Thank you very much

TristanGude · ‎10-31-2014

Can I connect a CISCO 2921 Router to a Wan through one of the gig ports or I need an EHWIC to do this?

ghostinthenet · ‎10-31-2014

You can definitely use one of the GigabitEthernet ports. Using one for WAN and the others for LAN/DMZ functionality is a fairly standard configuration for those routers.

TristanGude · ‎10-31-2014

Thank you. I cannot get it to work. Do you have any configuration example for the WAN side, that you would like to share? Thank you

Aref Alsouqi · ‎10-31-2014

Hi Tristan,

If you can, please describe the issue with some more details.

Regards,

Aref

TristanGude · ‎11-02-2014

We just bought two CISCO 2921 for my workplace. I am trying to learn how to set them up. We have been using Netgear for years. Our network has grown and Netgears are not enough anymore.

So I have a lab where I have a Netgear FVX538 connected to the Internet. Netgear LAN configuration is 172.18.0.1 255.255.255.0

I connected the CISCO to one of the LAN ports in the NETGEAR through gig 0/0. See configuration below.

I have connected a LAPTOP to gig 0/1, but it does not get to connect to the Internet. Another laptop, which is connected directly to NETGEAR cannot ping the CISCO Router

Using 2272 out of 262136 bytes

! Last configuration change at 19:30:41 PCT Sun Nov 2 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname CISCO-2921-Router-Elementary

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 25

clock timezone PCT -8 0

!

ip cef

!

no ip dhcp conflict logging

ip dhcp excluded-address 172.18.1.1 172.18.1.99

ip dhcp excluded-address 172.18.2.1 172.18.2.99

ip dhcp excluded-address 172.18.3.1 172.18.3.99

!

ip dhcp pool 0

network 172.18.2.0 255.255.255.0

domain-name elsolacademy.net

dns-server 172.18.0.228

default-router 172.18.1.1

lease 30

!

no ip domain lookup

ip host Netgear-FVX538 172.18.0.1

ip name-server 172.18.0.228

ip name-server 209.18.47.61

ip name-server 209.18.47.62

no ipv6 cef

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-969957288

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-969957288

revocation-check none

rsakeypair TP-self-signed-969957288

!

crypto pki certificate chain TP-self-signed-969957288

certificate self-signed 01 nvram:IOS-Self-Sig#3.cer

license udi pid CISCO2921/K9 sn FGL175310DP

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Internet

ip address 172.18.1.1 255.255.255.0

ip helper-address 172.18.0.1

ip helper-address 24.199.49.77

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 172.18.2.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 172.18.3.1 255.255.255.0

duplex auto

speed auto

!

router rip

network 172.18.0.0

!

ip default-gateway 172.18.0.1

ip forward-protocol nd

!

no ip http server

ip http secure-server

!

ip route 172.18.1.0 255.255.255.0 172.18.0.1

ip route 172.18.2.0 255.255.255.0 GigabitEthernet0/0

ip route 172.18.3.0 255.255.255.0 GigabitEthernet0/0

!

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

password brilla2012

line 2

no activation-character

no exec

transport preferred none

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password brilla2012

login

transport input all

!

scheduler allocate 20000 1000

!

end

ghostinthenet · ‎10-31-2014

There are many different ways it could be configured depending on the ISP and te technology being used. Do you have any details on what kind of WAN connection you're using?

TristanGude · ‎11-02-2014

We just bought two CISCO 2921 for my workplace. I am trying to learn how to set them up. We have been using Netgear for years. Our network has grown and Netgears are not enough anymore.

So I have a lab where I have a Netgear FVX538 connected to the Internet. Netgear LAN configuration is 172.18.0.1 255.255.255.0

I connected the CISCO to one of the LAN ports in the NETGEAR through gig 0/0. See configuration below.

I have connected a LAPTOP to gig 0/1, but it does not get to connect to the Internet. Another laptop, which is connected directly to NETGEAR cannot ping the CISCO Router

Using 2272 out of 262136 bytes

! Last configuration change at 19:30:41 PCT Sun Nov 2 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname CISCO-2921-Router-Elementary

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 25

clock timezone PCT -8 0

!

ip cef

!

no ip dhcp conflict logging

ip dhcp excluded-address 172.18.1.1 172.18.1.99

ip dhcp excluded-address 172.18.2.1 172.18.2.99

ip dhcp excluded-address 172.18.3.1 172.18.3.99

!

ip dhcp pool 0

network 172.18.2.0 255.255.255.0

domain-name elsolacademy.net

dns-server 172.18.0.228

default-router 172.18.1.1

lease 30

!

no ip domain lookup

ip host Netgear-FVX538 172.18.0.1

ip name-server 172.18.0.228

ip name-server 209.18.47.61

ip name-server 209.18.47.62

no ipv6 cef

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-969957288

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-969957288

revocation-check none

rsakeypair TP-self-signed-969957288

!

crypto pki certificate chain TP-self-signed-969957288

certificate self-signed 01 nvram:IOS-Self-Sig#3.cer

license udi pid CISCO2921/K9 sn FGL175310DP

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Internet

ip address 172.18.1.1 255.255.255.0

ip helper-address 172.18.0.1

ip helper-address 24.199.49.77

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 172.18.2.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 172.18.3.1 255.255.255.0

duplex auto

speed auto

!

router rip

network 172.18.0.0

!

ip default-gateway 172.18.0.1

ip forward-protocol nd

!

no ip http server

ip http secure-server

!

ip route 172.18.1.0 255.255.255.0 172.18.0.1

ip route 172.18.2.0 255.255.255.0 GigabitEthernet0/0

ip route 172.18.3.0 255.255.255.0 GigabitEthernet0/0

!

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

password brilla2012

line 2

no activation-character

no exec

transport preferred none

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password brilla2012

login

transport input all

!

scheduler allocate 20000 1000

!

end

Aref Alsouqi · ‎11-03-2014

Hi,

Interface GigabitEthernet0/0 is setup with ip address 172.18.1.1 255.255.255.0, and Netgear has ip address 172.18.0.1 255.255.255.0, they are on different networks, you should correct the ip addresses, in addition the static routes are not appropriate, since those networks 172.18.1.0, 172.18.2.0 and 172.18.3.0 are connected to the Cisco router itself, you don't need them, also you should setup a default static route towards your gateway, it should be the Netgear ip address 172.18.0.1, finally you should ensure that the Netgear router knows how to get back to networks 172.18.2.0 and 172.18.3.0.

Regards,

Aref

TristanGude · ‎11-03-2014

First of all, thank you very much.

Let me see if I understood your answer.

1- Change the gig 0/0 address to 172.18.0.50 255.255.255.0. ?

2- IP routes should be ip route 172.18.2.0 255.255.255.0 172.18.0.1

Is that correct?

Aref Alsouqi · ‎11-03-2014

You are welcome Tristan.

Correct, g0/0 should be on the same subnet of the Negear, instead the default route should be towards any, example "ip route 0.0.0.0 0.0.0.0 172.18.0.1", and as mentioned before, Negear has to know how to get back to networks 172.18.2.x and 172.18.3.x., another solution would be to apply natting on the Cisco router so the Netgear would see all those networks as 172.18.0.x.

Please let me know if you still unclear.

Regards,

Aref

TristanGude · ‎11-06-2014

Hi,

Thank you

I have made some progress, but now I cannot route from the vlans.

See attached config

Now the router is directly connected to the Internet, through gig 0/1

gig 0/0 is the internal network

Aref Alsouqi · ‎11-07-2014

Hi Tristan,

That because the subinterfaces are not able to inter-route with the same physical interface where they are configured. Please try to do these modifications:

interface GigabitEthernet0/0
no ip address
no ip nat inside
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 (assuming the native vlan on the trunk is vlan 1)
ip address 172.16.0.1 255.255.255.0
ip nat inside

Now on all other subinterfaces you should apply "ip nat inside", example:
interface GigabitEthernet0/0.15
ip nat inside
!
interface GigabitEthernet0/0.101
ip nat inside

and so on.

This static route is not needed and is not correct, because with that you are saying to route the traffic towards the network 172.16.0.0/16 out of g0/1 interface. It would not hurt in your case because the router would prefer the connected routes overy the static one, but please remove it:

no ip route 172.16.0.0 255.255.255.0 GigabitEthernet0/1

Regards,

Aref

TristanGude · ‎11-07-2014

Thank you very much

Aref Alsouqi · ‎11-07-2014

You are very welcome.

Please let me know if it did work properly.

Regards,

Aref

TristanGude · ‎11-07-2014

How can I define the Native Vlan or any other vlan in more than one interface? is that possible?