PPPoE и WiFi на cisco 871w

Такой вот конфиг на память...

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c871w
!
boot-start-marker
boot-end-marker
!
enable secret 5 ***********
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
!
!
!
dot11 ssid wifi
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 ***********
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.220.1 192.168.220.100
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool DCHP-POOL-1
import all
network 192.168.220.0 255.255.255.0
default-router 192.168.220.1
netbios-name-server 192.168.100.254
dns-server 192.168.220.1
lease 0 1
!
ip dhcp pool DCHP-POOL-WiFi
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1
lease 0 1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name test.ru
!
!
!
username admin privilege 15 secret 5 ***********
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key *********** address 1.1.1.1 no-xauth
crypto isakmp key *********** address 2.2.2.2 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
crypto isakmp xauth timeout 90

!
!
crypto ipsec transform-set T2 esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile P2
set transform-set T2
!
!
archive
log config
hidekeys
!
!
ip ssh maxstartups 5
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
interface Tunnel0
ip address 192.168.10.22 255.255.255.252
ip mtu 1250
ip tcp adjust-mss 1100
tunnel source 3.3.3.3
tunnel destination 2.2.2.2
tunnel protection ipsec profile P2
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
encryption vlan 10 mode ciphers tkip
!
broadcast-key change 60
!
!
ssid wifi
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.10
encapsulation dot1Q 10 native
ip address 10.10.10.1 255.255.255.0
ip access-group Deny-Our-Net-From-Wi-Fi in
ip nat inside
ip virtual-reassembly
rate-limit input 512000 8000 8000 conform-action transmit exceed-action drop
rate-limit output 512000 8000 8000 conform-action transmit exceed-action drop
ip tcp adjust-mss 1400
no cdp enable
!
interface Vlan1
description LAN
ip address 192.168.220.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1400
!
interface Dialer0
ip address negotiated
ip access-group From-INTERNET in
ip mtu 1450
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pukulya
ppp chap password 0 toshibaa
ppp ipcp dns accept
!
router rip
version 2
passive-interface default
no passive-interface Tunnel0
network 192.168.10.0
network 192.168.220.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-cache timeout active 5
ip flow-export source Tunnel0
ip flow-export version 5
ip flow-export destination 192.168.100.242 9999
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source route-map nonat interface Dialer0 overload
!
ip access-list standard SNMP_ACCESS
permit 192.168.100.241
!
ip access-list extended Deny-Our-Net-From-Wi-Fi
deny ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended FOR-NAT-ACL
permit ip 192.168.220.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended From-INTERNET
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 255.255.255.255 any
deny ip host 0.0.0.0 any
deny udp any any eq 5060
deny tcp any any eq 5060
deny tcp any any eq 2000
deny udp any any eq 1720
deny tcp any any eq 1720
permit ip any any
!
logging origin-id hostname
logging server-arp
logging 192.168.100.241
snmp-server community public RO SNMP_ACCESS
snmp-server ifindex persist
snmp-server location ARCH-1
snmp-server contact admin@test.ru
snmp-server chassis-id c871w
snmp-server host 192.168.100.241 public
no cdp run
!
!
route-map nonat permit 10
match ip address FOR-NAT-ACL
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input ssh
!
scheduler max-task-time 5000
ntp clock-period 17175124
ntp master
ntp server 213.41.245.21
ntp server 216.58.31.84
ntp server 216.52.237.153
end