Solved: C898EA-K9 routing from L3 port to L2

fenoyr · ‎02-13-2025

Hello Community !

I recently acquiered a cisco 898EA router and i have been struggling to configure it properly.

My first goal is to connect the WAN port (Gi8) to a 192.168.3.0 network with the gateway at 192.168.3.254 and to connect a LAN port (Gi0 for example) to a switch with multiple vlans for different services (10.70.0.0/16 for vlan 70, 10.71.0.0/16 for vlan 71 etc...). I configured my routing, my vlan interfaces and my G8 interface but i cant seem to get from one network to an other.

here is my current configuration :

Current configuration : 2567 bytes
!
! Last configuration change at 10:53:10 UTC Thu Feb 13 2025
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid C898EA-K9 sn FCZ2110E21G
!
vtp mode transparent
!
controller SHDSL 0
!
vlan 70
name Serveurs
!
vlan 71
name Bureautique
!
vlan 72
name Impression
!
vlan 73
name Telephonie
!
vlan 74
name Wifi
!
vlan 77
name Admin
!
interface GigabitEthernet0
switchport mode trunk
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address 192.168.3.15 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface Vlan1
no ip address
!
interface Vlan70
description Serveurs
ip address 10.70.255.254 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan71
description Bureautique
ip address 10.71.255.254 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan72
description Impression
ip address 10.72.255.254 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan73
description Telephonie
ip address 10.73.255.254 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan74
description Wifi
ip address 10.74.255.254 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan77
description Admin
ip address 10.77.255.254 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 192.168.3.254
ip route 10.70.0.0 255.255.0.0 Vlan70
ip route 10.71.0.0 255.255.0.0 Vlan71
ip route 10.72.0.0 255.255.0.0 Vlan72
ip route 10.73.0.0 255.255.0.0 Vlan73
ip route 10.74.0.0 255.255.0.0 Vlan74
ip route 10.77.0.0 255.255.0.0 Vlan77
ip route 192.168.3.0 255.255.255.0 GigabitEthernet8
!
control-plane
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
speed 115200
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

Could you help me know what I am missing ? It feels like it is not much but I can't seem to find it

Thanks in advance

Richard Burts · ‎02-13-2025

I do not have experience with this model (and if anyone in the community who does have experience will join the discussion that would be great) but I have these observations:

- you have these static routes

ip route 10.70.0.0 255.255.0.0 Vlan70
ip route 10.71.0.0 255.255.0.0 Vlan71
ip route 10.72.0.0 255.255.0.0 Vlan72
ip route 10.73.0.0 255.255.0.0 Vlan73
ip route 10.74.0.0 255.255.0.0 Vlan74
ip route 10.77.0.0 255.255.0.0 Vlan77
ip route 192.168.3.0 255.255.255.0 GigabitEthernet8

Any locally connected subnet will automatically be in the routing table, so you do not need these static routes.

- you have configured ip nat outside and ip nat inside on interfaces, but there is no configuration for the nat operation.

- can you tell us what is connected to Gig0? Is it a switch, and if so does it have these vlans configured, and is its connection upstream configured as a trunk?

HTH

Rick

View solution in original post

fenoyr · ‎02-14-2025

Okay so I only need my ip route to my Gi8 interface ?

for the ip nat outside and inside I configured it, i just forgot on this test to put it back, this is the section for the nat :

ip nat inside source list 1 interface GigabitEthernet8 overload
!
access-list 1 permit 10.70.0.0 0.0.255.255
access-list 1 permit 10.71.0.0 0.0.255.255
access-list 1 permit 10.72.0.0 0.0.255.255
access-list 1 permit 10.73.0.0 0.0.255.255
access-list 1 permit 10.74.0.0 0.0.255.255
access-list 1 permit 10.77.0.0 0.0.255.255

And connected to Gi0 is a switch in trunk with the same vlans declared and allowed in this trunk.

The switch (SW1) connected to Gi0 can ping itself and the Gi0 interface, but not further. I cannot ping my Gi8 interface from it either
there is another switch (SW2) on Gi8 Which is in access mode and it can also ping the Gi8 and itself

View solution in original post

Richard Burts · ‎02-13-2025

I do not have experience with this model (and if anyone in the community who does have experience will join the discussion that would be great) but I have these observations:

- you have these static routes

ip route 10.70.0.0 255.255.0.0 Vlan70
ip route 10.71.0.0 255.255.0.0 Vlan71
ip route 10.72.0.0 255.255.0.0 Vlan72
ip route 10.73.0.0 255.255.0.0 Vlan73
ip route 10.74.0.0 255.255.0.0 Vlan74
ip route 10.77.0.0 255.255.0.0 Vlan77
ip route 192.168.3.0 255.255.255.0 GigabitEthernet8

Any locally connected subnet will automatically be in the routing table, so you do not need these static routes.

- you have configured ip nat outside and ip nat inside on interfaces, but there is no configuration for the nat operation.

- can you tell us what is connected to Gig0? Is it a switch, and if so does it have these vlans configured, and is its connection upstream configured as a trunk?

HTH

Rick

fenoyr · ‎02-14-2025

Okay so I only need my ip route to my Gi8 interface ?

for the ip nat outside and inside I configured it, i just forgot on this test to put it back, this is the section for the nat :

ip nat inside source list 1 interface GigabitEthernet8 overload
!
access-list 1 permit 10.70.0.0 0.0.255.255
access-list 1 permit 10.71.0.0 0.0.255.255
access-list 1 permit 10.72.0.0 0.0.255.255
access-list 1 permit 10.73.0.0 0.0.255.255
access-list 1 permit 10.74.0.0 0.0.255.255
access-list 1 permit 10.77.0.0 0.0.255.255

And connected to Gi0 is a switch in trunk with the same vlans declared and allowed in this trunk.

The switch (SW1) connected to Gi0 can ping itself and the Gi0 interface, but not further. I cannot ping my Gi8 interface from it either
there is another switch (SW2) on Gi8 Which is in access mode and it can also ping the Gi8 and itself

fenoyr · ‎02-14-2025

Oh it happened that my SW1 was boken, it wouldn't take into account any gateway, i changed it and now everything works fine

thank you for your time !

Richard Burts · ‎02-14-2025

Thanks for the update. Glad to know that everything works fine now. Glad that you were able to find the solution to your problem.

Thank you for marking the discussion as solved. This will help other members of the community to identify discussions that are helpful. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick