On Tue, Jan 04, 2005 at 11:17:42AM +0200, Steph wrote: > There's a wireless access point plugging into Interface0/2 > where each user connecting to the wireless interface has its > own subnet off IP addresses. There's a vlan interface added on > the linux box which acts as a gateway for each user. You need to enable 802.1q trunking on the wireless access point. If the WAP is a Cisco Aironet, this works: http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1400br/h_ap_services_vlan.htm If the WAP is just a home product, like a Linksys or D-Link device, then this will *not* work. Some definitions for you: An access link may only carry 1 VLAN at a time. It "speaks" IEEE 802.3, or regular ol' Ethernet. A trunk link can carry more than 1 VLAN at a time. It can "speak" many different languages, including IEEE 802.1q and Cisco's proprietary ISL protocol. 802.1q expands the 802.3 header, while ISL encapsulates the 802.3 header in its own packet format. For devices to use a trunk link, both ends must speak the same language. For instance, these would be valid setups: [802.1q]--------[802.1q] [ ISL ]--------[ ISL ] But these would not be: [802.3 ]--------[802.1q] [802.3 ]--------[ ISL ] [802.1q]--------[ ISL ] Based on all this information, your WAP and your switch would need to be setup to use the respective FastEthernet ports as trunk links. If both are Cisco gear, you can have them speak in ISL. If one of them is not, then you have to use 802.1q. Linux only supports 802.1q, so your Catalyst for that port *must* use 802.1q encapsulation. (You *can* run multiple encapsulations on different ports -- Fa0/1 can be 802.1q while Fa0/2 is ISL.) Hope this helps you out some! chris -- http://headnut.org squirrel@xxxxxxxxxxx