Hi again,

Today I am writing again on my blog, and finally some tech stuff is being added, just posted the wireless stuff and how to add extra ssid’s and put them in seperate vlan’s… Now we want the sales and tech department also being deported in different vlans if they login with PPTP from there home. So I took the cisco 870 and configured the following yet again I am not going to explain every detail, the config speaks for itself.


no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
!
hostname ciscovpnbox
!
boot-start-marker
boot-end-marker
!
logging userinfo
logging buffered 51200 debugging
enable secret 5 blabla
enable password 7 blabla
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default local
!
aaa attribute list sales
attribute type addr-pool "sales"
!
aaa attribute list tech
attribute type addr-pool "tech"
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip host-routing
no ip gratuitous-arps
ip cef
!
!
ip dhcp smart-relay
ip dhcp bootp ignore
!
!
no ip bootp server
ip domain name ponne.nu
ip multicast-routing
ip ssh source-interface FastEthernet4
ip ssh version 2
ip address-pool local
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
username techie privilege 15 password 7 bloediebloe
username techie aaa attribute list tech
username salesdude privilege 15 password 7 bladieblu
username salesdude aaa attribute list sales
!
!
!
!
!
!
interface FastEthernet0
switchport trunk allowed vlan 1,2,10,11,1002-1005
switchport mode trunk
spanning-tree portfast
hold-queue 100 out
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address "externalipaddress"
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Vlan10
ip mroute-cache
no keepalive
ppp encrypt mppe auto passive
ppp authentication ms-chap ms-chap-v2
!
interface Virtual-Dot11Radio1
no ip address
!
interface Virtual-Dot11Radio2
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.0.200 255.255.255.0
!
interface Vlan11
ip address 192.168.1.200 255.255.255.0
!
ip local pool tech 192.168.0.201 192.168.0.211
ip local pool sales 192.168.1.201 192.168.1.211
ip classless
ip route 0.0.0.0 0.0.0.0 "ipaddress"
!
!
no ip http server
no ip http secure-server
!
logging trap debugging
logging source-interface FastEthernet4
no cdp run
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 boedoebloek
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

With this you can have those two users login separately from each other in there own vlan how cool is that with a simple VPN box!