Easy networking question for the Vets..

Unanswered Question
Apr 3rd, 2009
User Badges:

I'm setting up 100 wireless laptops for my company's convention like so:

Cisco1720 Router >3COM switch> Cisco1200AP> wirelessClient.


the router is providing DHCP + NATing 1 pool of addresses (10.1.1.10- 100) out 1 eth0 WAN interface. I want to add a 2nd 1200AP to provide wireless for ~60 attendees but i'd prefer a 2nd DHCP pool w/ short lease and NAT those out same eth0 Wan interface. WHAT would be the easiest way to accomplish? if i create a 2nd pool/network on the router, say 10.1.99.1- 100

can i NAT those out the same interface. OR do i have to create VLANs? THANKS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 04/03/2009 - 15:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"can i NAT those out the same interface. How? THANKS"


Sure you can, just add it to the existing acl you use for NAT ie. lets say your existing pool is 192.168.5.0/24


you should have something like this on your 1720


access-list 101 permit ip 192.168.5.0 0.0.0.255


ip nat inside source list 101 interface eth0 overload


so just add your new pool to acl 101


Jon


fkleininger Fri, 04/03/2009 - 16:04
User Badges:

ok so here's my config:

I create a 2nd pool, and add those 2 statments and then i have to set my 2nd AP to use those addreses? i'm confusing myself :)

thanks


rsion 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname icaferouter

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$mm9l$73KJh6BcukJSDLg2s2TZ8/

!

clock timezone est -5

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

!

ip dhcp excluded-address 10.1.1.1 10.1.1.10

!

ip dhcp pool icafe

network 10.1.1.0 255.255.255.0

default-router 10.1.1.1

dns-server 1.1.1.1

lease 10

!

ip flow-cache timeout active 1

no ip domain lookup

ip name-server 205.171.2.65

no ftp-server write-enable

!

!

!

!

interface Ethernet0

ip address 71.216.212.235 255.255.255.248

ip nat outside

ip route-cache flow

shutdown

half-duplex

!

interface FastEthernet0

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip route-cache flow

speed 100

full-duplex

!

ip nat inside source list 1 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 71.216.212.238

no ip http server

!

access-list 1 permit 10.0.0.0 0.255.255.255

Jon Marshall Fri, 04/03/2009 - 16:12
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Actually you don't need to add anything because your acl


access-list 1 permit 10.0.0.0 0.255.255.255


covers the new pool of addresses you want to add. But which interface will these addresses come in on because fa0 is in the 10.1.1.x network ?


Do you have another interface or are you going to add a secondary address to fa0 ie.


int fa0

ip address 10.1.99.1 255.255.255.0 secondary


Jon

fkleininger Fri, 04/03/2009 - 16:15
User Badges:

no additional fa0 int, so i can create a secondary ip with that statment above?

Jon Marshall Fri, 04/03/2009 - 16:19
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes you can.

fkleininger Fri, 04/03/2009 - 17:02
User Badges:

Hummmm, still not getting an IP in the x.x.99.x range


am i missing something???



++++++++++++++++++++++++++++++++++++++++++++++++++++++++AP CONFIG ++++++++++++++++++++++

enable secret 5 $1$jD8w$xwAvtjhSeMvtpuqZE1mjK.

!

username Cisco password 7 0802455D0A16

ip subnet-zero

ip dhcp excluded-address 10.1.1.1 10.1.1.100

!

dot11 network-map

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid aacrfreenet

guest-mode

!

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

rts threshold 2312

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

ip address 10.1.99.2 255.255.255.0

no ip route-cache

speed 100

full-duplex

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.1.99.3 255.255.255.0

no ip route-cache

!

ip default-gateway 10.1.99.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

ip radius source-interface BVI1

bridge 1 route ip

!

!++++++++++++++++++++++++++++++++++ROUTER CONFIG ++++++++++++++


nable secret 5 $1$mm9l$73KJh6BcukJSDLg2s2TZ8/

!

clock timezone est -5

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

!

ip dhcp excluded-address 10.1.1.1 10.1.1.10

!

ip dhcp pool icafe

network 10.1.1.0 255.255.255.0

default-router 10.1.1.1

dns-server 1.1.1.1

lease 10

!

ip dhcp pool Freenet

network 10.1.99.0 255.255.255.0

default-router 10.1.99.1

lease 0 0 8

!

ip flow-cache timeout active 1

no ip domain lookup

ip name-server 205.171.2.65

no ftp-server write-enable

!

!

!

!

interface Ethernet0

ip address 71.216.212.235 255.255.255.248

ip nat outside

ip route-cache flow

shutdown

half-duplex

!

interface FastEthernet0

ip address 10.1.99.1 255.255.255.0 secondary

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip route-cache flow

speed 100

full-duplex

!

ip nat inside source list 1 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 71.216.212.238

ip flow-export source FastEthernet0

ip flow-export version 5

ip flow-export destination 71.216.212.236 9997

no ip http server

!

access-list 1 permit 10.0.0.0 0.255.255.255

snmp-server community aacr RW

fkleininger Fri, 04/03/2009 - 17:42
User Badges:

i can connect, i just dont get an IP from the DHCP pool x.x.99.x,, i get a 10.1.1.x ip

Leo Laohoo Fri, 04/03/2009 - 18:02
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

"username Cisco password 7 0802455D0A16" < --- I know this is not related, but next time, remove this and other password-related line. It may be secure and safe in the router but over the net, it doensn't matter if the password is "Cisco". :)

fkleininger Fri, 04/03/2009 - 18:57
User Badges:

aahhhgggg!



r 13 18:22:16.255: DHCPD: DHCPRELEASE message received from client 0100.16ce.77b0.83 (10.1.1.11).

icaferouter#

Apr 13 18:22:34.207: DHCPD: DHCPREQUEST received from client 0100.16ce.77b0.83.

Apr 13 18:22:34.207: DHCPD: client has moved to a new subnet.

Apr 13 18:22:34.207: DHCPD: Sending DHCPNAK to client 0100.16ce.77b0.83.

Apr 13 18:22:34.211: DHCPD: broadcasting BOOTREPLY to client 0016.ce77.b083.

icaferouter#

Apr 13 18:22:35.255: DHCPD: DHCPDISCOVER received from client 0100.16ce.77b0.83 on interface FastEthernet0.

icaferouter#

Apr 13 18:22:37.255: DHCPD: Sending DHCPOFFER to client 0100.16ce.77b0.83 (10.1.1.13).

Apr 13 18:22:37.255: DHCPD: creating ARP entry (10.1.1.13, 0016.ce77.b083).

Apr 13 18:22:37.255: DHCPD: unicasting BOOTREPLY to client 0016.ce77.b083 (10.1.1.13).

Apr 13 18:22:37.343: DHCPD: DHCPREQUEST received from client 0100.16ce.77b0.83.

Apr 13 18:22:37.343: DHCPD: Sending DHCPACK to client 0100.16ce.77b0.83 (10.1.1.13).

Apr 13 18:22:37.343: DHCPD: creating ARP entry (10.1.1.13, 0016.ce77.b083).

Apr 13 18:22:37.343: DHCPD: unicasting BOOTREPLY to client 0016.ce77.b083 (10.1.1.13).

icaferouter#

icaferouter#

Actions

This Discussion