Cisco 877 Router for Internet access to a private and guest LAN?

Unanswered Question
Aug 6th, 2009


Could someone please take a look at the attached configuration and advise me if I can firstly use a Cisco 877 router for the job and secondly point me in the right direction of the config. My goal is to share an existing ADSL connection with LAN1 (existing private LAN and the proposed hotel 'guest' LAN ( Obviously I do not want any kind of connectivity between the private and guest LAN. The router is running C870-ADVSECURITYK9-M Version 12.4(11) and I'm guessing I'll need to upgrade to ADVSERVICES.

The current LAN ( consists of a switched network that plugs into Eth0 on the 877 router. The proposed guest LAN ( will consist of a small switch plugged into Eth1 and DHCP services will be provided locally by the wireless routers out of different areas of the buildings.

The current configuration (slight amendments for security reasons) is attached.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
iyde Fri, 08/07/2009 - 03:01


I believe it should be possible, and also with the feature set you already have in your router.

I would create a new VLAN interface for the guest net and then assign this VLAN to the FastEthernet1 port.

On Vlan 1 I'd make a new ACL102 to match the network and deny the network:

access-list 102 deny ip

access-list 102 permit ip any


interface Vlan1

ip address

ip access-group 102 in

ip nat inside

ip virtual-reassembly

Then for the hotel network:

access-list 103 deny ip

access-list 103 permit ip any

Then on new VLAN (e.g. VLAN 2):

interface Vlan2

ip address

ip access-group 103 in

ip nat inside

ip virtual-reassembly

I have not tried myself to set it up and test it, but it should work. Try it out and see if it does the trick :-)



This Discussion