Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

implementing vlans on an aironet 1231 1

Status
Not open for further replies.
norryguy

norryguy

MIS
Nov 19, 2002
22
0
0
US
we have purchased a cisco aironet 1231 access point and have an a anntenna as well as a b/g one.  Anyway we are hope to create 2 wireless networks.  One for guest access as part of our building is a conference and learning center and the other wireless network for our staff.  I was hoping to limit the guests to just internet access and not let them (via filters) to even have a chance to try and browse our internal network.

Vlans on the aironet seem to be the way to go, and I have configured them and have the staff one working.  it's mapped as the native vlan.  my guest one isn't and I think it's because I have no existing vlans on my wired network, thus no 2nd one to map the guest network to.

is this true?  I am not sure I can create vlans on my wired network as it's a mix of layer 4 and layer 2 switches and hubs.  Is there a different method to get done what I want to do?  thanks for the help
 
Sort by date Sort by votes
Yes you need a layer 3 connection or do some trunking to the router interface.
 
Upvote 0 Downvote
does that mean layer 3 or 4 all the way back to my internet feed or just plugging the access point into one of my existing 3com 4400 switches and figuring out how to create 2 vlans just on the switch to match the ones on the access point?
 
Upvote 0 Downvote
A vlan is a layer 2 feature that segments broadcast domains. Layer 3 is your IP networking layer. You will need to do one of two things. If you would like the two vlans to talk to each other you need a layer 3 connection to transfer between the two. Creating the vlan on the switch will not do anything for you. You have to do this at layer 3. You can imagine a vlan being a totally seperate switch that is not connected to anything else. You need a router to route between them at the IP layer.

So I do not know your network. But I am assuming you only have one router which is your internet connection. Now if you do not manage this router, then your out of luck. If you do manage the router you have two choices. If you have two etthernet ports on the router you can plug one port into one vlan and the other port into the other vlan. Make sure you have DIFFERENT IP SUBNETS FOR EACH VLAN. No you cna not use the same subnet the router will not let you do. If you have only one interface and have the right router and the right code you can trunk the two vlans to the router and create subinterfaces for each vlan and IP network you have created.

I have no idea how to do this on a 3com since this is the cisco forum.

Good luck NetEng
 
Upvote 0 Downvote
thanks. I don't need the vlans to talk to each other at all. Our network is a little different. We have an atm feed and are using the router (2621 ios 12.1) as a firewall with port 0/0 going to the atm (actually a fore switch) and 0/1 coming inside. so I'll look at my vlan possibilities with the 3com switches. Do you know of any other way of setting up 2 ssids on the access point and limiting one of them to just internet traffic?

thanks again for your help.
 
Upvote 0 Downvote
you need to configure trunking on the uplink port from the aironet to the 3com switch. the 3com switch port will need to be set to trunk the vlans that you are using. normally an activated trunk port will trunk all vlans by default or you can specify what vlans not to trunk/filter etc.

next you will need to trunk from the 3com switch to the 2621. the router will need to be configured as follows on its inside ethernet interface


this creates the subinterface that you will map the vlan 2 to.


interface FastEthernet0/1 --- Native Vlan
ip address 10.3.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
duplex auto
speed auto

!
interface FastEthernet0/1.2 -------- New routed vlan2
encapsulation dot1Q 2
ip address 10.255.2.1 255.255.255.0
no ip redirects
no ip directed-broadcast
!

This should take care of the routing portion on the 2621 assuming that you can get all the trunking setup on the 3com switches. I wouldn't think it would be too difficult. I would recommend setting the trunking on the 3coms to static for interoperability sake.

Aslo you may want to create some access-lists to limit the vlan2 guest vlan to internet access only since they will be able to communicate with the other vlans by default.

good luck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
75
jarod_paris
jarod_paris
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
69
testman1
testman1
Willi DB
  • Locked
  • Question
Polycom410 Forward an incoming call
Replies
0
Views
43
Willi DB
Willi DB
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
90
iggsterman
iggsterman
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
42
mikey789
mikey789

Part and Inventory Search

Sponsor

Back
Top