[c-nsp] Cisco 1812W & IOS 12.4(2)T1 & CBAC/Firewall

Lawrence Wong lawrencewong72 at yahoo.com
Wed Nov 2 03:28:55 EST 2005 

Hi all,

While on the same topic, I was checking up Cisco
website and came across this "sample" config which
supposedly had both wired and wireless working
together.

http://www.cisco.com/en/US/products/ps5853/products_configuration_guide_chapter09186a008045831d.html

The sample made use of both the BVI as well as VLAN
configuration.

Does anyone have any idea why does the Vlan1 interface
have an ip address of 192.168.1.1 which is different
from that of BVI1 (10.0.1.1) when Vlan1/BVI1 are
supposedly bridged together?

In the whole config, there was no mention of the
192.168.1.1/24 subnet except under the VLAN1
configuration. The rest of the VLANs/BVI were on
10.0.*.1 .

TIA!

--- Lawrence Wong <lawrencewong72 at yahoo.com> wrote:

> Hi Brett,
> 
> --- Brett Looney <brett at looney.id.au> wrote:
> 
> > At 11:46 2/11/2005, you wrote:
> > >I have just gotten a Cisco 1812W (the 1800 series
> > with
> > >built in wireless). It is generally working fine
> > >(wireless, routing, etc) except that I couldn't
> get
> > >the built in firewall & IDS to work.
> > >
> > >In a nutshell, whenever I tried to enable "ip
> > inspect"
> > >or "ip ips" on the internal BVI1 interface, all
> > >UDP/TCP traffic stops. ICMP traffic works fine
> > though.
> > >No NAT is involved.
> > 
> > Why are you using a BVI interface? I recently did
> an
> > 1801W and I just 
> > put an IP address directly on the Dot11Radio0
> > interface and did the 
> > filtering there...
> 
> Both the wireless and the built-in switch ports are
> in
> the same subnet and when I tried the web
> configuration, the BVI interface was created and
> used.
> 
> Is there anyway to achieve the same without using
> BVI?
> 
> On a side note, I noticed that "ip inspect" and "ip
> ips" fails to work when I try to ask it to process
> any
> traffic from internal->internet .
> 
> i.e. if I put "ip inspect out" and/or "ip ips out"
> on
> fa0 (connected to the internet), TCP/UDP traffic
> stops
> as well. The same happens when I do an "ip inspect
> in"
> and/or "ip ips in" on the BVI1 interface.
> 
> Thanks,
> 
> 
> 	
> 		
> __________________________________ 
> Yahoo! Mail - PC Magazine Editors' Choice 2005 
> http://mail.yahoo.com
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> 



		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

More information about the cisco-nsp mailing list