09-21-2010 07:35 AM - edited 03-04-2019 09:50 AM
09-21-2010 08:34 AM
Hi Jud,
Is the WIFi router the accesspoint?
On which port of the switch is it connected and what is the config of this port?
What kind of device is it?
Can you show the routing table of the 192.168.60.5 device.
Thanks
Br
Dimitri
09-21-2010 09:02 AM
Thanks for the answer dvangyzeghem,
Well yes, the wifi router should be the access point (I guess)
The wifi router is a Thomson cheap SOHO router.
This is the "show run" command output of the 3560 switch:
************************************************************
3560#show run
Building configuration...
Current configuration : 5778 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3560
!
enable secret 5 **********************
enable password ********
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/8
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/9
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/10
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/11
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/12
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
switchport mode access
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
switchport mode access
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/22
description CISCO FIREWALL
!
interface GigabitEthernet0/23
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.60.254 255.255.255.0
!
interface Vlan154
ip address 192.168.154.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.60.1
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password ***********
login
length 0
line vty 5 15
password **********
login
length 0
!
end
************************************************************
The diagram is very simple, something like this:
router 1 
   |
   |
3560-----wifi router
   |
   |
2450 (switch 24p)
With the Cisco Network Assistant, I created the VLAN 101, and attached all the VoIP phones and the Wifi router (from one of the LAN ports of the router). This setup worked fine when I had only one VLAN for everything. I don't want the visitors to gain access to my network.
I just wanted to have a different Internet access for the wifi, but it doesn't work to me.
Thanks

09-22-2010 08:22 AM
Hi Jud,
Where are your 2 internet connections (ISP's)? 1 on your router1 and one on your WIFI router?
We need to make sure we are not misunderstanding eachother, so i think we best go step by step.
Br
Dimitri
09-22-2010 09:31 AM
Hi dvangyzeghem,
Yes, sorry for the misunderstanding, the internet connections are attached to the routers, one in the router1 and the other in the wifi router. From the router there is a cable that goes from the router to the WAN port of the firewall, and then from the LAN port of the firewall to the 3560 switch. The wifi router is directly connected from one of its LAN ports to the 3560 switch (to one of the VLAN VoIP ports)
Thanks,
Jud
09-26-2010 04:29 AM
Hi Jud,
Sorry for the late reply.
As i see your situation:
-the wireless guests and accesspoint and voip phones use vlan 101, no one else.
Then when your accesspoint(WIFI router) should be DHCP and if you can use a different subnet (though i dont it matters), it should be the gateway for this subnet and then it should work.
-If this doesnt work it is your connection to the internet on the WIFI router (can you test this by connecting with your PC to the accesspoint through the lan port and disconnecting the rest?)
-I saw in the config vlan 101 is not routed (can you check this?) and can you also not allow vlan 101 on the trunks (to be sure), then the 2 networks are completley separated.
What do you think?
Best regards,
Dimitri
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide