I'm looking for a solution where I can have 2 subnets on 2 vlans and route between each other with ACL applied. From the docs, I can't tell if I can bridge a SSID to each vlan or not.
The scenario is that, I need to have 1 vlan for internal network, 1 vlan for guests, each with a wireless lan bridged to them. ACLs to be applied on the guest vlan to restrict access to the internal vlan.
On top of that, I'd need to have VPN access from wan (both site to site and teleworker)/
Can this be done with a WRVS4400N, or do I need a SA 520W to all acomplish this?
As long as your WRVS is a hardware version 2, you can do this with no problem. As to wether you need a SA5XX or not, that would depend on how many users you have and what are your network requirements.
To set up two SSIDs (public and private) do the following:
create another VLAN on the router
enable multiple SSIDs
then enable VLAN for the wireless network and assign the appropriate VLAN ID (number)
then disable "inter-vlan" routing (since you do want the public WiFi to access your internal network)
and you are done
This will work as long as the DHCP server is enabled on the WRVS. Hope that answered your question.
For VPN, you can use QVPN software that comes with the router. Just install software on the client, create users on the router and have them connect when they are remote. One thing to note is that, if your router is still on the default IP of 192.168.1.1, you may want to change that to something very different. Most people with home routers will also have the same IP which will keep QVPN from connecting. This is beacause that software creates an IPSec tunnel, and both sides of the tunnel must have different network IP addresses.
For gateway to gateway, just create the tunnel and make sure you have the same settings on both sides. The new v2 WRVS routers are pretty solid and it should be able to meet your needs; so long as you are not talking about 200 users wanting to connect VPN and local.
Thanks! The info is very helpful. We only have less than 10 users, so I don't think performace would be an issue.
One point about the DHCP server: is it possible to run 2 scopes - private and public, with different DNS options? I have internal DNS servers that users must use, but I wouldnt want guests to use our internal DNS servers. Is this possible on WRVS?
Also, how do I know if an WRVS4400N is V2 or not? Is it indicated clearly outside the box?
When you enable VLANs on the router it will create multiple DHCP scopes. One for each VLAN.
On each scope you can apply its own DNS information, so yes, you can point the private to your DNS server and the public to the cloud. I would recommend looking into "OPEN DNS" http://opendns.com .
The version of the router should be on UPC lable, but if the box is gray and says Cisco Small Business VERY clearly that should be a v2 router. If the box is Black/Gray (I think those were the colors) and said Linksys by Cisco, it may be a v1; which would not have anything after the model number.
I have this setup almost exactly and almost everything works except...
No matter what vlan I've got the wireless ssid assigned to, clients are still getting a dhcp address from the windows dhcp server on vlan 1 (LAN). Occasionally they will get an ip from the dhcp server and scope configured for that vlan on the router.
It's obvious that vlan 1 (lan) and vlan 100 (wireless) are bridged or that the router is forwarding the dhcp requests (less likely), but I can't figure out where or how that's happening. The layer 2 settings show that the newly created vlan is excluded from forwarding on the physical ports (which is the default behavior) but obviously something is up.
I've wiped the router config and started over careful not to change any settings not completely necessary, but to no avail.
It's getting very frustrating. I spend my days working on 6500 and 7200 gear and it's the small business router that's kicking my rear end...
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...