I have a Cisco 881-W router with a built in access point.
The Fa4 WAN interface connects to the provider on a pubic /30 point-to-point.
The Fa0-3 LAN interfaces and the built in wireless access-point service an internal 192.168.1.0/24 network through DHCP.
I am looking to verify the correct template for getting this to work.
Specifically, I want any device connecting on the LAN ports or through wireless to get an IP in the range of 192.168.1.0/24 and go through PAT on the public WAN interface when it communicates to the internet.
The template I have is as follow (with significant config output omitted for brevity):
ROUTER CONFIG ! hostname ROUTER1 ! ...
! ip dhcp excluded-address 192.168.1.1 192.168.1.2 ! ip dhcp pool DHCP_POOL network 192.168.1.0 255.255.255.0 dns-server 188.8.131.52 default-router 192.168.1.1 !
... ! interface FastEthernet0 description Customer LAN no ip address ! interface FastEthernet4 description WAN-LINK no shut ip address $PUBLIC-RANGE-B-END$ 255.255.255.252 ip nat outside ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP switchport mode trunk no ip address ! interface wlan-ap0 description Wireless AP ip unnumbered Vlan1 ! interface Vlan1 ip address 192.168.1.1 ip nat inside ! .... ! ip route 0.0.0.0 0.0.0.0 $PUBLIC-RANGE-A-END$ ! ! ip nat inside source list 50 interface FastEthernet4 overload ! access-list 50 permit 192.168.1.0 0.0.0.255
ACCESS POINT CONFIG (gain access to to AP by using "service wlan-ap 0 session" CLI command) hostname ROUTER1-ACCESS-POINT ! ! dot11 ssid $SSID-NAME$ authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 0 $SSID-PASSWORD$ ! interface Dot11Radio0 no ip address no ip route-cache no shut ! encryption mode ciphers tkip ! ssid $SSID-NAME$ ! ... ! interface GigabitEthernet0 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router no shut no ip address bridge-group 1 ... ! interface BVI1 ip address 192.168.1.2 255.255.255.0 no ip route-cache no shut ! ip default-gateway 192.168.1.1
Can someone verify for me that this general template is correct? I am not sure if I need an ip nat inside command on the Access-point - I have tried to enter the command under BVI1 but the command does not seem to exist. Perhaps I need to put it under wlan-ap0 on the router config?
Wireless users are getting a DHCP IP but I need to make sure they can gain internet access as well.
If there is specific output that I have left out that you would like me to add let me know and I can add the whole config.
Thanks for that. I will be able to test this tomorrow.
Just to confirm though, you are suggesting I change the encryption to aes-ccm because it is a stronger encryption, not because it will have any affect on PAT and routing functionality of the setup - correct?
Answers like yours are pretty much worthless. He is asking for advice on if the template is correct. What would actually be helpful is if you told him(us) which interface was the correct one for ip nat outside.
From what I see it is on the correct interface.
interface FastEthernet4 description WAN-LINK no shut ip address $PUBLIC-RANGE-B-END$ 255.255.255.252 ip nat outside !