Trying to create 2 Vlan's with a Cisco 1811 and a netgear GS758T switch for wireless access.

Here is the equipment i have.
A cisco 1811 Router (Non-Wireless version)
3 Netgear GS748T switches
3 Netgear WNDAP350 Access Points

What i am trying to do it create 2 Vlans.
1 VLAN for the internal Wifi on its own network 192.168.1.0/24
1 Vlan for guess wifi access on its own vlan 10.10.10.0/24

I have the vlans setup on the AP's and the router but the switches seem to be the issue. Router config is posted below.  It may be a router setting also.  

Thanks for any help.

Don


Router Config
CygnusRTR#sh run
Building configuration...

Current configuration : 4326 bytes
!
! Last configuration change at 11:55:16 EDT Mon Oct 18 2010 by dcoulson
!
version 15.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname CygnusRTR
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
aaa authorization network groupaithor local
!
!
!
!
!
aaa session-id common
!
clock timezone EST -5
clock summer-time EDT recurring
!
crypto pki trustpoint TP-self-signed-2874608491
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2874608491
 revocation-check none
 rsakeypair TP-self-signed-2874608491
!
!
crypto pki certificate chain TP-self-signed-2874608491
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383734 36303834 3931301E 170D3130 31303138 31343032
  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38373436
  30383439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81008A90 D918A5CE DEF63F06 E7043B99 6C845724 7A032141 920439E3 09284904
  637DD5DD CEEDB56C A0DF659C C6223591 EAE69B30 8E602166 548186BB EBED25B9
  3696F9C4 ADB44090 B25E5EF0 283F0261 CDE850E9 79057B39 D6E90345 5504EBAB
  59D027FB 55CCC9D3 AD90C3C7 2A672370 CCCE79C1 0B4A31B0 89A41B58 9603F86C
  75A90203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
  551D1104 0D300B82 09437967 6E757352 5452301F 0603551D 23041830 1680144A
  818B786B DDDFF300 D1A059DB D158553E 0BAC7A30 1D060355 1D0E0416 04144A81
  8B786BDD DFF300D1 A059DBD1 58553E0B AC7A300D 06092A86 4886F70D 01010405
  00038181 00001B8B DDAF42C3 50B73AA9 B6E281B4 EE251BC8 A71BAC23 BBFB21D1
  9E7A89AF 5713F438 7F3D8F88 4A2F56AC 7595B636 B44C7692 3E00902E 729F9997
  89B41166 6EEBED1D 2F8720B4 BA129821 98B14803 F7FAA079 688BC673 36620896
  6AA08460 AD676C82 D8D4F9E7 98058D6D 2F0714CF 1E61BCC7 95600F39 C6BF7559
  15EFB48F 06
        quit
dot11 syslog
ip source-route
!
!
!
ip dhcp pool GUEST_WIRELESS
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 8.8.8.8 4.2.2.1
   netbios-name-server 198.190.226.3
!
!
ip cef
ip name-server 198.190.226.3
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1811/K9 sn FTX1151Z0AY
username dcoulson privilege 15 password 7 12090A1906020D07
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 description WAN INTERFACE$FW_OUTSIDE$
 ip address 206.123.xxx.xxx 255.255.255.0
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 speed auto
 full-duplex
 no cdp enable
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet1.2
 encapsulation dot1Q 2 native
!
interface FastEthernet2
 description TRUNK TO CORE
 switchport mode trunk
!
interface FastEthernet3
 description CROOM-AP
 switchport mode trunk
!
interface FastEthernet4
 description TRNGROOM-AP
 switchport mode trunk
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan2
 description GUEST_WIRELESS
 ip address 10.10.10.1 255.255.255.0
 ip access-group BLOCK_GUESTS in
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source list 10 interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 206.123.254.254
!
ip access-list extended BLOCK_GUESTS
 deny   ip any 192.168.1.0 0.0.0.255
 permit ip any any
!
logging source-interface Vlan1
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 10.10.10.0 0.0.0.255
!
!
!
!
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 privilege level 15
 transport input all
!
end

CygnusRTR#

Here is the netgear Wireless ap config
 1 CMC pitmfg87 Open System 1  
 2 Guest guest Open System 2  


For the switches so far i have configured VLAN 1 and 2

Port 13 on the core switch is the uplink to the router.  For VLAN 2 i have it as untagged and for vlan 1 its tagged.  

On the wireless Ap i can connect to the VLAN 1 network just fine with a 192.168.1.0 addess but for the Guest ssid it wont pass an IP.
donnyirisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Faruk Onder YerliOwnerCommented:
You can create more than one vlans on switch module. you can create vlan on physical interface on router. Switch modules on router is not support more than one vlan. 871, 881 models are same function. Transfer Fastethernet0 confiiguration to VLan1 and switch port should be outside network. You may create fastethernet0.1/fastethernet0.2/fastethernet0.3/ etc. and connect to dot.q switch port.
donnyirisAuthor Commented:
Can you help me with the IOS commands. I am not very good with cisco.  Any help is appreciated as always.

Thanks
Don C
Faruk Onder YerliOwnerCommented:
Dear Don;

You can find configuration below. You have to use a vlan switch to connect FastEthernet0. Don't forget that you need to change cable between f0 and LAN which is connected switch module on router.
interface vlan1
 description WAN INTERFACE$FW_OUTSIDE$
 ip address 206.123.xxx.xxx 255.255.255.0
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 speed auto
 full-duplex
 no cdp enable

no int vlan 2

interface FastEthernet0
 description $FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly

interface FastEthernet0.2
 description GUEST_WIRELESS
encapsulation dot1q 2
 ip address 10.10.10.1 255.255.255.0
 ip access-group BLOCK_GUESTS in
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache

interface FastEthernet1.2
 no encapsulation dot1Q 2 native
!
interface FastEthernet2
 no description TRUNK TO CORE
 no switchport mode trunk
!
interface FastEthernet3
 no description CROOM-AP
 no switchport mode trunk
!
interface FastEthernet4
 no description TRNGROOM-AP
 no switchport mode trunk
!

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.