10-29-2023 11:16 AM - last edited on 10-30-2023 02:04 AM by Translator
This is my current setup (see attachment):
There are 3 VLANs:
VLAN 1 (management) 192.168.0.0/24where all network devices live (router, AD server, switches)
VLAN 10 192.168.1.0/24: where PC1 and PC2 live
VLAN 20 192.168.2.0/24: where PC3 and PC4 live
The router (
ip 192.168.0.1
) performs PAT and acts as the gateway to the internet, whereas the L3 switch handles all LAN traffic and inter-vlan routing. In the "AD" server there are a plethora of services (DNS, DHCP, AAA), most important of them is a RADIUS AAA server which the L2 switches refer to when enforcing NAC. The general idea behind this topology was to have all LAN traffic be managed exclusively by the L3 switch, and all outbound traffic managed by the router.
Now I want to implement a WLAN with a single ssid, NAC and dynamic vlan assignment by the radius server. I believe that last part isnt possible on PT, but enforcing NAC will suffice. In order to keep all LAN-bound traffic exclusive to the L3 switch, I considered the following topology:
In this case, the AP would simple be the WLAN equivalent of a switch. However I have to use the 819HGW router for the WLAN and also have it perform the functions of the router in my current setup. I dont know how to approach the problem. My questions are:
1. How does the embedded AP work?
I dont quite understand how the router itself works, I dont understand what each interface does and how does it connect to the embedded AP. The router has the following interfaces:
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES NVRAM administratively down down
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
Serial0 unassigned YES NVRAM administratively down down
Wlan-GigabitEthernet0 unassigned YES unset up up
wlan-ap0
10.10.10.1
YES TFTP up up
Cellular0 unassigned YES IPCP administratively down down
Vlan1
10.10.10.1
YES NVRAM up up
ap#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES NVRAM up up
Dot11Radio0 unassigned YES NVRAM administratively down down
Dot11Radio1 unassigned YES NVRAM administratively down down
BVI1 unassigned YES DHCP up up
What is wlan-ap0 and Wlan-GigabitEthernet0? How do they relate to the embedded AP's interfaces? I googled what is BVI1 and I believe it just forwards all frames through interfaces of a given bridge-group (is it like a switch?). But if thats the case, how come I cant
ping
the AP from the router?
2. How do I integrate the 819HGW router to wired network?
I believe the 819HGW router is akin to the following topology:
If this is indeed how the 819HGW works, does this mean that the L3 switch would have to send all LAN traffic to the router in the case a host on the WLAN is on the same VLAN as a host on one of the L2 switches? Basically treating it as another switch? If so, how would I have to configure both the L3 switch and the router?
Solved! Go to Solution.
10-29-2023 01:42 PM - edited 10-29-2023 01:47 PM
1. The 819 is a router with an embedded switch and AP. You configure the GigabitEthernet0 interface as a regular router interface, the FastEtherent interfaces as switchports and the Wlan-GigabitEthernet0 is the logical switchport facing your embedded AP. The wlan-ap0 interface is the routers console/management interface to the embedded AP. You must configure this before being able to configure the AP functionality.
You should consult the 800 Series ISR router configuration guide for configuration specifics: https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide.html
2. I am not sure that I have Interpreted your task correctly, let me know if I have misunderstood.
Since the 819 provides routing, switching and AP functionality it can replace your router, the L3 switch and the AP. The GigabitEthernet0 interface is a regular router interface and should be connected to the link towards the modem. Since the FastEthernet interfaces are regular switchports you can replace Switch1 by connecting Switch2 and Switch3 to these ports and applying the appropriate configuration(VLANS, SVIs etc.). If you don't wish to replace Switch 1 you can configure your VLANs on the 819 and configure one of the Fastethernet interfaces as a trunk towards Switch1.
The wlan-Gi0 is a logical switchport that connects your router towards your embedded AP, you configure this like any other switchport connected to an AP. For AP configuration you should consult the wireless devices part of the configuration guide. To achieve dynamic VLAN assignement you can use the RADIUS attributes: Tunnel Type, Tunnel Medium Type and Tunnel Private Group ID - you will need to look up how you can set these for your NAC service.
10-29-2023 01:42 PM - edited 10-29-2023 01:47 PM
1. The 819 is a router with an embedded switch and AP. You configure the GigabitEthernet0 interface as a regular router interface, the FastEtherent interfaces as switchports and the Wlan-GigabitEthernet0 is the logical switchport facing your embedded AP. The wlan-ap0 interface is the routers console/management interface to the embedded AP. You must configure this before being able to configure the AP functionality.
You should consult the 800 Series ISR router configuration guide for configuration specifics: https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide.html
2. I am not sure that I have Interpreted your task correctly, let me know if I have misunderstood.
Since the 819 provides routing, switching and AP functionality it can replace your router, the L3 switch and the AP. The GigabitEthernet0 interface is a regular router interface and should be connected to the link towards the modem. Since the FastEthernet interfaces are regular switchports you can replace Switch1 by connecting Switch2 and Switch3 to these ports and applying the appropriate configuration(VLANS, SVIs etc.). If you don't wish to replace Switch 1 you can configure your VLANs on the 819 and configure one of the Fastethernet interfaces as a trunk towards Switch1.
The wlan-Gi0 is a logical switchport that connects your router towards your embedded AP, you configure this like any other switchport connected to an AP. For AP configuration you should consult the wireless devices part of the configuration guide. To achieve dynamic VLAN assignement you can use the RADIUS attributes: Tunnel Type, Tunnel Medium Type and Tunnel Private Group ID - you will need to look up how you can set these for your NAC service.
10-30-2023 01:33 PM
This depends on size of the company/office in terms of number employees; If it is small, one router with L2 switches should be enough to handle traffic to the Internet and main office/HQ. Design may call this collapsed-core design. 819HGW is like jack-of-all-trades; just does everything for you. No need for L3 switch,
Your 819HGW can do all routing between and among your L3 subnets; L2 switches are just extension of your network in terms of number ports.
In case of Medium and larger office; 1 router may not be "strong" enough to handle its duties (assuming all employees working hard). This is where u could delegate routing duties to L3 switch and have Core router 819HGW be gateway router, DHCP, PAT to the Internet. L2 access switches connect directly to L3 distribution switch who then connects to router. This would be 3-layer hierarchical design with Access, Distribution, Core layers.
Regards, ML
**Please Rate All Helpful Responses **
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide