If his ehternet port is on the same subnet as my router ethernet interface,

couldn't he just plug his router into one of the switchports and connect his to mine?

My router ethernet interface is:

10.10.10.1

His NATed ip addresses are:

10.10.10.221-226,

his router interface is 10.10.10.221

Yes, if you're ethernet interface is the on-board interface. You mention a 4-port etherswitch, 4-port etherswitch is HWIC-4ESW and this is what I was referring to that you cannot configure an ip address on any of those ports as they are strictly layer 2 ports.

Please rate helpful posts.

Thankds for the reply,

So just so I am sure about this:

He can plug his router's ethernet port (10.10.10.221/24) into one of the 4 switchports (HWIC-4ESW)on my router.

My router's onboard etherent port is 10.10.10.124, same subnet).

And, I do not have to do any extra configuration to the switchports, and I can add an access-list to the router to isolate his traffic?

All this is correct?

NO, you cannot do this. If I understand you correclty, he is connecting his router to one of the ports on HWIC-4ESW, that would be fastethernet x/y, and you have 10.10.10.124/24 on your on-board ethernet interface. let's say interface ethernet 0 (just an example, I am not saying that's the interface), that will not work becuase the HWIC-4ESW does not automatically talk to on-board interface. For this you need to create an SVI. Please refer to that link I included in the original post.

I think what I said was he can connect the router to the on-board ehternet interface of your 18xx router. I said that the ports on HWIC-4ESW are not capable fo being layer 3 interface. Layer 3 interface is when you can configure an ip address on the port, are you able to do that? Can you send me the following just so I am sure that you really have a HWIC-4ESW.

show diag

show run

I believe that Roberto is correct that if you have 10.10.10.0/24 on your physical Ethernet/FastEthernet interface that you can not also assign that same subnet to a VLAN interface (SVI interface) on the 4 port switch. And for him to connect to the switch I believe that you would have to configure a VLAN/SVI interface.

And I would go a step further and ask WHY would you want to connect some external entity into your network using the same IP addressing that you are using. There is something in Richard's question about using access lists to separate the traffic. I think that would not work. If Richard wants them to be separate the best starting place is to have separate addressing.

Perhaps another way to look at this is that if devices are in the same logical subnet then they should be in the same broadcast domain. And if they are in the same broadcast domain then there is not an effective way to separate them.

[edit] thinking about my response that you could not have the same subnet on both the physical FastEthernet and the VLAN, perhaps there is a way to do it. If you configure Integrated Routing and Bridging (IRB) and configure interface BVI, assign the IP address to the BVI, and do bridging on both the physical interface and the VLAN interface, then perhaps you could do it. But I still think that even if you "COULD" do it does not mean that you "SHOULD" do it.

HTH

Rick

Ok,

Thanks for the replys,

I guess where I was getting stuck was thinking that the switport interfaces would automatically talk to the ethernet interfaces.

The reason for doing it this way, was they have another site already set up with the NAT scenario. They have their subnet NATed to my compnay's subnet and just plugged into a switch at that site. I have no control over that part of it.

The other company was going to put in another site the same way and I was thinking they should be controlled from accessing only what they need to access and not left open.

I was thinking that the switch ports would work as just access ports and the router would be like a layer three switch at that point.

I can;t open that visio diagram but I will give you a simple example.

1841 fa0/1----vlan 2---fa0/0 Customer router

The diagram above shows a simple connection of customer router's fa 0/0 connecting to etherswitch port fa 0/1 of your 1841 router:

1841 router

interface fa 0/1

switchport

switchport access vlan 2

inteface vlan 2

ip address 10.1.1.1 255.255.255.0

Customer router:

interface fa 0/0

ip address 10.1.1.2 255.255.255.0

or

you can just connect the customer router to current on-board ethernet interface with a cross-over.

Then apply the NAT and access to your router on either interface vlan or the ethernet interface.

Please rate helpful posts.

Thank you so much for the help. I think this is the best solution.

It is a HWIC-4ESW for sure,

Here is a drawing of the scenario