Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1621
Views
10
Helpful
4
Replies

Cisco 1801 WAN DSL basic setup with FTTP (Aus)

Go to solution
magginoodles
Level 1
Level 1

‎10-13-2018 08:35 PM - edited ‎03-05-2019 10:59 AM

Hi Everyone, I'm a complete noob who wants to use my Cisco 1801 to connect my WAN interface to the NBN NTD (using dynamic IP) to handle my home network.

 

A network engineer in my last company helped me and it worked perfectly for DSL. Now I have FTTP and I'm stuck :(  Any help would be appreciated.

 

This is what I"m trying to do

 

fe 0 - WAN (DHCP by ISP) vlan ?? does this need its own vlan, I'm reading up on ipnat inside/outside

fe 1 - LAN (static IP) 10.0.0.1 vlan 99 now

fe 2 - LAN (connected to TPLINK gigabit switch with 16 ports) can this be DHCP from the router?

 

Yes I could use a cheap router but my Cisco has been so reliable I don't want to throw it away... if its not going to work I guess I could buy some simple router

 

I have set up a basic interface, and fiddled with it a bit.  The 1801 only has 1 WAN interface, I've made the assumption this the right interface as with it locally through serial I can ping web sites etc using it locally on the CLI

 

If I can provide any more info, outputs happy to run those commands

 

Using 1493 out of 196600 bytes
!
! Last configuration change at 01:29:28 UTC Sun Oct 14 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname magginoodles
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Zb/.$0Hkr1XdjmX4Wccx7r57vo/
enable password XXXXXXXX
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
ip name-server 203.215.29.191
ip name-server 203.0.178.191
no ipv6 cef
!
multilink bundle-name authenticated
!
!
license udi pid CISCO1801/K9 sn FHK112719GH
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn point-to-point-setup
 !
!
interface FastEthernet0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface FastEthernet1
 switchport access vlan 99
 !
!
interface FastEthernet2
 shutdown
 !
!
interface FastEthernet3
 shutdown
 !
!
interface FastEthernet4
 shutdown
 !
!
interface FastEthernet5
 shutdown
 !
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
 !
!
interface FastEthernet8
 shutdown
 !
!
interface Vlan1
 no ip address
 shutdown
 !
!
interface Vlan99
 ip address 10.0.0.1 255.255.255.0
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
!
!
control-plane
 !
!
!
line con 0
line aux 0
line vty 0 4
 password XXXXXXXXXX
 login
!
end
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to magginoodles

‎10-14-2018 12:48 AM

Hello,

 

keep in mind that your 1801 is not directly connected to the Internet, but to your modem, which also translates (NAT) everything.

 

I have made a few adjustments to your config (marked in bold):

 

! Last configuration change at 03:50:33 UTC Sun Oct 14 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname magginoodles
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Zb/.$0Hkr1XdjmX4Wccx7r57vo/
enable password XXXXX
!
no aaa new-model
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool VLAN99
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease 7
!
ip cef
ip name-server 203.215.29.191
ip name-server 203.0.178.191
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO1801/K9 sn FHK112719GH
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn point-to-point-setup
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
switchport access vlan 99
spanning-tree portfast
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0 dhcp
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
route-map NAT permit 10
match ip address 1
match interface FastEthernet0
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password XXXXX
login
!
end

View solution in original post

4 Replies 4

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎10-13-2018 09:42 PM

Hi

 

Can you run the command:

sh ip int brie | ex unas

 

The configuration for Fa0 looks like ok and you should be able to get an IP from your ISP.

However, on the WAN side, you're missing the default route. You'll need:

ip route 0.0.0.0 0.0.0.0 dhcp

 

 

For LAN side:

If you want to connect a dumb switch (not manageable and not able to do trunking), you'll need to configure your Fa2 like Fa1. Am i correct if I understood that Fa2 and Fa1 will be on same LAN except Fa2 has switch whereas Fa1 has a endpoint?

 

To allow your router acting as dhcp server for this vlan 99, here a config example:

ip dhcp exclude-address 10.0.0.1

ip dhcp pool VLAN99

 network 10.0.0.0 255.255.255.0

 default-router 10.0.0.1

 dns-server 8.8.8.8 8.8.4.4

 

 

Also, you need to enable nat for this vlan:

interface vlan 99

 ip nat inside

!

ip access-list extended NAT

 permit ip 10.0.0.0 0.0.0.255 any

!

ip nat inside source list NAT interface fa0 overload

 

 

This is a simple configuration. If you'll have VPN for example, you'll need to deny nat for this remote subnet.

 

Then from the router, you should be able to ping 8.8.8.8 and from a machine, you should be able to get an ip and access Internet.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
magginoodles
Level 1
Level 1
In response to Francesco Molino

‎10-13-2018 10:30 PM - edited ‎10-13-2018 10:33 PM

Thank you @Francesco Molino!  

 

Here is the output from your command 

magginoodles#sh ip int brie | ex unas
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              192.168.1.19    YES DHCP   up                    up
Vlan99                     192.168.0.1     YES manual up                    up

Pls note I moved to 192.168.0.0 as I didn't need so many addresses... don't know if that was the right thing to do or not :S

It's also connected to an Airport Extreme at the moment to just see if DHCP assigning was working, I had not even enabled DHCP yet... I'm such a goose

 

Here is the running config from your comments... I hope I got some of it right. I know the basic concepts of networking but I'm hardly a tech 

magginoodles#show running-config
Building configuration...

Current configuration : 1827 bytes
!
! Last configuration change at 03:50:33 UTC Sun Oct 14 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname magginoodles
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Zb/.$0Hkr1XdjmX4Wccx7r57vo/
enable password XXXXX
!
no aaa new-model
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool VLAN99
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8 8.8.4.4
   lease 7
!
ip cef
ip name-server 203.215.29.191
ip name-server 203.0.178.191
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO1801/K9 sn FHK112719GH
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn point-to-point-setup
 !
interface FastEthernet0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface FastEthernet1
 switchport access vlan 99
 !
!
interface FastEthernet2
 shutdown
 !
!
interface FastEthernet3
 shutdown
 !
!
interface FastEthernet4
 shutdown
 !
interface FastEthernet5
 shutdown
 !
!
interface FastEthernet6
 shutdown
 !
!
interface FastEthernet7
 shutdown
 !
!
interface FastEthernet8
 shutdown
 !
!
interface Vlan1
 no ip address
 shutdown
 !
!
interface Vlan99
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended NAT
 permit ip 192.168.0.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password XXXXX
 login
!
end

Yes I'd like Fast Ethernet 1 to connect to my pc for a static IP

Fast Ethernet 2 would be connected to dumb switch as you say... a tplink switch I can add that in to make more sense of the config for you

 

I hope that makes sense, really appreciate the responses. Thanks

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to magginoodles

‎10-14-2018 12:48 AM

Hello,

 

keep in mind that your 1801 is not directly connected to the Internet, but to your modem, which also translates (NAT) everything.

 

I have made a few adjustments to your config (marked in bold):

 

! Last configuration change at 03:50:33 UTC Sun Oct 14 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname magginoodles
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Zb/.$0Hkr1XdjmX4Wccx7r57vo/
enable password XXXXX
!
no aaa new-model
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool VLAN99
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease 7
!
ip cef
ip name-server 203.215.29.191
ip name-server 203.0.178.191
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO1801/K9 sn FHK112719GH
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn point-to-point-setup
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
switchport access vlan 99
spanning-tree portfast
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0 dhcp
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
route-map NAT permit 10
match ip address 1
match interface FastEthernet0
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password XXXXX
login
!
end

Go to solution
magginoodles
Level 1
Level 1
In response to Georg Pauwen

‎10-14-2018 06:16 AM - edited ‎10-14-2018 06:22 AM

Thanks @Georg Pauwen, tweaked and up and running! 

 

Current configuration : 2043 bytes
!
! Last configuration change at 11:42:23 UTC Sun Oct 14 2018 by amadge
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname magginoodles
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Zb/.$0Hkr1XdjmX4Wccx7r57vo/
enable password xxxxx
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool VLAN99
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8 8.8.4.4
   lease 7
!
ip cef
ip domain name sodor
ip name-server 203.215.29.191
ip name-server 203.0.178.191
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid CISCO1801/K9 sn FHK112719GH
username amadge privilege 15 secret 5 $1$G5DV$iD/8Q0n1v68VF/.BX8gpv.
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn point-to-point-setup
 !
!
interface FastEthernet0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface FastEthernet1
 switchport access vlan 99
 !
!
interface FastEthernet2
 switchport access vlan 99
 !
!
interface FastEthernet3
 shutdown
 !
!
interface FastEthernet4
 shutdown
 !
interface FastEthernet5
 shutdown
 !
!
interface FastEthernet6
 shutdown
 !
!
interface FastEthernet7
 shutdown
 !
!
interface FastEthernet8
 shutdown
 !
!
interface Vlan1
 no ip address
 shutdown
 !
!
interface Vlan99
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map NAT interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0 dhcp
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
route-map NAT permit 10
 match ip address 1
 match interface FastEthernet0
 !
!
control-plane
 !
!
line con 0
line aux 0
line vty 0 4
 password xxxxx
 login local
 transport input ssh
!
end

 

I just need to enable some access to internal devices from outside via the internet to my ubuntu home server on 192.168.0.10, SSH (port 22) 

 

What is the easiest way? I found a few articles on permit I'm reading through now

 

How do I mark this done, fixed etc by people?  

 

Many thanks,

Andrew

0 Helpful
Customers Also Viewed These Support Documents