Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1319
Views
20
Helpful
9
Replies

Questions and recommendation regarding 851W/871W models

Go to solution
ian.kaney
Level 1
Level 1

‎06-13-2008 02:22 PM - edited ‎03-03-2019 10:21 PM

Hi there.

Basically I'm wondering what the best option would be from these two particular units. I'll write what I'm trying to achieve and I'm hoping somebody can point me in the right direction.

I require 2 wireless SSIDs to be broadcast, one for employees (encrypted [WPA2]) and one for public (unencrypted). From this I require two different DHCP scopes to be handed out to each of these and the ability to block traffic from crossing between the two different subnets.

I also require transparent proxy support (requests for HTTP from the public SSID are to be forwarded to a Squid proxy running on a different subnet) and finally 1-1 NAT support so internal addresses given by the DHCP server on the 'public' SSID are translated to addresses on the WAN subnet.

From what I've read and researched it seems that the 851W will perform all of these items however I'm slightly hazy on whether I'd require the 871W to actually broadcast the two different SSIDs.

Any help would be greatly appreciated! Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ian.kaney

‎06-16-2008 09:48 AM

Hi, I have not checked if policy routing is in all the images for the 871, possibly it is.

I never used multiple broadcast'd SSID and I'm not sure of what is doable with the 871.

A properly configured "internal" PC does not need brodcast to connected to the internal SSID/VLAN. Multiple broadcast SSID are more useful for service provider APs carrying multiple network choices for the customer.

Usually customers (wrongly) associate non-broadcast SSID to better security, while in thie case they want all to be broadcast ?

This is why I'm telling that you need to familiarize yourself with the product and possibly with the different image options, to understand what is possible to do and what is not. All proper designs are made like this.

Thanks for the appreciation and good luck!

View solution in original post

0 Helpful
9 Replies 9

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-14-2008 09:56 AM

Hi, for this you need the 871w. The 851 doesn;t support multiple vlan and you have trouble with the multiple SSID that are in fact, mapped to VLANs. Note if you have ADSL is always better to get the 877 with ADSL interface so you can controle the circuit for real.

Hope this helps, please rate post if it does!

Go to solution
ian.kaney
Level 1
Level 1
In response to paolo bevilacqua

‎06-15-2008 08:05 AM

Thanks for the reply. I'm using a connection provided via Ethernet so I assume the 871W is the unit I require?

Will I require the advanced IP upgrade since from what I've read VLANs aren't supported with the default feature set?

0 Helpful

Go to solution
ian.kaney
Level 1
Level 1
In response to paolo bevilacqua

‎06-15-2008 02:44 PM

Ok that's brilliant.

Can I just clarify that I would be able to setup a transparent proxy service utilizing a proxy server on the WAN subnet using this unit?

And finally, the product specs suggest that 'wireless VLANs' are indeed available on the unit with the base IOS image. Would these be sufficient for my requirements? The only connecting machines would be via wireless, the only wired connection would be to the 'WAN' port.

My other thought was that the 'employee' wireless SSID could get their IP from a DHCP scope on the WAN port which from what I read is on a different VLAN to the standard VLAN1 the ports use which the 'public' SSID users could connect to?

If that makes sense?

My apologies for all the questions but I want to be sure I get the right model before I spend the cash... Thank you so much once again.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ian.kaney

‎06-15-2008 04:52 PM

Hi, for transparent proxy you should look at the doc of what you're using, cisco support wccp that is a nice way to do it.

I think you need advance service exactly because you need vlans to map the SSID for internals to something like another dhcp server. You can try anyway with ip base first then upgrade as necessary. It also depepnds how you want the VPN, etc.

Go to solution
ian.kaney
Level 1
Level 1
In response to paolo bevilacqua

‎06-16-2008 09:31 AM

Thank you so much for your help.

I spoke to Cisco live chat and now I'm completely confused. They are now informing me the base 871W image doesn't support static NAT.

WCCP is only on the advanced ip services image and the extra functionality it provides would be lost in the environment I'm using anyway.

Would the 871W allow me to configure a transparent proxy such as (1.2.3.4 is the proxy server on the WAN side):

---

access-list 110 deny tcp host 1.2.3.4 any eq www

access-list 110 permit tcp any any eq www

route-map proxy-redir permit 10

match ip address 110

set ip next-hop 1.2.3.4

---

Thanks once again for this, I'm desperate to go ahead and purchase but the more I investigate, the more I'm getting confused with misinformation.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ian.kaney

‎06-16-2008 09:39 AM

Hi, the nat information you have received is wrong, basic nat is in all images.

The example you made is (incomplete) for what is called policy routing. If you have never worked with cisco before, suggest you do some testing first, for your applications.

As an appreciation for those providing answers, please rate useful posts!

Go to solution
ian.kaney
Level 1
Level 1
In response to paolo bevilacqua

‎06-16-2008 09:42 AM

Thanks for clearing that NAT issue up.

Yeah I was just showing the commands relating to the transparent proxy section, wondering whether these will indeed work on the 871W.

The Cisco person also stated that I can have 10 SSIDs all broadcasting in guest mode? Is this correct because other articles I've read state only 1 SSID is possible to be broadcast?

The 871W seems to allow 2 MBSSIDs though which from the reading of the Cisco site is what I require? 2 SSIDs broadcast (guest mode) which a user can connect to either.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ian.kaney

‎06-16-2008 09:48 AM

Hi, I have not checked if policy routing is in all the images for the 871, possibly it is.

I never used multiple broadcast'd SSID and I'm not sure of what is doable with the 871.

A properly configured "internal" PC does not need brodcast to connected to the internal SSID/VLAN. Multiple broadcast SSID are more useful for service provider APs carrying multiple network choices for the customer.

Usually customers (wrongly) associate non-broadcast SSID to better security, while in thie case they want all to be broadcast ?

This is why I'm telling that you need to familiarize yourself with the product and possibly with the different image options, to understand what is possible to do and what is not. All proper designs are made like this.

Thanks for the appreciation and good luck!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card