Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1701 and VLAN ?

Status
Not open for further replies.
Tony414

Tony414

MIS
Feb 3, 2003
197
0
0
US
Hello,
I'm not sure if this is possible. And if it is, I'm not sure how to do it.

I have a 1701 router connected to an HP Procurve switch. I also have a wireless AP connected to the switch. I want to isolate the wireless from the LAN. The HP has VLAN capabilities. My router is connected to port 1 on the switch and the wireless is connected to port 18 on the switch. HP is telling me I can't do this without some configuration to the router. Is there VLAN support on the router to keep the wireless of the LAN?

Thanks,
Tony
 
Sort by date Sort by votes
Ok Cool! I will give this all a shot. Thanks everyone for the help....
 
Upvote 0 Downvote
Ah ha! One more thing. Can I do this by telnet, or do I have to be directly connected?
 
Upvote 0 Downvote
if i were you... i would console in rather than telnet... because you are going to be messing with the inerface that you are going to change.
 
Upvote 0 Downvote
That's what I thought. Just wanted to make sure....
 
Upvote 0 Downvote
I want to isolate the wireless from the LAN."

Easiest way is acls...

Burt
 
Upvote 0 Downvote
burtsbees,

acls? Is that access lists? Not sure where to start with that. When you say easiest way, do you mean instead of VLAN?

Thanks,
Tony
 
Upvote 0 Downvote
Well, you would make a range for wireless clients and another range for wired clients, and they can be in the same subnet. You can separate them by an access-list with the use of a mask...for example, wireless=10.10.10.1 255.255.255.0 through 10.10.10.126, and wired = 10.10.10.128 through 10.10.10.254
access-list 110 deny ip 10.10.10.0 0.0.0.127 10.10.10.128 0.0.0.127
access-list 110 deny ip 10.10.10.128 0.0.0.127 10.10.10.0 0.0.0.127
int fa0
access-group 110 in

Like that. The masks in the acl's separate them as if they were separate subnets, but they are all the same network.
By the way, the example I gave was just informational---you do need a VLAN 1 IP address for VLAN and switch management.
The acl deal will keep the two vlsm subnets from talking to eachother. The fa0 interface will have a 10.10.10.0 255.255.255.0 IP address on it, so it can route both vlsm subnets. It has been quite some time, but that should work...anyone else agree? I'm tired and am listening to my 2 year old and 3 year old have a Wrestle Royal in the living room as I type---my poor wife...lol

Burt
 
Upvote 0 Downvote
Also, the clients themselves would have the normal 255.255.255.0 mask.

Burt
 
Upvote 0 Downvote
Hi burtsbees,

So are you saying I would still need to setup all that VLAN stuff from earlier?
 
Upvote 0 Downvote
Set up the VLANs and put in the access list with this at the end...

access-list 110 permit ip any any

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
118
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
102
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
118
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
105
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
138
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top