This article will demonstrate how to configure a cisco router to allow the wireless and wired networks to communicate on the same vlan and subnet.
Router Model: Cisco 877W
Router Series: Cisco 880 Series Integrated Services Routers
- Configure DHCP Pool
- Configure the SSID
- Configure Vlan 1 Interface
- Configure Dot11Radio Interface
- Configure the Bridge Interface
1. Configure DHCP Pool
Very simple first step is to create a DHCP pool that we will use for the wireless and wired connections.
This pool wil also exclude IP addresses .1 to .49, meaning DHCP clients will start with an IP address of .50
! ip dhcp excluded-address 192.168.1.1 192.168.1.49 ! ip dhcp pool Loacl-Network network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.1 !
2. Configure the SSID
Next, we need to setup an SSID, or Wireless LAN ID for our wireless devices to connect to.
The 877W router does not let you specify WPA2 here. This is done on the Dot11Radio interface. For now, just enable WPA security on the wireless network.
For an open network, just omit the authentication key-management wpa and wpa-psk ascii 0 Password1 lines.
! dot11 ssid MyWiFi vlan 1 authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 Password1 !
3. Configure Vlan 1 Interface
Above, we have attached the SSID to Vlan 1, so now we need to configure this interface. Since we are going to have both the wireless and wired networks on the same vlan and subnet, the Vlan interface should not have any IP address attached. Instead, it just needs to be linked to a bridge-group
! interface Vlan1 no ip address ip virtual-reassembly bridge-group 1 !
4. Configure Dot11Radio Interface
After configuring the Vlan interface, we need to configure the wireless interface.
The base interface has no IP configuration, just the radio information. The example below is configured for Australian WiFi channels
The line encryption vlan 1 mode ciphers aes-ccm will set your SSID to WPA2 encryption.
interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers aes-ccm ! ssid MyWiFi ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root world-mode dot11d country AU outdoor no cdp enable !
Be sure to run no shutdown on this interface, as it is disabled by default.
A sub interface needs to be created to bridge your wireless SSID with the wired Vlan1.
We use Dot11Radio0.1 because we are using Vlan 1
interface Dot11Radio0.1 encapsulation dot1Q 1 native ip virtual-reassembly no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding !
5. Configure the Bridge Interface
Lastly, we need to bring it all together by creating the bridge interface, and assign the interface an IP address from the DHCP pool defined earlier.
! interface BVI1 ip address 192.168.54.1 255.255.255.0 ip nat inside ip virtual-reassembly !
We also need to ensure both bridging and ip routing on the bridge interface is enabled
! ip routing ! bridge irb bridge 1 protocol ieee bridge 1 route ip !
You should now have a single network that both your wired and wirelss clients can communicate on.
Next step is to setup your WAN interface. Thats up to you.
Download sample config file
this is awesome it worked thanks.
I was trying to access internet I am pinging everything but I cant browse any web page do you think my cisco 871w is bad
Brilliant – saved me SO much time – thank you.
many thanks!! one comment: “bridge irb” should be executed before step 5
and one more: typo in dhcp pool name
Hi Steve
Thank you very much for the information, I have seen many samples online, however non of them explained what was he doing.
you made life simple
again thank you !