Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1701 and VLAN ?

Status
Not open for further replies.

Tony414

MIS
Feb 3, 2003
197
US
Hello,
I'm not sure if this is possible. And if it is, I'm not sure how to do it.

I have a 1701 router connected to an HP Procurve switch. I also have a wireless AP connected to the switch. I want to isolate the wireless from the LAN. The HP has VLAN capabilities. My router is connected to port 1 on the switch and the wireless is connected to port 18 on the switch. HP is telling me I can't do this without some configuration to the router. Is there VLAN support on the router to keep the wireless of the LAN?

Thanks,
Tony
 
Tony,

It's possible. Once you create the VLANs on the switch, you need to configure the port that the router is connected to as a dot1Q trunk. The trunk carries the traffic of both VLANs to the router. You can configure subinterfaces on the router; one for each VLAN.

Here's a document from Cisco.com on how to do this. Since you have an HP switch, the only part that you're interested in is the 2600 router configuration. The commands should be the same on the 1700:


Matt
CCIE Security
 
Hi Matt,
Thanks for the info. Still a little fuzzy on this. I'm not cisco pro so I get a little cautious when changing anything. If I send my current running config can you show me the changes that need to be done. Sorry for the hand holding on this one. Thanks!

Tony
 
VLAN 1=10.10.1.0/24
VLAN 10=10.10.10.0/24
VLAN 20=10.10.20.0/24

These are examples...
router#conf t
router(config)#int fa0
router(config-if)#no shut
router(config-if)#int fa0.10
router(config-subif)#encap dot1q 10
router(config-subif)#ip add 10.10.10.1 255.255.255.0
router(config-subif)#exi
router(config)#int fa0.20
router(config-subif)#encap dot1q 20
router(config-subif)#ip add 10.10.20.1 255.255.255.0
router(config-subif)#exi
router(config)#int fa0.1
router(config-subif)#encap dot1q native 1
note the keyword "native" may not work here...
router(config-subif)#ip add 10.10.1.1 255.255.255.0
router(config-subif)#end
router#wr

Good security practice is to make the management VLAN a different VLAN other than VLAN 1 (with the "native" keyword on the switch (Cisco) and the trunking router, if it will take it).

Burt
 
So if the routers e0's ip is 10.81.0.1 would this need to be changed? or do I have to create a VLAN with this ip? or are the VLAN's totally seperate from that ip? Thanks
 
your base interface e0 itself wont have an ip address. the sub interfaces will have the addresses that apply to each of the networks that the vlans represent
 
So if all my clients gateways point to 10.81.0.1, do I need to make one of the vlans that ip?
 
I would think that you would have to enable ip subnet-zero if you are pre 12.0 ios. If you are 12.0 or newer it is enabled by default on the router and you can use it.
This link explains ip subnet-zero command better.


According to the article if you have IOS 12.0 or newer the IP Subnet-zero is enabled by default. Pre 12.0 you need to enalbe it.

Gb0mb

........99.9% User Error........
 
So if all my clients gateways point to 10.81.0.1, do I need to make one of the vlans that ip?"

Why do VLANs then, if all clients are in the same subnet???

Burt
 
Well. My first msg states what I am trying to do. I have a wireless access point in the building and I am trying to find out how to not allow them access to the LAN. Both the access point and the router are plugged into the same switch. If there is some other way of doing it, do tell? I'm game for any suggestions on the easest way. I'm no pro at this so I really don't know where to start.

Thanks,
Tony
 
ok if your wired clients are in a vlan 10 and you configured the subinterface for vlan 10 on the router to have and ip address of 10.81.0.1 then that would be the gateway for those wired clients... just like if you configured the sub interface for vlan 20 for your wireless clients to have an ip address of 10.82.0.1 that would be the wireless clients gateway.
 
Ok. So here is my current config.

service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ParkRec
!
boot system flash flash:c1700-y-mz.123-1a.bin
enable password 7 06140034584B1B54150543595F
!
ip subnet-zero
no ip rcmd domain-lookup
!
!
!
!
!
!
!
interface FastEthernet0
description connected to ParkRec LAN
ip address 10.111.0.1 255.
speed auto
!
interface Serial0
description connected to TownHall2
ip address 172.16.51.14 255.255.255.252
encapsulation ppp
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.51.13 permanent
ip route 10.81.0.0 255.255.0.0 172.16.51.13 permanent
ip http server
!
snmp-server community router-public123 RO
snmp-server community router-guilford123 RW
!
line con 0
exec-timeout 0 0
password 7 0314495A545C
login
line aux 0
line vty 0 4
password 7 051B145E731F
login
!
no scheduler allocate
!
end

----------------------------------------------

Ok. Now from what burtsbees is showing me, this is what I came up with. I'm sure it will need to be corrected. I gave the wrong IP before. The current IP of the ehternet is 10.111.0.1


VLAN 1=10.10.1.0/24 (NOT SURE ABOUT THIS)
VLAN 10=10.111.0.0/24
VLAN 20=10.112.0.0/24

These are examples...
router#conf t
router(config)#int fa0
router(config-if)#no shut
router(config-if)#int fa0.10
router(config-subif)#encap dot1q 10
router(config-subif)#ip add 10.111.0.1 255.255.255.0
router(config-subif)#exi
router(config)#int fa0.20
router(config-subif)#encap dot1q 20
router(config-subif)#ip add 10.112.0.1 255.255.255.0
router(config-subif)#exi
router(config)#int fa0.1
router(config-subif)#encap dot1q native 1
note the keyword "native" may not work here...
router(config-subif)#ip add 10.10.1.1 255.255.255.0 (NOT SURE ABOUT THIS)
router(config-subif)#end
router#wr
 
There are a couple of spots I wasn't sure on. Any ideas?

VLAN 1=10.10.1.0/24 (NOT SURE ABOUT THIS)
router(config-subif)#ip add 10.10.1.1 255.255.255.0 (NOT SURE ABOUT THIS)

Also, does this end up going away and get changed to the sub interface?

interface FastEthernet0
description connected to ParkRec LAN
ip address 10.111.0.1 255.255.0.0
speed auto

 
What I mean in the first part. Is this just informational?

VLAN 1=10.10.1.0/24 (NOT SURE ABOUT THIS)
VLAN 10=10.111.0.0/24
VLAN 20=10.112.0.0/24
 
ok as far as your current fastethernet0 interface... you will want to do this first...

router#conf t
router(config)#default int fa0

that will return the interface back to its defaults(that command should work on that series of router)

as far as your
"VLAN 1=10.10.1.0/24 (NOT SURE ABOUT THIS)
VLAN 10=10.111.0.0/24
VLAN 20=10.112.0.0/24"
that is more informational its the commands themselves that make the changes. just follow the guide that burtsbees pointed you to and you should be ok
and "router(config-subif)#ip add 10.10.1.1 255.255.255.0 (NOT SURE ABOUT THIS)" should be the correct command as long as you also use "router(config-subif)#encap dot1q native 1" with it.
 
ip add 10.10.1.1 255.255.255.0 (NOT SURE ABOUT THIS)

I guess it's more the IP address I was wondering about. I should have been clearer.
 
the ip address is fine... its still a private address so you should not have any problems there. if you want you can make it:
ip add 10.110.0.1 255.255.255.0
 
Hmmm. That's thowing me off. After looking through the post and my current config. Is it possible I don't even need that? I only want to segregate the wired from the wireless.
 
You dont have to have it as far as i know. However, it is a good idea to set it up that way. in either case when its all said and done you wont have to worry about whats on what vlan except when it comes to the switch... then you are really only worried about 2 vlans... your wired vlan and your wireless vlan.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top