So here is the proposed build, this is for my home network but I like to tinker a lot and I'm working towards my CCNP Security so some practical experience with ZBFW and ACLs can't hurt.
Originally I was using the 881w as my mine device for my house providing wireless to my wireless clients and also to my desktop wired into it directly. I was using the CBAC on it which was doing ok but the wireless was having issues due to multiple neighbors having wifi as well and the 2.4 band was very congested.
To remedy the issue I picked up a new Asus RT-AC68R which has been a tremendous consumer grade router/wifi with 5ghz but the 881w was a lot of money so I'd like to find a use for it, hence the ZBF on it.
My first question would be how do I go about setting up the 881 with the wireless disabled. My cable modem is in bridged mode so it will assign a dynamic IP to fa4 on the 881 but then how would I configure the Asus. Just disable the dhcp and spi firewall on it and bridge it as well? Or do I configure dhcp server on the 881 and plug the internet port on the Asus to the 881 and have it pull an ip from the 881? I feel like that might be sloppy since I would be in essence running 2 routers, the 881 would be routing/natting between the internet and the asus and the asus would be routing/natting between the 'internet' as it saw it but would really be the private ip assigned by the 881 and the wireless network it was serving.
What you could do is put the Asus in AP mode where it will only act as an AP. I have an older Asus wi-fi router that allows for that configuration.
You could then create a wireless network, a wired network, etc. and use the ZBF to control traffic between the 2 internal networks for your studies and then once you've completed your studies then put both networks in the inside zone of the ZBF for simplicity. (Your choice, I personally keep my wired and wireless separate in my home network)
You could then run DHCP on the 881w for both your wired and wireless networks.
That's what I was thinking but the issue is if the wifi and wired network are on seperate networks I'm gonna have to do routing so my ipad can talk to my tivo and my sonos play 5 can talk to the bridge. Are you routing betweeny your wireless and wired?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :