Solved: How does PT's 819HGW router work and how to integrate it to wired LAN?

fullaccess · ‎10-29-2023

This is my current setup (see attachment):

There are 3 VLANs:

```
VLAN 1 (management) 192.168.0.0/24
```
where all network devices live (router, AD server, switches)
```
VLAN 10 192.168.1.0/24
```
: where PC1 and PC2 live
```
VLAN 20 192.168.2.0/24
```
: where PC3 and PC4 live

The router (

ip 192.168.0.1

) performs PAT and acts as the gateway to the internet, whereas the L3 switch handles all LAN traffic and inter-vlan routing. In the "AD" server there are a plethora of services (DNS, DHCP, AAA), most important of them is a RADIUS AAA server which the L2 switches refer to when enforcing NAC. The general idea behind this topology was to have all LAN traffic be managed exclusively by the L3 switch, and all outbound traffic managed by the router.

Now I want to implement a WLAN with a single ssid, NAC and dynamic vlan assignment by the radius server. I believe that last part isnt possible on PT, but enforcing NAC will suffice. In order to keep all LAN-bound traffic exclusive to the L3 switch, I considered the following topology:

In this case, the AP would simple be the WLAN equivalent of a switch. However I have to use the 819HGW router for the WLAN and also have it perform the functions of the router in my current setup. I dont know how to approach the problem. My questions are:

1. How does the embedded AP work?

I dont quite understand how the router itself works, I dont understand what each interface does and how does it connect to the embedded AP. The router has the following interfaces:

Router#show ip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0 unassigned YES NVRAM administratively down down

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up down

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

Serial0 unassigned YES NVRAM administratively down down

Wlan-GigabitEthernet0 unassigned YES unset up up

wlan-ap0

10.10.10.1

YES TFTP up up

Cellular0 unassigned YES IPCP administratively down down

Vlan1

10.10.10.1

YES NVRAM up up

ap#show ip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0 unassigned YES NVRAM up up

Dot11Radio0 unassigned YES NVRAM administratively down down

Dot11Radio1 unassigned YES NVRAM administratively down down

BVI1 unassigned YES DHCP up up

What is wlan-ap0 and Wlan-GigabitEthernet0? How do they relate to the embedded AP's interfaces? I googled what is BVI1 and I believe it just forwards all frames through interfaces of a given bridge-group (is it like a switch?). But if thats the case, how come I cant

ping

the AP from the router?

2. How do I integrate the 819HGW router to wired network?

I believe the 819HGW router is akin to the following topology:

If this is indeed how the 819HGW works, does this mean that the L3 switch would have to send all LAN traffic to the router in the case a host on the WLAN is on the same VLAN as a host on one of the L2 switches? Basically treating it as another switch? If so, how would I have to configure both the L3 switch and the router?

Torbjørn · ‎10-29-2023

1. The 819 is a router with an embedded switch and AP. You configure the GigabitEthernet0 interface as a regular router interface, the FastEtherent interfaces as switchports and the Wlan-GigabitEthernet0 is the logical switchport facing your embedded AP. The wlan-ap0 interface is the routers console/management interface to the embedded AP. You must configure this before being able to configure the AP functionality.

You should consult the 800 Series ISR router configuration guide for configuration specifics: https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide.html

2. I am not sure that I have Interpreted your task correctly, let me know if I have misunderstood.

Since the 819 provides routing, switching and AP functionality it can replace your router, the L3 switch and the AP. The GigabitEthernet0 interface is a regular router interface and should be connected to the link towards the modem. Since the FastEthernet interfaces are regular switchports you can replace Switch1 by connecting Switch2 and Switch3 to these ports and applying the appropriate configuration(VLANS, SVIs etc.). If you don't wish to replace Switch 1 you can configure your VLANs on the 819 and configure one of the Fastethernet interfaces as a trunk towards Switch1.

The wlan-Gi0 is a logical switchport that connects your router towards your embedded AP, you configure this like any other switchport connected to an AP. For AP configuration you should consult the wireless devices part of the configuration guide. To achieve dynamic VLAN assignement you can use the RADIUS attributes: Tunnel Type, Tunnel Medium Type and Tunnel Private Group ID - you will need to look up how you can set these for your NAC service.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

View solution in original post

Torbjørn · ‎10-29-2023

1. The 819 is a router with an embedded switch and AP. You configure the GigabitEthernet0 interface as a regular router interface, the FastEtherent interfaces as switchports and the Wlan-GigabitEthernet0 is the logical switchport facing your embedded AP. The wlan-ap0 interface is the routers console/management interface to the embedded AP. You must configure this before being able to configure the AP functionality.

You should consult the 800 Series ISR router configuration guide for configuration specifics: https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide.html

2. I am not sure that I have Interpreted your task correctly, let me know if I have misunderstood.

Since the 819 provides routing, switching and AP functionality it can replace your router, the L3 switch and the AP. The GigabitEthernet0 interface is a regular router interface and should be connected to the link towards the modem. Since the FastEthernet interfaces are regular switchports you can replace Switch1 by connecting Switch2 and Switch3 to these ports and applying the appropriate configuration(VLANS, SVIs etc.). If you don't wish to replace Switch 1 you can configure your VLANs on the 819 and configure one of the Fastethernet interfaces as a trunk towards Switch1.

The wlan-Gi0 is a logical switchport that connects your router towards your embedded AP, you configure this like any other switchport connected to an AP. For AP configuration you should consult the wireless devices part of the configuration guide. To achieve dynamic VLAN assignement you can use the RADIUS attributes: Tunnel Type, Tunnel Medium Type and Tunnel Private Group ID - you will need to look up how you can set these for your NAC service.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Martin L · ‎10-30-2023

This depends on size of the company/office in terms of number employees; If it is small, one router with L2 switches should be enough to handle traffic to the Internet and main office/HQ. Design may call this collapsed-core design. 819HGW is like jack-of-all-trades; just does everything for you. No need for L3 switch,

Your 819HGW can do all routing between and among your L3 subnets; L2 switches are just extension of your network in terms of number ports.

In case of Medium and larger office; 1 router may not be "strong" enough to handle its duties (assuming all employees working hard). This is where u could delegate routing duties to L3 switch and have Core router 819HGW be gateway router, DHCP, PAT to the Internet. L2 access switches connect directly to L3 distribution switch who then connects to router. This would be 3-layer hierarchical design with Access, Distribution, Core layers.

Regards, ML
**Please Rate All Helpful Responses **