Cisco 837 ethernet / fastethernet config

theclam · ‎09-25-2006

Hi,

Although I've managed to set up an 837 router to do what I need (VPN/NAT/PAT), I'm a bit confused by the interfaces. My understanding is that the layer 1 settings such as speed / duplex are done on the fastethernet 1-4 interfaces, and the layer 3 configuration is done on the ethernet0 interface. There is also an ethernet2 interface, which I don't altogether understand.

Is there some useful documentation on how this all hangs together? I've not been able to find any.

More specifically I'm interested in whether it's possible to subinterface (trunk) the switch ports or not, or minimally to partition the ports so that some can be set up for Internet only while others have access to the VPN.

Any help gratefully received!

Thanks,

Foeh

m-haddad · ‎09-25-2006

Hello,

I really didn't get your question. However, L3 routing, Fastethernet and ethernet can be routed interfaces. Routing does not depend on the interface. One you put an IP on the interface and enable ip routing on the device (in case of switch) you will be able to route on the interface.

On the switch you can configure the port as layer 3 routed interface. L3 routed interface means it acts like a fastethernet on the router. This can be setup by issuing the command " no switch port" which will put the interface in L3 mode and you can assign an IP address to the switch port.

let me know if this helps you and answers your question,

If you find the post helpful please rate,

Regards,

theclam · ‎09-26-2006

Hi,

I understand how it normally works, but on an 837 things are very different.

The FastEthernet 1 - 4 interfaces are as you would expect on a layer 2 switch. They can be shut down, have their speed / duplex set and have a description configured on them but not a lot else.

The Ethernet0 / Ethernet2 interfaces on an 837 don't relate to physical ports, but rather seem to control the layer 3 aspects of the FastEthernet ports.

From a configuration point of view, if seems to be that you configure the Ethernet0 interface as you would on a router with one ethernet port, and configure the FastEthernet1-4 ports as you would on a dumb switch attached to that router.

It really is strange!

Foeh

m-haddad · ‎09-26-2006

Actually what you can do is VLANs. Create a vlan in the VLAN database and then assign each port in the switch to one vlan. Then create a virtual interface (VLAN) and then each port will act like a different routed interface. However, the routed interface is the VLAN.

Let me know if you have further questions,

Regards,

theclam · ‎09-26-2006

Hi,

There is no vlan database in an 837:

Router#vlan database

^

% Invalid input detected at '^' marker.

Router#show vlan

^

% Invalid input detected at '^' marker.

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#vlan 10

^

% Invalid input detected at '^' marker.

Router(config)#int vlan 10

^

% Invalid input detected at '^' marker.

I'm very familiar with multilayer switching and SVIs, but the 837 is a very different beast.

It's possible to set up subinterfaces of ethernet0, which looks promising, but the router is in service at the moment and I can't afford to break it testing out ideas. I hope that when I set up the subinterfaces with dot1q encapsulation, the switch ports will start trunking, but since you can't issue "switchport mode trunk" under the fastethernet interfaces it's not so clear!

Like I say, though, I can't find any documentation on how the interfaces 'work' on an 837. Unfortunately, my capacity to experiment is pretty limited as well!

Foeh

m-haddad · ‎09-26-2006

First sorry, on 837 you are right it acts a dummy switch. I didn't look at the model. I thought it was a switch WIC. Even dot1q won't be supported as long as I know.

Let me know how it goes,

Regards,

theclam · ‎10-09-2006

Hi,

For anyone who ever wonders about this, I managed to get an answer. Our maintainers provided this link, which details how to set up a "DMZ port".

Basically, once you do a "no shutdown" on the ethernet2 interface, port 4 on the integral switch becomes segregated off and takes on the layer 3 attributes that are configured on eth2.

The link, for anyone who is interested, is:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/123x/123xr7/dmz_port.htm

Regards,

Foeh

lvavilapalli · ‎04-10-2019

Thank you man, i had the same questions on the cisco 837 and you clarified it up. Appreciate it.

marianodaniel · ‎12-11-2021

Thank you for sharing info once resolved, not many do that!

marianodaniel · ‎12-11-2021

btw, page is dead now, lol.

Richard Burts · ‎12-11-2021

Yes it is good that someone shared the solution to their problem. That post is 15 years old and is based on a solution on univercd which is how Cisco distributed documentation in 2006. The link is dead but the solution would still be alive.

HTH

Rick

Georg Pauwen · ‎12-11-2021

Hello,

not really sure where you are in your research, but the 837 (which obviously is a rather ancient device) does not supports Vlans at all as far as I recall. You get two routed ports, Ethernet0 and Ethernet2. There is no Vlan database, and subinterfaces don't work either. The FastEthernet ports are layer 2 only indeed. You could use secondary addressing on the Ethernet interfaces if you need more networks.

So a sample config would look like this:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 *********
enable password *********
!
no aaa new-model
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
username cisco privilege 15 password 0
***********
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
encapsulation aal5snap
pppoa-client dial-pool-number 1
!
interface FastEthernet1
speed auto
full-duplex
!
interface FastEthernet2
speed auto
full-duplex
!
interface FastEthernet3
speed auto
full-duplex
!
interface FastEthernet4
speed auto
full-duplex
!
interface Dialer0
ip address negotiated
ip nat outside
dialer-group 1
ip virtual-reassembly
encaps aal5snap
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server

ip http secure-server
!
ip nat translation max-entries 1000
ip nat inside source list 1 interface Dialer0 overlaod
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 120 0
password cisco
login local
length 0
!
scheduler max-task-time 5000
end