Trying to merge lan subnet with wifi subnet without killing internet access
416_guy
Member Posts: 70 ■■■□□□□□□□
in CCNA & CCENT
I have a Cisco 871w which I am using as my router for internet access. It is connected to my cable modem. My outside local interface is Fast Ethernet 4. While my inside interfaces are Fast Ethernet 0 - 3. The subnet for that is 192.168.1.0 255.255.255.0. My wifi subnet is 192.168.2.0 255.255.255.0.
My goal is to have 1 subnet instead of 2. I am not sure how to approach this without bringing down my internet.
Any help would be appreciated!
Here is my config:
R1#show run
Building configuration...
Current configuration : 2768 bytes
!
! Last configuration change at 06:26:04 UTC Thu Jan 15 2015
! NVRAM config last updated at 06:13:25 UTC Thu Jan 15 2015
! NVRAM config last updated at 06:13:25 UTC Thu Jan 15 2015
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$WGaR$ENClKInCBHeG29OzoldeB1
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid nes
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 XXXXXXXXXX
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.2.1 192.168.2.100
!
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
dns-server 4.2.2.2 8.8.8.8
default-router 192.168.1.1
!
ip dhcp pool wifi
network 192.168.2.0 255.255.255.0
dns-server 4.2.2.2 8.8.8.8
default-router 192.168.2.1
!
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin secret 5 $1$H7H9$NOkVjNhVk34i.mcWLwWX01
!
!
!
!
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
speed 100
full-duplex
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid nes
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip virtual-reassembly in
bridge-group 1
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list INSIDE_NAT_ADDRESSES interface FastEthernet4 overload
!
ip access-list standard INSIDE_NAT_ADDRESSES
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
bridge 1 route ip
banner motd ^C
==================================
========= DO NOT LOG IN =========
==================================
^C
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password XXXXXXXX
login
transport input all
!
ntp server 198.27.65.66
end
My goal is to have 1 subnet instead of 2. I am not sure how to approach this without bringing down my internet.
Any help would be appreciated!
Here is my config:
R1#show run
Building configuration...
Current configuration : 2768 bytes
!
! Last configuration change at 06:26:04 UTC Thu Jan 15 2015
! NVRAM config last updated at 06:13:25 UTC Thu Jan 15 2015
! NVRAM config last updated at 06:13:25 UTC Thu Jan 15 2015
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$WGaR$ENClKInCBHeG29OzoldeB1
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid nes
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 XXXXXXXXXX
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.2.1 192.168.2.100
!
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
dns-server 4.2.2.2 8.8.8.8
default-router 192.168.1.1
!
ip dhcp pool wifi
network 192.168.2.0 255.255.255.0
dns-server 4.2.2.2 8.8.8.8
default-router 192.168.2.1
!
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin secret 5 $1$H7H9$NOkVjNhVk34i.mcWLwWX01
!
!
!
!
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
speed 100
full-duplex
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid nes
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip virtual-reassembly in
bridge-group 1
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list INSIDE_NAT_ADDRESSES interface FastEthernet4 overload
!
ip access-list standard INSIDE_NAT_ADDRESSES
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
bridge 1 route ip
banner motd ^C
==================================
========= DO NOT LOG IN =========
==================================
^C
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password XXXXXXXX
login
transport input all
!
ntp server 198.27.65.66
end
Comments
-
tecnodog7 Member Posts: 129So here is just a thought right and maybe i am way off but instead of having a subnet of 255.255.255.0 wouldn't 255.255.254.0 work? Have a 192.168.10/23 instead of /24?
-
RouteMyPacket Member Posts: 1,104No problem, remove the current wireless DHCP pool and interface, bring up a L2 switch and let the router do it's job (route)
L2 Switch
int vlan 2
ip address 192.168.1.250 255.255.255.0
ip default-gateway 192.168.1.1
vlan 2
name Data
Assign vlan to switchport
int f0/1
switchport access vlan 2
spanning-tree portfast
Why do you "need" a /23? Keep it simple, /24Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Jollycork Member Posts: 149unless you don't want Wireless hosts to get access to the local LAN, use the same subnet
and assign static addressing to wireless hosts.
don't actually need a DHCP pool if your doing static addressing.
Only reason for a DHCP pool is because it's a pain to run around doing static addressing
for lots of hosts and then the subsequent documentation of who is what with which address and where they are located.
and why would you bring down your internet if FA 0/4 on the 871 is the WAN port [and always the WAN port on the 800 series routers] and that's the default gateway out. your not messing with that except for many to one NAT for all those inside hosts with private addresses. the gateway of last resort would be FA 0/4