Cisco851W - LAN and AP access

bob.forster · ‎05-25-2006

Does anyone know of a config example for LAN (VLAN1) off F0-3 plus AP Wireless Access on a Cisco851W?

Thanks,

Bob

a.hajhamad · ‎05-25-2006

Hi Bob,

Do you mean that you want to use the same ip address for LAN and wireless access? i.e. both will use the same G.W?

Abd Alqader

bob.forster · ‎05-26-2006

Yes.

VLAN1 is setup for the F0-F3 ports for wired LAN.

I want the DOT10 interface for wireless users, using the same subnet as the wired LAN users.

I cannot see an example of this?

Thanks,

Bob

zhenningx · ‎05-26-2006

My configuration worked:

ip dhcp excluded-address 172.16.250.1

!

ip dhcp pool TEST

import all

network 172.16.250.0 255.255.255.0

default-router 172.16.250.1

dns-server *.*.*.*

!

ip cef

no ftp-server write-enable

!

bridge irb

!

interface FastEthernet4

description $ES_WAN$

ip address dhcp client-id FastEthernet4

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dot11Radio0

no ip address

!

encryption vlan 1 mode ciphers tkip

!

ssid 111

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 0 Cisco1234

!

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 172.16.250.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip classless

!

no ip http server

ip http secure-server

ip nat inside source list 100 interface FastEthernet4 overload

!

access-list 100 remark SDM_ACL Category=2

access-list 100 permit ip 172.16.250.0 0.0.0.255 any

!

control-plane

!

bridge 1 route ip

!

a.hajhamad · ‎05-26-2006

You have to enable bridging between these two logical and physical interfaces as follows:

bridge irb

!

bridge 1 protocol ieee

bridge 1 route ip

!

interface Dot11Radio0

no ip address

bridge-group 1

!

interface Vlan1

no ip address

bridge-group 1

!

Afterthat, a new virtual interface created "BVI1".

at this point, you can access this interface and assign an IP address to be the G.W for both VLAN1 and dot11 interfaces.

Hope this helpful

please rate if does!

Abd Alqader

bob.forster · ‎05-26-2006

Ahhhh...

So you need to do a sub-interface on the DOT1??

TAC never mentioned this?

Is this only if you want more SSID's for later?

Thanks,

Bob

a.hajhamad · ‎05-27-2006

No, This config. is to let the two interfaces appear as one interfaces "BVI". You don't need to do a sub-interfaces for bridging.

No, This config to bridge the two interfaces into logical interface, not for multiple SSID.

Abd Alqader

bob.forster · ‎05-29-2006

Thanks.

Working on an issue now were the NAT translation

stops working when the VLAN 1 has Bridge-group 1

applied and BVI has the IP addrress.

Cisco871 has:

IPSEC/GRE VPN Tunnel to H.O. Cisco2821

VPN Client Access thru Cisco871

IP NAT(PAT) for local browsing

IOS Firewall (Outbound F4)

Wired LAN Access (VLAN 1-F0-3) for PC's

Wireless AP access for local laptops

Bob

Stephen Rodriguez · ‎06-09-2006

make sure that the BVI interface has the ip nat inside command, and not the VLAN interface. Also make sure that the VLAN doesn't have the crypto commands, those need to be on the BVI as well.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered