cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1264
Views
5
Helpful
12
Replies

Need Help,Plzzzz

samirshaikh52
Level 2
Level 2

Hello Frnds I have to setup a small network with 30 users and in future it can be expanded So for that i have bought 1 Router 877,1 catlyst switch 2960 and Purchased one DSL connection

Now the problem is that

1.How should i setup my network ?

2.How should i configure my Router and switch?

3.How the users will access internet ?

4.DHCP configration or assign Ip statically

I have decided to design 192.168.1.0/24 ip address scheme for my LAN

Can any one help me ?I will be very thankful

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Samir,

1) users === switch 2960 -- single lan cable -- 877 ---DSL /phone cable

2) R877

hostname R877

int vlan 1

ip address 192.168.1.1 255.255.255.0

no shut

assign an enable password with

enable secret xxx

do the same for c2960 using

hostname SW2960

int vlan 1

ip address 192.168.1.2 255.255.255.0

no shut

to avoid normal users to access them I suggest to use an ACL to specify administrator's PC ip address

access-list 11 permit host 192.168.1.3

access-list 11 permit host 192.168.1.4

line vty 0 4

access-class 11 in

do it on both devices

3) internet access can be given using nat

access-list 21 permit 192.168.1.0 0.0.0.255

ip nat source inside list 21 int dialer1 overload

int vlan 1

ip nat inside

int dialer 1

ip nat outside

I suppose you use some form of PPPoX on your line and dialer1 is the logical interface used with it. Check with your provider what type has to be used and the ATM parameters VPI/VCI

4) give ip addresses to users with DHCP with just few PCs used by you with static ip addresses for the security reason explained above.

An example is the following:

ip dhcp excluded-address 192.168.1.1 192.168.1.15

!

ip dhcp pool DATA

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

lease 0 1

!

So users will get ip addresses > 192.168.1.1

Hope to help

Giuseppe

View solution in original post

12 Replies 12

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Samir,

1) users === switch 2960 -- single lan cable -- 877 ---DSL /phone cable

2) R877

hostname R877

int vlan 1

ip address 192.168.1.1 255.255.255.0

no shut

assign an enable password with

enable secret xxx

do the same for c2960 using

hostname SW2960

int vlan 1

ip address 192.168.1.2 255.255.255.0

no shut

to avoid normal users to access them I suggest to use an ACL to specify administrator's PC ip address

access-list 11 permit host 192.168.1.3

access-list 11 permit host 192.168.1.4

line vty 0 4

access-class 11 in

do it on both devices

3) internet access can be given using nat

access-list 21 permit 192.168.1.0 0.0.0.255

ip nat source inside list 21 int dialer1 overload

int vlan 1

ip nat inside

int dialer 1

ip nat outside

I suppose you use some form of PPPoX on your line and dialer1 is the logical interface used with it. Check with your provider what type has to be used and the ATM parameters VPI/VCI

4) give ip addresses to users with DHCP with just few PCs used by you with static ip addresses for the security reason explained above.

An example is the following:

ip dhcp excluded-address 192.168.1.1 192.168.1.15

!

ip dhcp pool DATA

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

lease 0 1

!

So users will get ip addresses > 192.168.1.1

Hope to help

Giuseppe

line vty 0 4

access-class 11 in

password XXX

Don't forget the password on the vty or you can use the username uuuuuuuu password ppppppp command and apply login local to the vty.

Also, on the switch at the Switch[config-t]# prompt put in the ip default-gateway.

ip default-gateway 192.168.1.1

http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6200/product_data_sheet0900aecd8028a976.pdf

Hello Richard,

the password under vty is really needed

the default-gateway on the switch is not needed because there is only one internal subnet and then the internet access.

Best Regards

Giuseppe

Hi Giuseppe,

You are right about the d-g. It is just one of those steps I have been burned for in the past and it has stuck with me. It isn't needed in that configuration.

V/R,

Richard

nice senario.. you guys Rock !!

Thank you sir I really appreciated your explanation I will work on it and let you know

Sir,Suppose i want to create some vlans on the switch then what will be the configuration

Hello Samir,

>> Suppose i want to create some vlans on the switch then what will be the configuration

the router to switch link becomes a trunk port

R877

R877# vlan database

vlan 2

name second_vlan

vlan 3

name third_vlan

let's suppose fas1 connects to the switch

int vlan2

ip address 192.168.2.1 255.255.255.0

no shut

int vlan3

ip address 192.168.3.1 255.255.255.0

no shut

int fas1

switchport

switchport trunk enc dot1q

switchport mode trunk

on the switch

SW2960# config t

SW2960(config)# vlan 2

SW2960 ( )# name second_vlan

SW2960( )# vlan 3

SW2960 ( )# name third_vlan

suppose f0/1 connects to fas1

int f0/1

switchport

switchport trunk enc dot1q

switchport mode trunk

if you want to allow internet access the nat ACL needs more statements and Vlan2 and Vlan3 needs the ip nat inside command

Hope to help

Giuseppe

Sir, On which interface of the router should i connect the Switch and i have to assign any ip address on that interface ? What does this commands mean "ip nat inside and ip nat outside

Do i have to create vlans on both side router ans switch ?

Hello Samir,

1)

I supposed to connect

R877:fas1 ----- SW2960:f0/1

as a trunk port carrying vlans 1,2,3

2)

yes, L2 vlans have to be defined on both devices.

the router 877 uses the vlan database.

The switch can define l2 vlans within normal configuration mode (this is the modern way to do this step)

Hope to help

Giuseppe

Sir can you give me your mail ID so that i can take your help through the mail becoz trying to do thru the forum takes a long time

My mail id is samirshaikh52@gmail.com