Greetings,

I have a large network which consists of a private and public IP block.  I'm attempting to do something a little different.  At a given location I have set up two wireless point to point links.  These wireless links act as a bridge passing "any" traffic.  The IP addresses of the devices are/would be visible on my management private IP block (10.1.0.0/16).  The purpose of the wireless link is to provide a 20meg circuit between two endpoints for a customer.  So I have four wireless radios set up which span the 5 mile links.  My problem is this, how can I keep traffic from this customer (presumably using a 10/172/192 class a/b/c private ip block) on a separate broadcast domain and yet monitor/graph the radios?  Is it possible using only vlan's and access lists or am I going to need a router?  In other words, I want to monitor the radios health and traffic bandwidth from my side and yet keep their network traffic within the circuit (or vlan) isolated.  Sadly, this would all be very easy if the radios had a separate management port rather than inband management.  Any suggestions would be very much appreciated.

Thank you.

HK

What I have so far.  Of course, with the two ports 10 and 11 on a separate vlan (500), the 10.1.254.1-4 ip's are no longer visible to my network as expected.

my network (native vlan1 and vlan2) on a Catalyst 2900XL

my network 10.1.0.0/16 -----                ---- Port10/vl500 --- 10.1.254.2/16 <-> 10.1.254.1/16
                            |--- Switch ---|
my network xx.xx.0.0/18 ----                ---- Port11/vl500 --- 10.1.254.3/16 <-> 10.1.254.4/16

interface FastEthernet0/10
description relay2pudo
switchport access vlan 500
speed 100
duplex full
!
interface FastEthernet0/11
description relay2puhs
switchport access vlan 500
speed 100
duplex full