Help with 871w WLAN & VLANs

ArdjanCisco · ‎07-04-2006

Hi! I think I'm too stupid for this...

I have a 871w with IOS c870-advipservicesk9-mz.124-9.T.bin. I'd like to have a config consisting of 4 VLANs: eth-priv, eth-guest, wlan-priv and wlan-guest. The *-guest vlans should only be able to get into the internet, not in my *-priv vlans. I want to use routing and ACLs, so I don't want bridging configured. All clients should get their IPs by DHCP, because my provider gives me my outer IP by DHCP, including DNS-server to use. I have the ethernet-vlans working fine, but can't get the hang of the wireless vlans...

Can someone point me to a config which does the things I want? Just the basics, I hope I can guess the details...

Thanx in advance!

dbakula01 · ‎07-05-2006

as far as i know you need the bridging configured to get the puppy to work. i do not run multiple vlans but see if my config helps you

hostname xxxxxx

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable password xxxxx

!

username admin password 0 xxxxxxxx

no aaa new-model

ip subnet-zero

ip cef

ip dhcp excluded-address xxxxxxxx

!

ip dhcp pool dcp

network xxxxxxxx 255.255.255.0

domain-name dcpartners.com

dns-server xxxxxxxx

default-router xxxxxxxx

!

ip dhcp pool xxxxxxxx

!

ip name-server xxxxxxxx

no ftp-server write-enable

!

bridge irb

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address dhcp

duplex auto

speed auto

!

interface Dot11Radio0

no ip address

!

encryption vlan 1 mode ciphers tkip

!

ssid xxxxxxxx

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 0 xxxxxxxx

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2437

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address xxxxxxxx 255.255.255.0

!

no ip http server

no ip http secure-server

ip nat pool dcp xxxxxxxx netmask 255.255.255.248

!

access-list 15 permit 192.168.1.0 0.0.0.255

access-list 15 permit 0.0.0.0 255.255.255.0

access-list 100 permit ip host xxxxxxxx 192.168.1.0 0.0.0.255

access-list 110 permit ip 192.168.199.0 0.0.0.255 192.168.1.0 0.0.0.255

!

control-plane

!

bridge 1 route ip

!

line con 0

no modem enable

transport preferred all

transport output all

line aux 0

transport preferred all

transport output all

line vty 0 4

login

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

end