851w config w\ 12.4(4)-T4 vlan question

I need help with this 851w. It is for a hotel that wants to keep guests seperate from internal network. Originally the guests had there own network with a static address on FE4 and then natting 192.168.1.0 for wireless with an unnumbered address to BV1 with 192.168.1.1 address and 2 Aironet 1200 Access points each with a static 192.168.1..x address. I screwed up not doing more research thinking that you could do multiple vlans on it. I've setup a couple 871w's and it was no problem along with port forwarding. The new connection comes with a /29 network usable, but I also have to be the other end of a .252 to get the circuit up. After searching and research how does this sound. Fe4: address .252 primary and x.x.x.153 /29 address as secondary. Then nat 192.168.1.x on vlan1 with an address bridged to BV1. Setting the default route to the x.x.x.153 address. Would I then be able to run a server and Nortel 221 concentrator on the x.x.x.154-8 network off of the switch ports? btw: I saw last night the Cisco 1811w would be a nice upgrade for this network at a reasonable price. Thanks. btw:

Update. If I set up vlan1 for routing rather than irb and set it to the first address in the /29 network and use a nat pool with the addresses it will be assigned to the fastethernet ports. I then use a static source route to concentrator. Will I still be able to use the 192.168.1 network for the dhcp clients on the wireless bridge? Another thing is the access points are using 2 of the ether ports so would they have to be in the /29 network or could I just leave them on the 192.168.1 network? Thanks for any replies. Current config. Building configuration... Current configuration : 5758 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname xxx ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 x ! no aaa new-model ! resource policy ! clock timezone PCTime -6 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ip subnet-zero no ip source-route no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.9 ip dhcp excluded-address 192.168.1.251 192.168.1.254 ! ip dhcp pool sdm-pool1 import all network 192.168.1.0 255.255.255.0 domain-name x2 default-router 192.168.1.1 dns-server 208.67.222.222 208.67.220.220 ! ! ip cef ip tcp synwait-time 10 no ip bootp server ip domain name yourdomain.com ip name-server 208.67.222.222 ip name-server 24.177.176.36 ip name-server 208.67.220.220 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto quit ! ! bridge irb ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$ ip address 192.168.3.5 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Dot11Radio0 no ip address ! ssid x2 authentication open guest-mode infrastructure-ssid optional ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 no preamble-short channel 2437 station-role root no dot11 extension aironet bridge-group 1 bridge-group 1 spanning-disabled ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ no ip address ip tcp adjust-mss 1452 bridge-group 1 ! interface BVI1 description $ES_LAN$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! ip classless ip route 0.0.0.0 0.0.0.0 isp gateway permanent ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! logging trap debugging access-list 1 remark INSIDE_IF=BVI1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 no cdp run ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end "kent w" <nospamkwat@mnw.net> wrote in message news:wmY8n.5493$1m3.4325@newsfe11.iad... >I need help with this 851w. It is for a hotel that wants to keep guests >seperate from internal network. Originally the guests had there own network >with a static address on FE4 and then natting 192.168.1.0 for wireless with >an unnumbered address to BV1 with 192.168.1.1 address and 2 Aironet 1200 >Access points each with a static 192.168.1..x address. > > I screwed up not doing more research thinking that you could do multiple > vlans on it. I've setup a couple 871w's and it was no problem along with > port forwarding. > > The new connection comes with a /29 network usable, but I also have to be > the other end of a .252 to get the circuit up. After searching and > research how does this sound. > > Fe4: address .252 primary and x.x.x.153 /29 address as secondary. > Then nat 192.168.1.x on vlan1 with an address bridged to BV1. > Setting the default route to the x.x.x.153 address. > Would I then be able to run a server and Nortel 221 concentrator on the > x.x.x.154-8 network off of the switch ports? > > btw: I saw last night the Cisco 1811w would be a nice upgrade for this > network at a reasonable price. Thanks. > > btw: >

Through research, I need to just penny up and get a Cisco 1801. Thanks for feedback. "kent w" <nospamkwat@mnw.net> wrote in message news:fD69n.29161$_96.2389@newsfe02.iad... > Update. If I set up vlan1 for routing rather than irb and set it to the > first address in the /29 network and use a nat pool with the addresses it > will be assigned to the fastethernet ports. I then use a static source > route to concentrator. > Will I still be able to use the 192.168.1 network for the dhcp clients on > the wireless bridge? Another thing is the access points are using 2 of the > ether ports so would they have to be in the /29 network or could I just > leave them on the 192.168.1 network? Thanks for any replies. > > > Current config. > Building configuration... > > Current configuration : 5758 bytes > ! > version 12.4 > no service pad > service tcp-keepalives-in > service tcp-keepalives-out > service timestamps debug datetime msec localtime show-timezone > service timestamps log datetime msec localtime show-timezone > service password-encryption > service sequence-numbers > ! > hostname xxx > ! > boot-start-marker > boot-end-marker > ! > logging buffered 51200 debugging > logging console critical > enable secret 5 x > ! > no aaa new-model > ! > resource policy > ! > clock timezone PCTime -6 > clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 > ip subnet-zero > no ip source-route > no ip dhcp use vrf connected > > ip dhcp excluded-address 192.168.1.1 192.168.1.9 > ip dhcp excluded-address 192.168.1.251 192.168.1.254 > ! > ip dhcp pool sdm-pool1 > import all > network 192.168.1.0 255.255.255.0 > domain-name x2 > default-router 192.168.1.1 > dns-server 208.67.222.222 208.67.220.220 > ! > ! > ip cef > ip tcp synwait-time 10 > no ip bootp server > ip domain name yourdomain.com > ip name-server 208.67.222.222 > ip name-server 24.177.176.36 > ip name-server 208.67.220.220 > ip ssh time-out 60 > ip ssh authentication-retries 2 > ! > ! > crypto > quit > > ! > ! > bridge irb > ! > ! > interface FastEthernet0 > ! > interface FastEthernet1 > ! > interface FastEthernet2 > ! > interface FastEthernet3 > ! > interface FastEthernet4 > description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$ > ip address 192.168.3.5 255.255.255.0 > no ip redirects > no ip unreachables > no ip proxy-arp > ip nat outside > ip virtual-reassembly > ip route-cache flow > duplex auto > speed auto > ! > interface Dot11Radio0 > no ip address > ! > ssid x2 > authentication open > guest-mode > infrastructure-ssid optional > ! > speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 > no preamble-short > channel 2437 > station-role root > no dot11 extension aironet > bridge-group 1 > bridge-group 1 spanning-disabled > ! > interface Vlan1 > description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ > no ip address > ip tcp adjust-mss 1452 > bridge-group 1 > ! > interface BVI1 > description $ES_LAN$$FW_INSIDE$ > ip address 192.168.1.1 255.255.255.0 > no ip redirects > no ip unreachables > no ip proxy-arp > ip nat inside > ip virtual-reassembly > ip route-cache flow > ! > ip classless > ip route 0.0.0.0 0.0.0.0 isp gateway permanent > ! > ip http server > ip http authentication local > ip http secure-server > ip http timeout-policy idle 60 life 86400 requests 10000 > ip nat inside source list 1 interface FastEthernet4 overload > ! > logging trap debugging > access-list 1 remark INSIDE_IF=BVI1 > access-list 1 remark SDM_ACL Category=2 > access-list 1 permit 192.168.1.0 0.0.0.255 > no cdp run > ! > control-plane > ! > bridge 1 protocol ieee > bridge 1 route ip > > ! > line con 0 > login local > no modem enable > transport output telnet > line aux 0 > login local > transport output telnet > line vty 0 4 > privilege level 15 > login local > transport input telnet ssh > ! > scheduler max-task-time 5000 > scheduler allocate 4000 1000 > scheduler interval 500 > end > > "kent w" <nospamkwat@mnw.net> wrote in message > news:wmY8n.5493$1m3.4325@newsfe11.iad... >>I need help with this 851w. It is for a hotel that wants to keep guests >>seperate from internal network. Originally the guests had there own >>network with a static address on FE4 and then natting 192.168.1.0 for >>wireless with an unnumbered address to BV1 with 192.168.1.1 address and 2 >>Aironet 1200 Access points each with a static 192.168.1..x address. >> >> I screwed up not doing more research thinking that you could do multiple >> vlans on it. I've setup a couple 871w's and it was no problem along with >> port forwarding. >> >> The new connection comes with a /29 network usable, but I also have to be >> the other end of a .252 to get the circuit up. After searching and >> research how does this sound. >> >> Fe4: address .252 primary and x.x.x.153 /29 address as secondary. >> Then nat 192.168.1.x on vlan1 with an address bridged to BV1. >> Setting the default route to the x.x.x.153 address. >> Would I then be able to run a server and Nortel 221 concentrator on the >> x.x.x.154-8 network off of the switch ports? >> >> btw: I saw last night the Cisco 1811w would be a nice upgrade for this >> network at a reasonable price. Thanks. >> >> btw: >> > >