Configuration help needed

wdigital1 · ‎03-17-2017

Hi,

Here's what I'm trying to get set up and working: cable modem -> possibly cisco 2801 (not sure if this will be needed) -> cisco catalyst 3750 -> (10x) 1142 access points in autonomous mode.

I currently have a linksys wireless router sitting where the 2801 could be placed if needed. With this setup is have been able to get (2) ssid's one on each radio interface working however they are currently unsecured. What I'm needing to modify is it need at least (2) ssid's per interface with a minimum of WEP encryption with different keys. Also need to have dhcp available for all connections. And will need (1) ssid on each radio interface as well as some wired connections to be able to directly pass traffic to each other. (This will have some network printers etc) The other ssid will be primarily used for guest Internet access does not need Web auth.

Thank you for any suggestions on how I should set configuration.

Bill Daracunas

Not sure if I placed this in the correct community.

Julio E. Moisa · ‎03-18-2017

Hi Bill

Your plan is look fine:

Cable Modem - Router 2801 - Switch 3750 - Access Points

Steps to follow:

- Between Cable Modem and Router you will create a Point to Point, The router will be used for a NAT and static routing, DHCP.

- On the switch you need to create 2 trunk interface one for the Router and the other for the Access Point

- On the AP you need to create the VLANs to be assigned to each SSID, if Im not wrong they can be created under the service tab > vlans. Remember to create the Native Vlan.

- Once you have create vlans you can proceed with the normal configuration but assigning vlan per SSID also I remember you need to enable the guest mode on each SSID profile.

ROUTER

(Cable Modem provides IP address, right? So you can select one of these to be configured on the router for NAT, intervlan routing, DHCP)

Interface f0/0
description P2P-TO-CABLE_MODEM
ip address 192.168.1.2 255.255.255.0
ip nat outside
no shutdown

*Intervlan routing config

interface fa0/1
no shutdown

interface fa0/1.10
description VLAN10-WIFI_GUEST
encapsulation dot1q 10
ip add 10.0.10.1 255.255.255.0
ip nat inside
no shutdown

interface fa0/1.20
descritpion VLAN20-WIFI_2
encapsulation dot1q 20
ip add 10.0.20.1 255.255.255.0
ip nat inside
no shutdown

interface f0/1.30
description VLAN30_OTHER_SUBNET
encapsulation dot1q 30
ip add 10.0.30.1 255.255.255.0
ip nat inside
no shut down

interface f0/1.100
description MANAGEMENT-DEVICE-SUBNET
encapsulation dot1q 100
ip add 10.0.100.1 255.255.255.0
no shut down

interface f0/1.999
description NATIVE-VLAN
encapsulation dot1q 999 native
no shut down

* NAT config

ip access-list standard PRIVATE-NETS
permit 10.0.10.0 0.0.0.255
permit 10.0.20.0 0.0.0.255
permit 10.0.30.0 0.0.0.255

ip nat inside source list PRIVATE-NET interface fa0/0 overload

* Default route

ip route 0.0.0.0 0.0.0.0 192.168.1.1 <-- Assuming that is the Next Hop in the Cable Modem

* DHCP Config

ip dhcp pool VLAN10
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1
dns-server 8.8.8.8 4.2.2.2

ip dhcp excluded-address 10.0.10.1 10.0.10.5

ip dhcp pool VLAN20
network 10.0.20.0 255.255.255.0
default-router 10.0.20.1
dns-server 8.8.8.8 4.2.2.2

ip dhcp excluded-address 10.0.20.1 10.0.20.5

ip dhcp pool VLAN30
network 10.0.30.0 255.255.255.0
default-router 10.0.30.1
dns-server 8.8.8.8 4.2.2.2

ip dhcp excluded-address 10.0.30.1 10.0.30.5

SWITCH CONFIGURATION

conf t

vlan 10
name VLAN10

vlan 20
name VLAN20

vlan 30
name VLAN30

vlan 100
name MANAGEMENT

vlan 999
name NATIVE_VLAN

interface vlan 1
shutdown

interface vlan 100 <--- You can Assgn 1 IP of this network to the AP for management. (create the vlan on it)
description DEVICE-MGNT
ip add 10.0.100.2 255.255.255.0
no shutdown

interface fa1/0/48
description P2P_TO_ROUTER2801
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
no shut

interface fa1/0/1
description P2P_TO_ACCESS-POINT_STANDALONE
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
no shut

ip default-gateway 10.0.100.1

Please rate the comment if is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Shawnw4401 · ‎03-18-2017

Julio,

The only thing I see that might need to be changed in that example configuration would be the default route in the router and the point-to-point interface to the modem:

Interface f0/0
description P2P-TO-CABLE_MODEM
ip address 192.168.1.2 255.255.255.0
ip nat outside
no shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1 <-- Assuming that is the Next Hop in the Cable Modem

The route should look more like this:

Interface f0/0
description P2P-TO-CABLE_MODEM
ip address dhcp <-- Replace with the IP provided by ISP if a static IP address was given.
ip nat outside
no shutdown
!
ip route 0.0.0.0 0.0.0.0 f0/0 dhcp <-- Unless you have a static public IP address provided by ISP

Julio E. Moisa · ‎03-19-2017

Hi

Good point, thanks, both methods ca be used, I usually take one of the IP address provided by the cable modem and set it manually on the router.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

wdigital1 · ‎03-20-2017

OK first off thank you very much for your help. However now that I've made the above configuration settings on the switch and router I am no longer able to see or get to the access points previously I had configured them using 192.168.1.xxx however even with setting the ip manually on one over the ap's using the console connection is can ping and see my laptop also set manually with a 10.0.100.xxx ip but neither laptop or ap are able to ping switch, and the switch doesn't show any device as being connected to those ports (even though the light indicators show good connection)

Julio E. Moisa · ‎03-20-2017

Hi

You must create the vlan 100 on the AP and associate it to 1 IP address related to that subnet.

IP 10.0.100.5
Subnet mask 255.255.255.0
Gateway 10.0.100.1

Remember that the switchport connected to the AP must be configured as trunk in order to pass the vlans. These vlan should be created on the AP as well.

Please let me configure an AP and share with you the config.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

wdigital1 · ‎03-20-2017

I won't be able to make those changes until Wednesday evening at the earliest. But if you have full config files/text for setup of an 1142 in autonomous mode that would be awesome. Unfortunately for me I know enough to be dangerous when it comes to setting up cisco hardware so the more help the better.

Julio E. Moisa · ‎03-20-2017

No worries, it will be a pleasure to assist you

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎04-03-2017

Hi

Apologies for the late response, I had busy days but I would like to follow up this request.

Do you need still the config?

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<