Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Connect a wifi router to my management vlan

Is it enough to set the default gateway for the DHCP clients in the wifi router to the gateway for the management VLAN? and to configure the port connected to the wifi router as a access port for the management vlan? The SVI for the management VLAN is also defined in the switch.

And finally, should I connect the wifi-router using its switchport or its "Internet" port?

  • Getting Started with LANs
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Connect a wifi router to my management vlan

Dear Atle ,

               As our cisco ES4200 perform PATing for internal connected wireless client , i have given example internet access here .

Please clarify here what do you mean by management access over here , Management access or control normaly meant for connecting to ES4200 through GUI . In our scenario u can connect to ES4200 through internet port IP address http:10.10.10.10

On other side or LAN side of ES 4200 any wirless client connecting to this ES4200 will be PATed to IP 10.10.10.10 because your ES4200 is Wirless NAT router which perform NATing  by default .

It upto what level access you have given for 10.10.10.0/24 subnet in your L3 switch . you can permit to internet or only for your LAN Access

HTH

Thks

Santhosh Sarav

HTH Regards Santhosh Saravanan
12 REPLIES
New Member

Connect a wifi router to my management vlan

I guess you want to setup a wifi for connecting management hosts, so if your wifi router does not support VLAN, then you cannot connect it to the switch trunk port and you need to connect it to the switchh access port assifn to management VLAN. in this situation every host that connect to wifi will be in mangement VLAN and if you set DHCP default gateway of hosts to management VLAN gateway, and intervlan routing is enabled,then hosts can connect to out of management VLAN.

New Member

Connect a wifi router to my management vlan

Dear Atle ,

                  Could you please let me know wht is the model of wireless router , why you configure default gateway of management VLAN for your DHCP client .  I guess u want to acess your wireless router via your management VLAN .

Kindly let me know on this .

Thanks

Santhosh Sarav

HTH Regards Santhosh Saravanan
New Member

Connect a wifi router to my management vlan

It is a Cisco E4200.

Yes, I just want the wireless clients to be able to access the management vlan only. No other vlan necessarry.

However, will DNS work? The DNs server is on a Windows VM on a different subnet and VLAN.

This is a Layer-3 Cisco switch. If I have setup a SVI for this other subnet (and the management subnet), will the DNSlookup packets find its way to the DNS server, or did I forget something?

New Member

Connect a wifi router to my management vlan

you can define DNS server in DHCP and hosts will learn DNS server IP address through that, DNS packets use ip protocol for connecting to DNS server,so if hosts learn DNS server IP and they can send packet to ohter VLANs (you should enable inter VLAN routing on L3 switch), then you will connect to DNS

New Member

Connect a wifi router to my management vlan

Dear Atle ,

         Cisco E4200 is a wireless NAT router which perform by default Nating for internal LAN network or to connected wireless client , Over here you need to connect port from your Layer 3 switch to your internet port of Cisco E4200 wifi router (WAN port) .

For example

if you have created SVI on your layer 3 switch

int vlan 10

ip address 10.10.10.1 255.255.255.0

int fast eth 0/1

description ****connected to Wireless router****

switchport mode access

Switchport access vlan 10

---------------------------------------------------

On your E4200 wireless router

assign static IP address for your internet interface , (under management control , you can limit the subnet from where u want to access)

IP address 10.10.10.10

Subnet Mask : 255.255.255.0

Gw : 10.10.10.1 ( SVI interface of L3 switch)

DNS server  = your own defined DNS server on your LAN ( eg 20.20.20.20 which is another SVI VLAN in your layer 3 switch)

on LAN SUBNET you can assign any network range 192.168.1.0 , under DHCP u can define your SCOPE details for eg 192.168.1.20 - 192.168.1.254 , check on your DHCP scope u can assign your DNS server if you can , again u can say 20.20.20.20 .

Whenever your wireless client want to access to internet they will get PATing to 10.10.10.10 , which is nothing but your internet port of ES4200 .

Your ES4200 will pass all traffic to your L3 SVI interface , which is gateway for that router . Again on your network u should have permitted internet for 10.10.10./0 range ...

Over here we are doing double PATing

192.168.1.10 - 254 -----> 10.10.10.10

again from

10.10.10.10 ----> public IP on your firewall or router

All wireless traffic will be carried only from this single Source IP Address 10.10.10.10

HTH Regards Santhosh Saravanan
New Member

Connect a wifi router to my management vlan

hi. Thanks for your answer. I have just 1 question more:

1. What should be the default gateway for the wireless clients? .1 or .10? I assumme .10?

New Member

Connect a wifi router to my management vlan

Dear Atle ,

          Though u are creating DHCP scope on cisco E4200 ,  LAN interface of ES4200  is assigned with another network range in our example we have used 192.168.1.0/24 . The LAN interface IP address 192.168.1.1 and this is gateway address for wireless client .

This complete 192.168.1.0/24 will be PATed to IP address of 10.10.10.10, your L3 switch will see traffic only from one IP address that is 10.10.10.10.

Only for ES 4200 the gateway address 10.10.10.1not for wirless client .

To avoid your wireless client accessing your internal network u can define access list on your ES4200 denying access to all Subnet of internal network , only allowing internet access .

HTH

Thks

Santhosh Sarav

HTH Regards Santhosh Saravanan
New Member

Connect a wifi router to my management vlan

Hi Santhoshkumar,

You have in all your replies assumed I also want internet access. I do not need this. Just management access. Is anything going to change in what you have said for the setup?

New Member

Connect a wifi router to my management vlan

Dear Atle ,

               As our cisco ES4200 perform PATing for internal connected wireless client , i have given example internet access here .

Please clarify here what do you mean by management access over here , Management access or control normaly meant for connecting to ES4200 through GUI . In our scenario u can connect to ES4200 through internet port IP address http:10.10.10.10

On other side or LAN side of ES 4200 any wirless client connecting to this ES4200 will be PATed to IP 10.10.10.10 because your ES4200 is Wirless NAT router which perform NATing  by default .

It upto what level access you have given for 10.10.10.0/24 subnet in your L3 switch . you can permit to internet or only for your LAN Access

HTH

Thks

Santhosh Sarav

HTH Regards Santhosh Saravanan
1861
Views
5
Helpful
12
Replies