Re: 891f route to management ip

anotherloony55005 · ‎01-07-2020

Got an 891F to use at home.

I have very basic networking knowledge. Never had advanced network products in my hand.

Desired setup at this moment should be:

pppoe connection from internet provider (on GI8)

vlan 2 for main clients wired and wifi: computers, phones, laptops... (3interfaces) 192.168.2.0 (internet access and vlan 4 access). Until I get an proper wifi ap, I will use an old linksys wifi router as wifi access point

vlan3 for smart home clients via wifi 192.168.3.0 (internet acces only, no acces to/from other vlans). Until I will get a proper wifi ap, I will use an old dlink wifi router as ap)

vlan4 for ip cameras (4poe interfaces) 192.168.4.0 (no internet, access from vlan2)

What I have done.

Via serial console initial basic setup completed

Set management interface on fast ethernet 0 192.168.1.2 (I need gigabit interfaces for wired clients and cameras)

set vlans on interfaces

Got dhcp working.

I need to get management working from vlan2 interfaces. (route?)

Secondary ip for interface fast ethernet 0 didnt work because overlap over vlan2 is not permitted.

After that I would like to set pppoe and internet access over gi8 interface.

A basic firewall setup is needed ? Or this is working by default, like on my tplink router?

Any guideline will be appreciated.

Thank you

Router#sh run
Building configuration...

Current configuration : 2767 bytes
!
! Last configuration change at 20:15:40 UTC Tue Jan 7 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$9EqU$azp8q1xXw3NIN9Ft3Kp0h1
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool main-pool
 import all
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 8.8.8.8
!
ip dhcp pool iot-pool
 import all
 network 192.168.3.0 255.255.255.0
 dns-server 8.8.8.8
!
ip dhcp pool cameras-pool
 import all
 network 192.168.4.0 255.255.255.0
 dns-server 8.8.8.8
!
!
!
no ip domain lookup
ip domain name local
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FDZ20359149
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface FastEthernet0
 ip address 192.168.1.2 255.255.255.0
 duplex full
 speed auto
!
interface GigabitEthernet0
 switchport access vlan 4
 no ip address
!
interface GigabitEthernet1
 switchport access vlan 4
 no ip address
!
interface GigabitEthernet2
 switchport access vlan 4
 no ip address
!
interface GigabitEthernet3
 switchport access vlan 3
 no ip address
!
interface GigabitEthernet4
 switchport access vlan 2
 no ip address
!
interface GigabitEthernet5
 switchport access vlan 2
 no ip address
!
interface GigabitEthernet6
 switchport access vlan 2
 no ip address
!
interface GigabitEthernet7
 switchport access vlan 2
 no ip address
!
interface GigabitEthernet8
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description main
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan3
 description IOT
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan4
 description cameras
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Async3
 no ip address
 encapsulation slip
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line 3
 modem InOut
 speed 115200
 flowcontrol hardware
line vty 0 4
 password Cisco
 login
 transport input none
!
scheduler allocate 20000 1000
!
end

Georg Pauwen · ‎01-07-2020

Hello,

I have made some additions (marked in bold) to your configuration. You also might need to create Vlan 2, 3, and 4 manually:'

Router#conf t

Router(config)#vlan 2

Router(config)#vlan 3

Router(config)#vlan 4

Router#sh run
Building configuration...

Current configuration : 2767 bytes
!
! Last configuration change at 20:15:40 UTC Tue Jan 7 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9EqU$azp8q1xXw3NIN9Ft3Kp0h1
!
no aaa new-model
ethernet lmi ce
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool main-pool
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8
!
ip dhcp pool iot-pool
import all
network 192.168.3.0 255.255.255.0
dns-server 8.8.8.8
!
ip dhcp pool cameras-pool
import all
network 192.168.4.0 255.255.255.0
dns-server 8.8.8.8
!
no ip domain lookup
ip domain name local
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891F-K9 sn FDZ20359149
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
ip address 192.168.1.2 255.255.255.0

ip nat inside
duplex full
speed auto
!
interface GigabitEthernet0
switchport access vlan 4
no ip address
!
interface GigabitEthernet1
switchport access vlan 4
no ip address
!
interface GigabitEthernet2
switchport access vlan 4
no ip address
!
interface GigabitEthernet3
switchport access vlan 3
no ip address
!
interface GigabitEthernet4
switchport access vlan 2
no ip address
!
interface GigabitEthernet5
switchport access vlan 2
no ip address
!
interface GigabitEthernet6
switchport access vlan 2
no ip address
!
interface GigabitEthernet7
switchport access vlan 2
no ip address
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description main
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan3
description IOT
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan4
description cameras
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet8 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
password Cisco
login
transport input none
!
scheduler allocate 20000 1000
!
end

anotherloony55005 · ‎01-08-2020

Thank you for your answer,

I put your lines in config.

Everywhere I put "ip nat inside" , "ip virtual-reassembly in" appeared. I suppose this is normal.

However, I don t have ping nor telnet to 192.168.1.2 which was supposed to be management ip.

It not a must to be bound to fe0 interface. All I need is to be able to manage the router from network without "wasting" a gigabit interface.

Yet, i did not connect GE8 to internet provider.

I will do that after I will have inside intervlan working.

Thank You

anotherloony55005 · ‎01-09-2020

LOL
Found I had to enable telnet to work.
No need to configure FE0, it works on any interface is up ?(eg vlan 2)