Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Cisco 877 Router for Internet access to a private and guest LAN?

Hi,

Could someone please take a look at the attached configuration and advise me if I can firstly use a Cisco 877 router for the job and secondly point me in the right direction of the config. My goal is to share an existing ADSL connection with LAN1 (existing private LAN 10.55.0.0) and the proposed hotel 'guest' LAN (192.168.0.0). Obviously I do not want any kind of connectivity between the private and guest LAN. The router is running C870-ADVSECURITYK9-M Version 12.4(11) and I'm guessing I'll need to upgrade to ADVSERVICES.

The current LAN (10.55.0.0) consists of a switched network that plugs into Eth0 on the 877 router. The proposed guest LAN (192.168.0.0) will consist of a small switch plugged into Eth1 and DHCP services will be provided locally by the wireless routers out of different areas of the buildings.

The current configuration (slight amendments for security reasons) is attached.

Thanks.

1 REPLY
Bronze

Re: Cisco 877 Router for Internet access to a private and guest

Hi.

I believe it should be possible, and also with the feature set you already have in your router.

I would create a new VLAN interface for the guest net and then assign this VLAN to the FastEthernet1 port.

On Vlan 1 I'd make a new ACL102 to match the 10.55.0.0/16 network and deny the 192.168.0.0 network:

access-list 102 deny ip 10.55.0.0 0.0.255.255 192.168.0.0 0.0.255.255

access-list 102 permit ip 10.55.0.0 0.0.255.255 any

!

interface Vlan1

ip address 10.55.254.55 255.255.0.0

ip access-group 102 in

ip nat inside

ip virtual-reassembly

Then for the hotel network:

access-list 103 deny ip 192.168.0.0 0.0.255.255 10.55.0.0 0.0.255.255

access-list 103 permit ip 192.168.0.0 0.0.255.255 any

Then on new VLAN (e.g. VLAN 2):

interface Vlan2

ip address 192.168.0.1 255.255.0.0

ip access-group 103 in

ip nat inside

ip virtual-reassembly

I have not tried myself to set it up and test it, but it should work. Try it out and see if it does the trick :-)

HTH

163
Views
0
Helpful
1
Replies
CreatePlease to create content