cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
351
Views
0
Helpful
3
Replies

871W VLAN support

edmondchow
Level 1
Level 1

I am thinking of using the 871W for the following application and wanted a confirmation that it works on the 871W.

My client has two wireless Mac laptops that he wants on one network and two wired PCs that he wants on a separate network. For security reasons, the wireless network must NOT have any possible way of accessing the wired network and vice versa. This is a home application but security is first and foremost on my client's mind as he has sensitive data on his two PCs. By the way the two wireless Macs will be used exclusively by only his kids.

Please let me know if the 871W can support the network configuration that I have outlined and how I would go about configuring it (i.e., either via separate VLANs or another way).

I guess that using a separate router/firewall (like the 806) and wireless access point (like the 1230/1231) but the 871W is more economically priced.

Thanks for your help.

Regards,

Edmond

3 Replies 3

jheckart
Level 3
Level 3

VLAN's are the way that you'll want to go. You'll need to get a hold of the advanced ip services though, as the advanced security ios does not support more than one VLAN.

You'll then need to create VLAN interfaces, and BVI's that have the actual ip address. You can then add sub-interfaces to the dot11radio 0 interface. You'll also want to add an ACL to the interface of the protected VLAN to prevent the unprotected VLAN from accessing.

One other gotcha to this is that they 871W's will support the use of only 1 wep key, so you must choose which dot11 sub-interface that you want protected by wep.

Hope this helps.

Thanks for the feedback. The 871W does not seem like the solution I am looking for because of the limitations you have pointed out. Also, I may need more than one wireless access point for future expandability.

What do you think of my choice of 806 firewall/router plus a 1230/1231 wireless access point? Your thoughts and suggestions would be most appreciated!

Thanks.

Edmond

I would stay with the 871. It is an extremely versatile ISR model for the price. You'll be able to configure the ports as switch ports and create a dot1q trunk between the 1230 and the 871. That would be a perfect combination.

I have 7 of these in various offices, and have been thoroughly impressed for the under $500 dollar price. I would tend to stay away from the 806 as you'll be extremely limited. It is not in the ISR category and will not support VLAN's. It will not give you the functionality that you are looking for based on your initial post.

Let me know if you have other questions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco