边贴出来的配置............