Buy or Renew
Buy or Renew
Looking for the Routing and SD-WAN board? Find it HERE.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
15
Helpful
5
Replies

cisco 1800 and fiber Box

Go to solution
domoticity
Level 3
Level 3

‎12-01-2017 02:59 PM - edited ‎03-05-2019 09:34 AM

 hy,

I have a Cisco 1800 with two wan :

wan1, powered by my fiber Box in FE0

and wan 2 powered by 4g Box in FE1.

 

In the LAN of my Fiber Box,

i have a Set top box and some computers.

In my Cisco,

have 8 VLANS which communicate between them.

I would like that my set top box and one computeur plugged in my fiber box

can communicate with the cisco's VLANS.

 

Network of fiber Box : 192.168.1.0

@ip set top box : 192.168.1.11

@ip computeur : 192.168.1.100

@ ip wan1 : 192.168.1.254

 

@ip vlan1,2,3,4,5,6,7,8 : 192.168.2.254, 192.168.3.254 etc..... except vlan 6 : 10.1.1.254

 

Here my Cisco configuration 

 

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname routeur-cisco1811
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret XXXXXXX/
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.3.2 192.168.3.99
ip dhcp excluded-address 192.168.3.200 192.168.3.252
ip dhcp excluded-address 192.168.3.254
ip dhcp excluded-address 192.168.3.253
!
ip dhcp pool CASA_LAN
   network 192.168.3.0 255.255.255.0
   dns-server 8.8.8.8
   default-router 192.168.3.254
!
!
ip cef
no ip domain lookup
ip domain name domoticity.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username domoticity privilege 15 secret 5 XXXXXXXXX
!
!
!
archive
 log config
  hidekeys
!
!
crypto key generate rsa modulus 1024
!
ip ssh time-out 60
ip ssh logging events
ip ssh version 2
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
track 3 list boolean and
 object 1
 object 2
!
!
!

interface FastEthernet0
 description Acces principal FTTH
 ip address 192.168.1.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
no shutdown
!
interface FastEthernet1
 description Acces secour 3/4G
 ip address 10.0.0.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
no shutdown
!
interface FastEthernet2
 switchport access vlan 2
no shutdown
!



interface FastEthernet3
 switchport access vlan 3
no shutdown
!
interface FastEthernet4
 switchport access vlan 4
no shutdown
!
interface FastEthernet5
 switchport access vlan 5
no shutdown
!
interface FastEthernet6
 switchport access vlan 6
no shutdown
!
interface FastEthernet7
 switchport access vlan 7
no shutdown
!
interface FastEthernet8
 switchport access vlan 8
no shutdown
!

interface Vlan1
 no ip address
!
interface Vlan2
 description domoticity
 ip address 192.168.2.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown
!
interface Vlan3
 description casa and multimedia
 ip address 192.168.3.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown
!
interface Vlan4
 description stock and print
 ip address 192.168.4.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown
!
interface Vlan5
 description domotique and camera
 ip address 192.168.5.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown
!
interface Vlan6
 description tower control
 ip address 10.1.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown
!
interface Vlan7
 description Orange travail
 ip address 192.168.7.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown
!
interface Vlan8
 description Phone
 ip address 192.168.8.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
no shutdown

!
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3
ip route 0.0.0.0 0.0.0.0 10.0.0.1 10
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map BACKUP_ISP interface FastEthernet1 overload
ip nat inside source route-map MAIN_ISP interface FastEthernet0 overload
!
ip sla 1
 icmp-echo 192.168.1.1 source-ip 192.168.1.254
ip sla schedule 1 life forever start-time now
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 100 permit ip 192.168.8.0 0.0.0.255 any
access-list 100 permit ip 192.168.7.0 0.0.0.255 any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any!
!
!
!
route-map BACKUP_ISP permit 10
 match ip address 100
 match interface FastEthernet1
!
route-map MAIN_ISP permit 10
 match ip address 100
 match interface FastEthernet0
!
!
!
control-plane
!
banner login ^C Acces restreint, avec identification !!!!^C
banner motd ^C
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@                              @@
@@                              @@
@@      ROUTEUR CISCO           @@
@@                              @@
@@                              @@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@                              @@
@@                              @@
@@           Casa               @@
@@                              @@
@@             &                @@
@@                              @@
@@         Domoticity           @@
@@                              @@
@@                              @@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      @: domoticity@gmail.com
^C
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
event manager applet CLEAR_NAT_DOWN
 event track 3 state down
 action 1.0 cli command "enable"
 action 2.0 cli command "clear ip nat translations forced"
event manager applet CLEAR_NAT_UP
 event track 3 state up
 action 1.0 cli command "enable"
 action 2.0 cli command "clear ip nat translations forced"
!
!
!
!
event manager applet get-my-ip
event track 2 state down
 action 1.0 cli command "enable"
 action 2.0 cli command "ping ip domoticity.ddns.net repeat 1"
 action 3.0 regexp "Echoes to ([0-9.]+)" $_cli_result match ip
 action 4.0 puts "My IP is $ip"
action 5.0 cli command "config t"
action 6.0 cli command "ip route $ip 255.255.255.255 192.168.1.1"
action 6.1 cli command "no ip sla 2"
action 7.0 cli command "ip sla 2"
action 8.0 cli command "icmp-echo $ip source-ip 192.168.1.254"
action 9.0 cli command "ip sla schedule 2 life forever start-time now"
!
!
!
end

I have tried to put :

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

but i can't ping my vlans. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎12-02-2017 12:14 PM

Hello

Your trying to add a nat outside subnet to be NATted, It wont work.

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

5 Replies 5

Go to solution
Georg Pauwen
VIP Alumni
VIP Alumni

‎12-02-2017 11:16 AM

Hello,

 

do the devices with IP addresses 192.168.1.11 and 192.168.1.100 have 192.168.1.254 configured as their default gateway ? Can they ping that address ?

Go to solution
paul driver
VIP
VIP

‎12-02-2017 12:14 PM

Hello

Your trying to add a nat outside subnet to be NATted, It wont work.

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Georg Pauwen
VIP Alumni
VIP Alumni

‎12-03-2017 01:20 AM

Hello,

 

I have (sort of, since I don't know what exactly the Fiber Box does), but it seems to me that basically the 192.168.1.0/24 network is simply a connected network ?

 

Try and change your access list to the one below. This basically excludes all traffic to the Fiber Box network to be NATted:

 

access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 100 permit ip 192.168.8.0 0.0.0.255 any
access-list 100 permit ip 192.168.7.0 0.0.0.255 any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any

Go to solution
domoticity
Level 3
Level 3
In response to Georg Pauwen

‎12-04-2017 01:14 PM

Hy thanks for your help. But it doesn't work.
Paul driver says it's impossible. "Your trying to add a nat outside subnet to be NATted, It wont work."
0 Helpful

Go to solution
Georg Pauwen
VIP Alumni
VIP Alumni
In response to domoticity

‎12-04-2017 02:19 PM

Hello,

 

the idea was actually to exclude the network from being NATted at all. What exactly does this fiber box do ? What type/brand is it ? Is the IP address of the router the default gateway for the clients connected to the fiber box ?

0 Helpful
Customers Also Viewed These Support Documents