Help with Vlan Access-list in small lab environment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2019 02:40 AM - edited 03-05-2019 11:16 AM
Hello.
first of all, I hope this is the right place for my post.
I'm somewhat new in the cisco world I was introduced to Cisco equipment and non-GUI configuration of switches/routers around 6 months ago so I hope you all can bear with a lack in my knowledge and some perhaps "stupid" questions here and there.
At work I was given a lab environment project, where I'm expected to find some of the answers I need my self and googling is not helping me anymore, so where better to turn than here.
How do I allow internet access to some of the VLANs?
I think I have configured the access-list right for VLAN 10, 30 and 50
and this is where I feel I'm getting stuck.
I also need to configure the OSPF and DHCP if I'm not mistaken.
to be clear I'm not looking for copy paste answer. I guess what I'm looking for most of all is guidance, best practice and why something should be done one way and not the other way.
I did take CCNA 1 and 2 in school but due to the lack of time, they did not teach around 80% of the stuff.
buy lack of time I mean we were given 8 work days to do all of the lab work, reading and tests of the CCNA 2
This is what I'm working with, my current configs and requirements of the setup:
The router needs to hand out IP addresses on all networks
The router should be configured with OSPF
all of my work needs to be documented, in a report and a presentation
it's a rather small network.
a 2911router connected to a 3560 PoE-8
I got 5 VLANs other than the management VLAN for the switch
10, 20, 30, 40, 50
10 needs to have access to: 20 and 40
20 needs to have access to: internet, 10, 50 and 40
30 needs to have access to: nothing other than whats in the same VLAN
40 needs to have access to: internet, 10, 50 and 20
50 needs to have access to: 20 and 40
My IP table looks like this
VLAN 10 contains 30 host's 192.168.1.0 /26
VLAN 20 contains 28 host's 192.168.1.64 /27
VLAN 30 contains 19 host's 192.168.1.96 /27
VLAN 40 contains 5 host's 192.168.1.128 /29
VLAN 50 contains 4 host's 192.168.1.136 /29
VLAN 99 192.168.1.44 /30
Switch running conf
Current configuration : 3098 bytes
!
! Last configuration change at 02:58:23 UTC Thu Mar 11 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 cisco
aaa new-model
!
aaa session-id common
system mtu routing 1500
ip domain-name ite.14.fmi.dk
!
crypto pki trustpoint TP-self-signed-2449084544
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2449084544
revocation-check none
rsakeypair TP-self-signed-2449084544
!
crypto pki certificate chain TP-self-signed-2449084544
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343439 30383435 3434301E 170D3933 30333031 30303031
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34343930
38343534 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BB85 B6F3A4B7 3F32CF06 341ABE44 02D11DAD C325A63D 09620339 30F87892
B229E6C9 D5B957CE 66B80705 C2541ACC 951654A5 9A1AD25C 0B3DE2F3 2B70C830
D0A0D0CC BB0ED362 C58DEBB1 B1D1E10A 116AE17D DCD7B6A8 59A57805 34321790
6F60A8EE 5E8FF669 D75639C5 235A37C7 B0F7ABD5 0BA8A96C BED02C22 CBF2364A
F6D70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14102B5A CED4CA9C 2CE5919F D8832F5D 2472A591 E3301D06
03551D0E 04160414 102B5ACE D4CA9C2C E5919FD8 832F5D24 72A591E3 300D0609
2A864886 F70D0101 05050003 81810020 3020E7B5 7C9A3D39 BE1246CB 5D4F14FB
BD38D95C 9767363F 759A01D1 9EFBD123 97400541 1FEFAD53 9AAB0B93 1913912F
4792D344 DEE7193F 1C65552D BA5DFBA8 6706345D 57D0F658 0E69E44B 04328AA0
F652A1F1 AB803C22 4BCB2D6D 672F869A E8EFF773 87E4C431 85E5CB17 FD73DD7C
1D7788A0 F8A75269 77A4FE02 046B61
quit
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,99
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
!
interface Vlan99
ip address 192.168.1.145 255.255.255.248
!
ip http server
ip http secure-server
!
line con 0
logging synchronous
line vty 0 4
transport input ssh
line vty 5 15
!
end
Router running conf
Current configuration : 2356 bytes
!
! Last configuration change at 10:49:24 UTC Fri Feb 15 2019
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO2911/K9 sn FCZ155370CT
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.62 255.255.255.192
ip access-group 10 out
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.94 255.255.255.224
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.1.126 255.255.255.224
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.1.134 255.255.255.248
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 192.168.1.142 255.255.255.248
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.1.146 255.255.255.252
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
no ip address
shutdown
!
interface GigabitEthernet0/1/1
no ip address
shutdown
!
interface GigabitEthernet0/1/2
no ip address
shutdown
!
interface GigabitEthernet0/1/3
no ip address
shutdown
!
interface GigabitEthernet0/2/0
no ip address
shutdown
!
interface GigabitEthernet0/2/1
no ip address
shutdown
!
interface GigabitEthernet0/2/2
no ip address
shutdown
!
interface GigabitEthernet0/2/3
no ip address
shutdown
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
access-list 10 permit 192.168.1.128 0.0.0.7
access-list 10 permit 192.168.1.64 0.0.0.31
!
control-plane
!
vstack
!
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
- Labels:
-
LAN Switching
-
Routing Protocols
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2019 03:24 PM
Ok looks good description :
here is my comments :
1. Your Management Vlan 99 you have mentioned
VLAN 99 192.168.1.44 /30 ( i belive this 144/30)
But config looks different ?
So basic testing, Do you have connectity for now bettween all VLAN by now. If yes then you need to move to next level to build ACL 1 by one as per task.
10 needs to have access to: 20 and 40
20 needs to have access to: internet, 10, 50 and 40
30 needs to have access to: nothing other than whats in the same VLAN
40 needs to have access to: internet, 10, 50 and 20
50 needs to have access to: 20 and 40
2. You have only 1 ACL applied to VLAN 10 ? Where is the rest of the ACL, build one and test and let us know what is not working so we can suggest you after reviweing your config.
3. The router should be configured with OSPF
You have only 2 device what is the scope of OSPF here ? Since all the L3 VLAN in the router ?
Or do you have any other device network, show us the topology.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2019 12:22 AM
1:
The Vlan IP is a typo and should be 192.168.1.144 /30 like u said.
for now, all I got to test with is 2 "clients" one I placed in VLAN 10 and the other one in 20 they are able to ping back and forth.
2:
for now, I got 1 ACL almost done, I'm unsure how I open the DHCP so that it would be able to pull an IP from the router, right now I got the 2 "clients" configured with static IP's
3:
OSPF is a part of the task I was set. normally there would be 2 ppl in training where I work, but this time its just me alone. I guess the idea would be that the 2 networks should be connected at the end of the project.
I guess if the task was to be used in a real-world scenario there would be more hardware in my topology, but the added image is how it looks atm aside for the 2 "clients" that I can move around to test the config.
Should my next step be to continue with the ACL or should I get the DHCP done first, I imagen it would make for some more easy testing when I don't have to set the IPmanuallyly every time i move network?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2019 03:25 PM
Hello,
you need to add the access lists marked in bold to your router configuration. The NAT statements are also needed (in the configuration I assumed interface GigabitEthernet0/1 to be the interface connected to your ISP, if you use another interface, change the configuration accordingly):
Current configuration : 2356 bytes
! Last configuration change at 10:49:24 UTC Fri Feb 15 2019
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO2911/K9 sn FCZ155370CT
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.62 255.255.255.192
ip access-group 101 in
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.94 255.255.255.224
ip nat inside
ip access-group 102 in
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.1.126 255.255.255.224
ip access-group 103 in
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.1.134 255.255.255.248
ip nat inside
ip access-group 104 in
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 192.168.1.142 255.255.255.248
ip access-group 105 in
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.1.146 255.255.255.252
!
interface GigabitEthernet0/1
description Link to ISP
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
no ip address
shutdown
!
interface GigabitEthernet0/1/1
no ip address
shutdown
!
interface GigabitEthernet0/1/2
no ip address
shutdown
!
interface GigabitEthernet0/1/3
no ip address
shutdown
!
interface GigabitEthernet0/2/0
no ip address
shutdown
!
interface GigabitEthernet0/2/1
no ip address
shutdown
!
interface GigabitEthernet0/2/2
no ip address
shutdown
!
interface GigabitEthernet0/2/3
no ip address
shutdown
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 1 permit 192.168.1.64 0.0.0.31
access-list 1 permit 192.168.1.128 0.0.0.7
!
access-list 10 permit 192.168.1.128 0.0.0.7
access-list 10 permit 192.168.1.64 0.0.0.31
!
access-list 101 permit ip 192.168.1.0 0.0.0.63 192.168.1.64 0.0.0.31
access-list 101 permit ip 192.168.1.64 0.0.0.31 192.168.1.0 0.0.0.63
access-list 101 permit ip 192.168.1.0 0.0.0.63 192.168.1.128 0.0.0.7
access-list 101 permit ip 192.168.1.128 0.0.0.7 192.168.1.0 0.0.0.63
!
access-list 102 permit ip 192.168.1.64 0.0.0.31 192.168.1.0 0.0.0.63
access-list 102 permit ip 192.168.1.0 0.0.0.63 192.168.1.64 0.0.0.31
access-list 102 permit ip 192.168.1.64 0.0.0.31 192.168.1.128 0.0.0.7
access-list 102 permit ip 192.168.1.128 0.0.0.7 192.168.1.64 0.0.0.31
access-list 102 permit ip 192.168.1.64 0.0.0.31 192.168.1.136 0.0.0.7
access-list 102 permit ip 192.168.1.136 0.0.0.7 192.168.1.64 0.0.0.31
access-list 102 deny ip 192.168.1.64 0.0.0.31 192.168.1.96 0.0.0.31
access-list 102 deny ip 192.168.1.96 0.0.0.31 192.168.1.64 0.0.0.31
access-list 102 permit ip 192.168.1.64 0.0.0.31 any
access-list 102 permit ip any 192.168.1.64 0.0.0.31
!
access-list 103 deny ip any any
!
access-list 104 permit ip 192.168.1.128 0.0.0.7 192.168.1.0 0.0.0.63
access-list 104 permit ip 192.168.1.0 0.0.0.63 192.168.1.128 0.0.0.7
access-list 104 permit ip 192.168.1.128 0.0.0.7 192.168.1.64 0.0.0.31
access-list 104 permit ip 192.168.1.64 0.0.0.31 192.168.1.128 0.0.0.7
access-list 104 permit ip 192.168.1.128 0.0.0.7 192.168.1.136 0.0.0.7
access-list 104 permit ip 192.168.1.136 0.0.0.7 192.168.1.128 0.0.0.7
access-list 104 deny ip 192.168.1.128 0.0.0.7 192.168.1.96 0.0.0.31
access-list 104 deny ip 192.168.1.96 0.0.0.31 192.168.1.128 0.0.0.7
access-list 104 permit ip 192.168.1.128 0.0.0.7 any
access-list 104 permit ip any 192.168.1.128 0.0.0.7
!
access-list 105 permit ip 192.168.1.136 0.0.0.7 192.168.1.64 0.0.0.31
access-list 105 permit ip 192.168.1.64 0.0.0.31 192.168.1.136 0.0.0.7
access-list 105 permit ip 192.168.1.136 0.0.0.7 192.168.1.128 0.0.0.7
access-list 105 permit ip 192.168.1.128 0.0.0.7 192.168.1.136 0.0.0.7
!
control-plane
!
vstack
!
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2019 12:30 AM - edited 02-19-2019 12:40 AM
I will be getting a 3G HWIC module for the router when/if we get one in stock before I'm done with my lab project.
but I guess that won't change a lot of the settings? I assume it will just be listed with the interfaces?
All the access list that you made make sense to me except for this 2 first once, why are they necessary?
access-list 1 permit 192.168.1.64 0.0.0.31
access-list 1 permit 192.168.1.128 0.0.0.7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2019 12:49 AM
Hello,
access list 1 is for Internet access. It belongs to the NAT statement:
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
access-list 1 permit 192.168.1.64 0.0.0.31
access-list 1 permit 192.168.1.128 0.0.0.7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2019 02:29 AM
Right okay, make sense.
I just got the 4G module
This is the interface that got added: interface Cellular0/0/0
So now I have to edit the config u gave me and remove GigabitEthernet0/1 and add Cellular0/0/0?
the config from the router looks like this:
interface Cellular0/0/0
no ip address
encapsulation slip
dialer in-band
dialer string lte
Is it correct that i need to change it like this:
interface Cellular0/0/0
description Link to ISP
ip address dhcp
encapsulation slip
dialer in-band
dialer string lte
and this
ip nat inside source list 1 interface Cellular0/0/0 overload
!
ip route 0.0.0.0 0.0.0.0 interface Cellular0/0/0 dhcp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2019 03:43 AM
Hello,
config looks good...what platform (which router) is this on ? You might need a chat script and some additional configuration...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2019 04:43 AM - edited 02-19-2019 05:13 AM
The router is a 2911 like this one.
I connected the 4G module to EHWIC0 1-3 is empty and my switch 3560 PoE-8 is connected to the one numbered 5 Ge0/0
Now my running config looks like this:
Current configuration : 4557 bytes
!
! Last configuration change at 13:08:22 UTC Tue Feb 19 2019
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!
license udi pid CISCO2911/K9 sn FCZ155370CT
!
redundancy
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.62 255.255.255.192
ip access-group 101 in
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.94 255.255.255.224
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.1.126 255.255.255.224
ip access-group 103 in
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.1.134 255.255.255.248
ip access-group 104 in
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 192.168.1.142 255.255.255.248
ip access-group 105 in
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.1.146 255.255.255.252
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0/0/0
description Link to ISP
no ip address
encapsulation slip
dialer in-band
dialer string lte
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 1 permit 192.168.1.64 0.0.0.31
access-list 1 permit 192.168.1.128 0.0.0.7
access-list 10 permit 192.168.1.128 0.0.0.7
access-list 10 permit 192.168.1.64 0.0.0.31
access-list 101 permit ip 192.168.1.0 0.0.0.63 192.168.1.64 0.0.0.31
access-list 101 permit ip 192.168.1.64 0.0.0.31 192.168.1.0 0.0.0.63
access-list 101 permit ip 192.168.1.0 0.0.0.63 192.168.1.128 0.0.0.7
access-list 101 permit ip 192.168.1.128 0.0.0.7 192.168.1.0 0.0.0.63
access-list 102 permit ip 192.168.1.64 0.0.0.31 192.168.1.0 0.0.0.63
access-list 102 permit ip 192.168.1.0 0.0.0.63 192.168.1.64 0.0.0.31
access-list 102 permit ip 192.168.1.64 0.0.0.31 192.168.1.128 0.0.0.7
access-list 102 permit ip 192.168.1.128 0.0.0.7 192.168.1.64 0.0.0.31
access-list 102 permit ip 192.168.1.64 0.0.0.31 192.168.1.136 0.0.0.7
access-list 102 permit ip 192.168.1.136 0.0.0.7 192.168.1.64 0.0.0.31
access-list 102 deny ip 192.168.1.64 0.0.0.31 192.168.1.96 0.0.0.31
access-list 102 deny ip 192.168.1.96 0.0.0.31 192.168.1.64 0.0.0.31
access-list 102 permit ip 192.168.1.64 0.0.0.31 any
access-list 102 permit ip any 192.168.1.64 0.0.0.31
access-list 103 deny ip any any
access-list 104 permit ip 192.168.1.128 0.0.0.7 192.168.1.0 0.0.0.63
access-list 104 permit ip 192.168.1.0 0.0.0.63 192.168.1.128 0.0.0.7
access-list 104 permit ip 192.168.1.128 0.0.0.7 192.168.1.64 0.0.0.31
access-list 104 permit ip 192.168.1.64 0.0.0.31 192.168.1.128 0.0.0.7
access-list 104 permit ip 192.168.1.128 0.0.0.7 192.168.1.136 0.0.0.7
access-list 104 permit ip 192.168.1.136 0.0.0.7 192.168.1.128 0.0.0.7
access-list 104 deny ip 192.168.1.128 0.0.0.7 192.168.1.96 0.0.0.31
access-list 104 deny ip 192.168.1.96 0.0.0.31 192.168.1.128 0.0.0.7
access-list 104 permit ip 192.168.1.128 0.0.0.7 any
access-list 104 permit ip any 192.168.1.128 0.0.0.7
access-list 105 permit ip 192.168.1.136 0.0.0.7 192.168.1.64 0.0.0.31
access-list 105 permit ip 192.168.1.64 0.0.0.31 192.168.1.136 0.0.0.7
access-list 105 permit ip 192.168.1.136 0.0.0.7 192.168.1.128 0.0.0.7
access-list 105 permit ip 192.168.1.128 0.0.0.7 192.168.1.136 0.0.0.7
!
control-plane
!
vstack
!
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
script dialer lte
no exec
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
If I'm not mistaken the last part I need is to:
- config the DHCP pools
- setup OSPF
- add gateway of last resort as the cell 0/0/0?
