Wireless direct to internet

[daneicher]

Hi,

I have the following configuration:

1130AG (Wireless Access Point)>>Catalyst 3750 (Switch)>>Pix 515E.

All equipment is currently configured and working.

I am looking for guidance and IOS commands to create a third vlan on the 3750 and route traffic from the port of the 3750 (switch) that the 1130ag (wireless access point) is plugged in to, directly to our firewall. I do not want any inter-operability between this traffic, that is available to the public via our 1130ag and our corporate network.

Thanks,
Dan

Note: The pix is running version 6.3 and the 3750 is running IOS 12.2(20).
I can program the wireless access point with any static IP needed.

 

[KiscoKid]

On your 3750, issue the command 'show vlan' and note the vlans in use. Also identify two ports that are spare to connect both the AP and PIX firewall. Let say for example, you determine vlan 20 is free and ports fa0/10 and fa0/11 are free to connect the AP and PIX respectively.

Pick a spare one and then enter the following:

switch#conf t
switch(config)# vlan 20
switch(config-vlan)#int fa0/10
switch(config-if)#switchport access vlan 20
switch(config-if)#desc Connection to AP
switch(config-if)#int fa0/11
switch(config-if)#switchport access vlan 20
switch(config-if)#desc Connection to PIX Inside

This basically sets up just a layer 2 network between both the AP and PIX. This alone will ensure no other VLANs can talk to either device unless you introduce a router that is aware of the new VLAN20 and is already configured to route between the existing VLANs.

Allocate any spare IP subnet you want now to the AP and the inside PIX interface.