cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1944
Views
5
Helpful
5
Replies

Wireless not working, VLAN problem?

JudAster2010
Level 1
Level 1

Hello and thanks for reading!

We have two different Internet providers in the office. We use one of them only for the VoIP. In the switch (Cisco 3560) I have 10 ports in a different VLAN (phones, PBX and the Internet router). The problem is that I want to use this router as the WIFI access point in the office, for the visitors to be able to connect to the Internet). As soon as I created the VoIP VLAN, I can't connect to the Internet through the WIFI, and I don't know why. The rest of the clients are in the default VLAN, and the main router do not have WIFI.

As my network is very small (25 users), I decided not to assign a different subnet to the VoIP VLAN, is this a problem? The DHCP pool in the WIFI router starts at 192.168.60.100, so I'm not giving overlapped IP addresses to the WIFI users.

Some more info:

main router IP 192.168.60.1
Wifi router IP 192.168.60.5

I tried from a WIFI laptop with static addresses like this

Option 1 (NOT WORKING)
IP 192.168.60.101
MSK 255.255.255.0
GW 192.168.60.5

Option 2 (WORKS)
IP 192.168.60.101
MSK 255.255.255.0
GW 192.168.60.1 (wich is the default route)

I'd like the WIFI devices to connect to the Interternet through the 192.168.60.5 router but I

Any help would be great,

Jud

5 Replies 5

dvangyzeghem
Level 1
Level 1

Hi Jud,

Is the WIFi router the  accesspoint?

On which port of the switch is it connected and what is the config of this port?

What kind of device is it?

Can you show the routing table of the 192.168.60.5 device.

Thanks

Br

Dimitri

Thanks for the answer dvangyzeghem,

Well yes, the wifi router should be the access point (I guess)

The wifi router is a Thomson cheap SOHO router.

This is the "show run" command output of the 3560 switch:

************************************************************

3560#show run
Building configuration...

Current configuration : 5778 bytes
!

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!

hostname 3560
!

enable secret 5 **********************
enable password ********
!

no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!

!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!

!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!

vlan internal allocation policy ascending
!

interface GigabitEthernet0/1
!

interface GigabitEthernet0/2
!

interface GigabitEthernet0/3
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/4
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/5
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/6
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/7
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/8
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/9
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/10
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/11
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/12
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/13
!

interface GigabitEthernet0/14
switchport mode access
!

interface GigabitEthernet0/15
!

interface GigabitEthernet0/16
switchport mode access
!

interface GigabitEthernet0/17
!

interface GigabitEthernet0/18
!

interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!

interface GigabitEthernet0/20
!

interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!

interface GigabitEthernet0/22
description CISCO FIREWALL
!

interface GigabitEthernet0/23
switchport access vlan 101
switchport mode access
!

interface GigabitEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!

interface GigabitEthernet0/25
!

interface GigabitEthernet0/26
!

interface GigabitEthernet0/27
!

interface GigabitEthernet0/28
!

interface Vlan1
ip address 192.168.60.254 255.255.255.0
!

interface Vlan154
ip address 192.168.154.1 255.255.255.0
!

interface Vlan200
ip address 192.168.200.1 255.255.255.0
!

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.60.1
ip http server
!

!
control-plane
!

!
line con 0
line vty 0 4
password ***********
login
length 0
line vty 5 15
password **********
login
length 0
!

end

************************************************************

The diagram is very simple, something like this:

router 1
   |

   |
3560-----wifi router
   |

   |
2450 (switch 24p)

With the Cisco Network Assistant, I created the VLAN 101, and attached all the VoIP phones and the Wifi router (from one of the LAN ports of the router). This setup worked fine when I had only one VLAN for everything. I don't want the visitors to gain access to my network.

I just wanted to have a different Internet access for the wifi, but it doesn't work to me.

Thanks

Hi Jud,

Where are your 2 internet connections (ISP's)? 1 on your router1 and one on your WIFI router?

We need to make sure we are not misunderstanding eachother, so i think we best go step by step.

Br

Dimitri

Hi dvangyzeghem,

Yes, sorry for the misunderstanding, the internet connections are attached to the routers, one in the router1 and the other in the wifi router. From the router there is a cable that goes from the router to the WAN port of the firewall, and then from the LAN port of the firewall to the 3560 switch. The wifi router is directly connected from one of its LAN ports to the 3560 switch (to one of the VLAN VoIP ports)

Thanks,


Jud

Hi Jud,

Sorry for the late reply.

As i see your situation:

-the wireless guests and  accesspoint and voip phones use vlan 101, no one else.

Then when your accesspoint(WIFI router) should be DHCP and if you can use a different subnet (though i dont it matters), it should be the gateway for this subnet and then it should work.

-If this doesnt work it is your connection to the internet on the WIFI router (can you test this by connecting with your PC to the accesspoint through the lan port and disconnecting the rest?)

-I saw in the config vlan 101 is not routed (can you check this?) and can you also not allow vlan 101 on the trunks (to be sure), then the 2 networks are completley separated.

What do you think?

Best regards,

Dimitri

Review Cisco Networking for a $25 gift card