Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
0
Helpful
4
Replies

Can I use ASUS Home Router with Cisco ISR 1100?

whughes123
Level 1
Level 1

‎01-29-2024 11:04 AM

I purchased a Cisco ISR 1111x-8p router for my business, but I did not know I needed to purchase a WIFI card with it to provide WIFI coverage for my building. Now I am stuck with a router that does not provide WIFI capabilities. My question is, can I use my existing ASUS home router (connected to ethernet port) and control security/management (port-security, ACL, etc) for the devices connecting to WIFI from the Cisco router? Or is there someway I'm not aware of to give this thing Wireless capabilities?

I have attached a network diagram to show what I'm talking about...

Thank you!!

Labels:
Preview file
43 KB
0 Helpful
4 Replies 4

liviu.gheorghe
Spotlight
Spotlight

‎01-29-2024 11:25 AM

Hello @whughes123 ,

the short answer to your question - Yes you can use the Cisco ISR 1111 to connect to the internet and have the ASUS connected to the router. You will need to configure a series of things:

  • PPPoE for the connection to the ISP (most probably)
  • some static and/or default routes
  • NAT for the wireless subnet
  • ACL's for security

just to name a few.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

whughes123
Level 1
Level 1
In response to liviu.gheorghe

‎01-29-2024 11:34 AM

@liviu.gheorghe  Awesome! Just to be clear again, I can control WIFI access to the Asus WIFI network THROUGH the Cisco ISR 1100 router interfaces via port-security or ACL or whatever. So if I setup DHCP in the 192.168.1.x range for all computers in the building to connecting to the Asus router via WIFI, I can control that access from the Cisco ISR router?? Or whatever the most secure way of setting this WIFI access up is through the Cisco ISR router?

0 Helpful

liviu.gheorghe
Spotlight
Spotlight
In response to whughes123

‎01-29-2024 11:51 AM

Yes you can. ACL's would be your tool to do that. You would have to do it on a SSID/VLAN basis, unless you assign static IP addresses through your DHCP.

Suppose you have SSID Management, which gets IP's from subnet 192.168.1.x - the ACL on the router will allow IP's from 192.168.1.x access to the Internet.

Now you have another SSID - Accounting, which gets IP's from subnet 192.168.2.x - you configure the ACL on the router to deny IP's from 192.168.2.x access to the Internet.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Georg Pauwen
VIP
VIP

‎01-29-2024 01:57 PM

Hello,

here is what the ISR1100 basic config would look like. Your ASUS router probably serves as DHCP server for one or more (wireless or wired) subnets. Set the ASUS WAN IP address to 192.168.2.1/24, so it connects to the ISR. The ISR will NAT anything in the 192.168.0.0/16 range.

version 16.9
service config
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname NEXUS-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXX
enable password XXXXXXXX
!
no aaa new-model
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2759056948
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2759056948
revocation-check none
rsakeypair TP-self-signed-2759056948
!
crypto pki certificate chain TP-self-signed-2759056948
certificate self-signed 01 nvram:IOS-Self-Sig#5.cer
!
license udi pid C1111-8P sn XXXXXXXX
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username YYYYYYYY privilege 15 password 0 XXXXXXXX
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description Uplink to Internet
ip address dhcp
ip nat outside
!
interface GigabitEthernet0/0/1
description Downlink to ASUS Router
ip address 192.168.2.2 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
description SkyNET
switchport access vlan 200
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1 GigabitEthernet0/0/0
!
snmp-server community XXXXXXXX RO
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
password XXXXXXXX
login
!
end

0 Helpful
Customers Also Viewed These Support Documents