The Cisco 871W router is a relatively low cost device ($500 to $700, depending on licensing options) that can perform the wide range of duties described in this earlier blog. We selected the Cisco 871W for this series of tutorials because it has massive utility in an affordable router and can offer many lessons that apply to a wide range of Cisco equipment. Just about anyone can purchase one or two of these routers to practice with in their IT department lab, and the device can be given to employees to separate their corporate extension in their home from their personal home network.
Advanced SOHO dual network architecture
In this tutorial, I will show you how to configure a Cisco 871W router in an advanced SOHO configuration that offers:
- Stateful packet inspection firewall
- Two virtual Wireless LANs (max 10)
- Two virtual LANs bridged to the two wireless LANs
- Both Wireless LANs configured for WPA security
- One virtual LAN serving as a guest network with restricted access
- DSL PPPoE client
- DHCP server
- Four-port VLAN-capable switch configured to support 2 separate networks
Figure A shows a logical diagram of the configuration. The orange represents the guest network and the green represents the internal network. The two wireless LANs are bridged to their respective VLANs using BVI (Bridge Virtual Interface) 10 and 20. The router will have port F0 configured for wired guest access and F1 through F3 configured for internal network access. Port F4 is the WAN interface configured to dial PPPoE to an ADSL modem. The orange guest wired or wireless networks will have full access to the Internet but no access to the green internal network. The internal network will have full access to the orange guest network and the Internet. The guest wireless LAN will have an SSID of GuestWLAN, and the internal wireless LAN will have an SSID of InternalWLAN. For now, the Cisco 871W is capable of broadcasting only one SSID, so GuestWLAN will be the only one broadcasting. Future firmware will fix this shortcoming. For anyone wondering, SSID hiding is a worthless security feature.
Figure A |
 |
No comments:
Post a Comment