Re: 851w config w\ 12.4(4)-T4 vlan question



Through research, I need to just penny up and get a Cisco 1801. Thanks for feedback.

"kent w" <nospamkwat@xxxxxxx> wrote in message news:fD69n.29161$_96.2389@xxxxxxxxxxxxxxx
Update. If I set up vlan1 for routing rather than irb and set it to the first address in the /29 network and use a nat pool with the addresses it will be assigned to the fastethernet ports. I then use a static source route to concentrator.
Will I still be able to use the 192.168.1 network for the dhcp clients on the wireless bridge? Another thing is the access points are using 2 of the ether ports so would they have to be in the /29 network or could I just leave them on the 192.168.1 network? Thanks for any replies.


Current config.
Building configuration...

Current configuration : 5758 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 x
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.251 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
domain-name x2
default-router 192.168.1.1
dns-server 208.67.222.222 208.67.220.220
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 208.67.222.222
ip name-server 24.177.176.36
ip name-server 208.67.220.220
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto
quit

!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address 192.168.3.5 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid x2
authentication open
guest-mode
infrastructure-ssid optional
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
channel 2437
station-role root
no dot11 extension aironet
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 isp gateway permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip

!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

"kent w" <nospamkwat@xxxxxxx> wrote in message news:wmY8n.5493$1m3.4325@xxxxxxxxxxxxxxx
I need help with this 851w. It is for a hotel that wants to keep guests seperate from internal network. Originally the guests had there own network with a static address on FE4 and then natting 192.168.1.0 for wireless with an unnumbered address to BV1 with 192.168.1.1 address and 2 Aironet 1200 Access points each with a static 192.168.1..x address.

I screwed up not doing more research thinking that you could do multiple vlans on it. I've setup a couple 871w's and it was no problem along with port forwarding.

The new connection comes with a /29 network usable, but I also have to be the other end of a .252 to get the circuit up. After searching and research how does this sound.

Fe4: address .252 primary and x.x.x.153 /29 address as secondary.
Then nat 192.168.1.x on vlan1 with an address bridged to BV1.
Setting the default route to the x.x.x.153 address.
Would I then be able to run a server and Nortel 221 concentrator on the x.x.x.154-8 network off of the switch ports?

btw: I saw last night the Cisco 1811w would be a nice upgrade for this network at a reasonable price. Thanks.

btw:




.