851w config w\ 12.4(4)-T4 vlan question

I need help with this 851w. It is for a hotel that wants to keep guests seperate from internal network. Originally the guests had there own network with a static address on FE4 and then natting 192.168.1.0 for wireless with an unnumbered address to BV1 with 192.168.1.1 address and 2 Aironet 1200 Access points each with a static 192.168.1..x address.

I screwed up not doing more research thinking that you could do multiple vlans on it. I've setup a couple 871w's and it was no problem along with port forwarding.

The new connection comes with a /29 network usable, but I also have to be the other end of a .252 to get the circuit up. After searching and research how does this sound.

Fe4: address .252 primary and x.x.x.153 /29 address as secondary. Then nat 192.168.1.x on vlan1 with an address bridged to BV1. Setting the default route to the x.x.x.153 address. Would I then be able to run a server and Nortel 221 concentrator on the x.x.x.154-8 network off of the switch ports?

btw: I saw last night the Cisco 1811w would be a nice upgrade for this network at a reasonable price. Thanks.

btw:

Reply to
kent w
Loading thread data ...

Update. If I set up vlan1 for routing rather than irb and set it to the first address in the /29 network and use a nat pool with the addresses it will be assigned to the fastethernet ports. I then use a static source route to concentrator. Will I still be able to use the 192.168.1 network for the dhcp clients on the wireless bridge? Another thing is the access points are using 2 of the ether ports so would they have to be in the /29 network or could I just leave them on the 192.168.1 network? Thanks for any replies.

Current config. Building configuration...

Current configuration : 5758 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname xxx ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 x ! no aaa new-model ! resource policy ! clock timezone PCTime -6 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ip subnet-zero no ip source-route no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.9 ip dhcp excluded-address 192.168.1.251 192.168.1.254 ! ip dhcp pool sdm-pool1 import all network 192.168.1.0 255.255.255.0 domain-name x2 default-router 192.168.1.1 dns-server 208.67.222.222 208.67.220.220 ! ! ip cef ip tcp synwait-time 10 no ip bootp server ip domain name yourdomain.com ip name-server 208.67.222.222 ip name-server 24.177.176.36 ip name-server 208.67.220.220 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto quit

! ! bridge irb ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$ ip address 192.168.3.5 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Dot11Radio0 no ip address ! ssid x2 authentication open guest-mode infrastructure-ssid optional ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 no preamble-short channel 2437 station-role root no dot11 extension aironet bridge-group 1 bridge-group 1 spanning-disabled ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ no ip address ip tcp adjust-mss 1452 bridge-group 1 ! interface BVI1 description $ES_LAN$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! ip classless ip route 0.0.0.0 0.0.0.0 isp gateway permanent ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! logging trap debugging access-list 1 remark INSIDE_IF=BVI1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 no cdp run ! control-plane ! bridge 1 protocol ieee bridge 1 route ip

! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end

"kent w" wrote in message news:wmY8n.5493$ snipped-for-privacy@newsfe11.iad...

Reply to
kent w

Through research, I need to just penny up and get a Cisco 1801. Thanks for feedback.

Reply to
no spam

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.