interfaces

asoin21sl · ‎10-18-2004

Hi. I don't know very much about configuration of Cisco routers.

I have done "show run" and I see "interface Ethernet0" where the local ip of the router is set and I see "interface FastEthernet1", "interface FastEthernet2", "interface FastEthernet3", and "interface FastEthernet4".

What is the difference between Ethernet0 and those FastEthernets? Can I put 192.168.1.1 for FastEthernet1 and 172.26.2.1 for FastEthernet2, and Ethernet0 with no address?

What I want is to have two subnets connected with this router. The router is a 800 series.

Thanks,

Bernard

scottmac · ‎10-18-2004

"Ethernet0" (or any interace labeled "Ethernet X" where "X" is some number) refers to a basic 10Meg Ethernet interface ... either a 10BASE-T or AUI (15 pin D-shaped connector).

"Fast Ethernet" (i.e., fa0/0) is usually a 10/100 connection.

Since this is a router, and you intend to use it as a router (versus setting it to bridge), then each interface, regardless of the media type, must be in a different network / sub-network. A router cannot route between two branches of the same network address block.

In this case, the 800 has one WAN port (Ethernet0) and four ports (fa0/1-4) that are acutally an integrated switch with a NAT'd interface (the 192.168.1.0 internal address).

Since fa0/1-4 are a switch, then there is only one address range for those interfaces (it is not routing between fa0/1-4, it's switching).

Long story short: You must use an address on E0. The router will perform Network Address Translation (NAT) on traffic passing through that port to the four Fast Ethernet ports (which act basically as a single four-connection router interface).

If you only want to use the 800 as a four-port switch, then you do not need to connect or configure the E0 interface.

If you want two internal subnets (but still have an external connection), then you can use the "secondary" keyword on the ip address line of the FA0/ interface ... i.e.:

Router(config)# int fa0/1

Router (config-int)# ip address 192.168.1.1 255.255.255.0

ip address 192.168.2.1 255.255.255.0 SECONDARY

^z

This setting puts two different subnets on the same physical media, but any devices set for the .1.0 will not see the traffic from the .2.0 network (and vice-versa).

Good Luck

Scott

asoin21sl · ‎10-19-2004

Thanks Scott.

But I have not understood very well. My Cisco 800 is a DSL router, and it's the gateway for the office.

So, I need to have an address for the ethernet0, don't I?

A possible configuration would be this:

interface ethernet0

ip address 192.168.1.1 255.255.255.0

ip address 192.168.2.1 255.255.255.0 SECONDARY

so, my router would have two ip addresses and I could have at my LAN a computer named A with 192.168.1.x and other computer named B with 192.168.2.x

Can A ping B? I mean, will Cisco route from one subnet to the other one?

Thanks,

Bernard

Richard Burts · ‎10-19-2004

Yes for the example you have given the computer A and computer B should be able to talk to each other. They might talk to each other through the router (the router will forward traffic from one network to the other network) but the computers may also talk to each other directly without going through the router. If computer A sends something to computer B and sends it to the router (assuming that the router is configured as the default gateway for the computer) the router will forward the packet to computer B and the router will also generate an ICMP redirect and send it to computer A which indicates that computer A can communicate with the destination without using the router. If computer A accepts and processes the redirect packet then the computer can begin to send directly to computer B without using the router.

HTH

Rick

HTH

Rick

scottmac · ‎10-19-2004

No ... the E0 interface is your "outside" (Internet facing) interface. That interface will be either DHCP (to get the address automatically from your ISP), or it should use a static address assigned by your ISP,

The multiple network address assignments should happen on the Fast Ethernet side of the 800.

Configured so, a computer or device assigned to 192.168.1.0 network will not see computers or devices assigned to the 192.168.2.0 network.

If the computers also happen to be running Netbeui, then they will communicate directly using that protocol, since they are connecteed to the same physical segment / broadcast domain.

There are a number of reasons, mostly related to security, why SECONDARY addressing / multinetting is not a good idea. It is frequently used to ease the pain of changing IP address schemes on a live network (temporary use only).

On a separate note, I disagree that an ICMP redirect would occur. ICMP redirect would only happen if a better path through another router existed (and redirect was enabled). The router would not redirect to another IP address that it considers non-local (on an address block other than the originating system).

A could ping B because the router would accept the packet from A's network address, then re-send it to B using the B's IP address ... as if they were two physically separate interfaces.

You would also need to properly set up the "Default Gateway" on each of the hosts. Per your example above, hosts on the 192.168.1.0 netowrk would have a DG address of 192.168.1.1 and the hosts on the 192.168.2.0 netowrk would use 192.168.2.1 as their DG (assuming those addresses are assigned to the Fast Ethernet interface, not the E0 ... which is your WAN interface).

Good Luck

Scott

asoin21sl · ‎10-19-2004

Thank you very much.

Well, the interface ethernet0 is not the wan interface. My configuration is this:

interface ethernet0

ip address 192.168.1.1 255.255.255.0

interface ATM0.1 point-to-point

ip address MYPUBLIC_IP_ADDRESS

So, the wan interface isn't the ethernet0. But you recommend me not to set a SECONDARY address:

interface ethernet0

ip address 192.168.1.1 255.255.255.0

ip address 192.168.2.1 255.255.255.0 SECONDARY

So, what would be the solution? Is this right?:

interface ethernet0

no ip address

interface FastEthernet1

ip address 192.168.1.1 ...

interface FastEthernet2

ip address 192.168.2.1 ...

interface ATM0.1 point-to-point

ip address MY_PUBLIC_IP_ADDRESS

...

Thanks,

Richard Burts · ‎10-20-2004

It is my understanding that if a Cisco router forwards a packet back out the same interface on which it received it, it will generate a redirect (assuming that redirects have not been disabled). I do not believe there is any requirement that there must be another router with a better path.

Also in the example that was posed the router would consider both networks (192.168.1.0 and 192.168.2.0) as local. It would not see either of them as remote.

HTH

Rick

HTH

Rick

asoin21sl · ‎10-21-2004

Hi, thanks for the answers.

Well, I have this configuration:

interface Ethernet0

ip address 199.168.1.1 255.255.255.0 secondary

ip address 192.168.2.1 255.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip mroute-cache

!

So, I can ping my router using 192.168.1.1, 192.168.2.1 or 10.10.10.1

I have these access-lists:

access-list 101 permit ip 10.10.10.0 0.0.0.255 14.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 14.1.1.0 0.0.0.255

access-list 101 permit ip 14.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.11.0 0.0.0.255

***QUESTION 1:

There will be a IPSec tunnel with the lan 192.168.11.0. I just want they can only access to 192.168.2.0. Which access-lists do I need? It would be right this?:

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 102 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255

*** QUESTION 2:

I can't assign an ip address for the fast ethernet interfaces. it says:

"%IP addresses may not be configured on L2 links"

and in fact, it doesn't put the ip address for any fast ethernet.

So, What are the interface fastethernetX for? If I want to add more lans for the router, the only way is putting the ip address for the router in the interface ethernet0 and adding the word "secondary"?

Thanks,

B.T.