Solved: How to add a second network to GE 0/1 on Cisco 1921

rolandlyngvig · ‎09-28-2020

Hi guys.

I have a Cisco 1921 router. It's configured like this on the two interfaces GE 0/0 and 0/1. I do not use firewall or NAT - just routing. The router is our edge router. On 0/1 we have servers and a Cisco ASA firewall. All these handle firewall / NAT.

interface GigabitEthernet0/0
description TDC Fiber
ip address 80.73.174.50 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Link to LAN
ip address 80.73.174.57 255.255.255.248
duplex auto
speed auto
!

On the GE 0/1 interface I have a switch where a few servers are directly connected with a public IP address (they provide their own built-in firewall) and a Cisco ASA 5506-X that "owns" a few IP addresses which it does firewall and NAT on.

I need to extend with a new public IP address range as I have no more available public addresses. It's already set up at the ISP and routed to our CPE (Cisco 1921). Now my question is:

How can I configure the 1921 to accept this new network: 87.48.162.176/29 in addition to the existing 80.73.174.56/29? As I see it 87.48.162.177/29 should be on the interface GE 0/1 next to 80.73.174.57/29 and the rest, .178 thru .182 can then be used to other equipment connected to the switch (that is connected to GE 0/1). I want to connect another firewall that will have .178 and use .177 as it default gateway.

I hope some you can help me with the few configuration lines that will allow this setup. Thanks in advance.

Richard Burts · ‎09-28-2020

The suggestion from @Giuseppe Larosa to implement router on a stick with dot1q subinterface on the router is certainly possible (and perhaps a more elegant solution). But it seems to me that there is a more simple solution that would also work

interface GigabitEthernet0/1

ip address 87.48.162.177 255.255.255.248 secondary

This would allow both subnets to coexist on the interface and route to and from the connected devices in both subnets.

HTH

Rick

View solution in original post

Giuseppe Larosa · ‎09-28-2020

Hello @rolandlyngvig ,

according to your network description the gi0/1 connects to a switch

>> How can I configure the 1921 to accept this new network: 87.48.162.176/29 in addition to the existing 80.73.174.56/29?

You create a new VLAN like Vlan 250 for the new public IP subnet.

On the interface towards the C1921 you change the L2 port configuration to

interface gi1/5

switchport

switchport mode trunk

switchport trunk allowed vlan X, 250

switchportt trunk native vlan X

where X is the curre Vlan the port is member of (as an access port) if X=1 it is aleread the native vlan for trunk

on the C1921

you add an 802.1Q based subinterface like

int gi0/1.250

enc dot1q 250

ip address 80.73.174.57 255.255.255.248

This should allow communication for the new subnet

This config is called router on a stick using subinterfaces on router side.

Hope to help

Giuseppe

Richard Burts · ‎09-28-2020

The suggestion from @Giuseppe Larosa to implement router on a stick with dot1q subinterface on the router is certainly possible (and perhaps a more elegant solution). But it seems to me that there is a more simple solution that would also work

interface GigabitEthernet0/1

ip address 87.48.162.177 255.255.255.248 secondary

This would allow both subnets to coexist on the interface and route to and from the connected devices in both subnets.

HTH

Rick

rolandlyngvig · ‎09-28-2020

Hi Richard,

The suggestion to use VLANs was a bit "overwhelming", so I decided to try your simple suggestion with a secondary IP address. And it works just as I needed. Thanks for your quick reply to my question.

BR,

Roland

Richard Burts · ‎10-01-2020

Roland

You are welcome. I am glad that my suggestion pointed you to a solution that did work for you. The suggestion to use vlans and router on a stick would work and in some circumstances would be preferable. But in your case the more simple solution of secondary addressing is sufficient. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick