cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
981
Views
0
Helpful
20
Replies
erdosain99
Beginner

2 Lan 2 Wan..... problem.

Hi. I have a Cisco 2901 (2 onboard GE) and 4 interfaces ethernet module.
I have to configure 2 Wan. and two Lan. It is possible in this cisco?
When I want to configure LAN interfaces of the module I get
"May not be IP addresses configured on L2 links" ... so I understand that I can not assign an ip. How i could have two Lan working?
Greetings and thanks to all
This is a google translation.

20 REPLIES 20
Mark Malone
VIP Mentor

Yes that's possible

As an option for the LAN you can use vlan interfaces for each LAN subnet on the router

interface vlan 10

ip address x.x.x.x x.x.x.x

Interface vlan 20

ip address x.x.x.x x.x.x.x

Then assign the layer 2 ports to the vlan from your block of 4 LAN ports or create a trunk port back to a switch allowing the vlans you want

interface fe0/1

switchport access vlan 10

interface vlan 20

switchport access vlan 20

or

interface fe0/1

switchport mode trunk

************************

The wan you can have 2 wan links on the GE interfaces they should take ip addresses no problem if there layer 3 interfaces

Then depending if your using BGP or just static default routing you could load balance the traffic or just have 1 wan link active at a time

ip route 0.0.0.0 0.0.0.0 x.x.x.x (WAN 1 )

ip route 0.0.0.0 0.0.0.0 x.x.x.x  220 (WAN 2 )

Thanks!

And if i want enable DHCP for the Lans???

How would assign to the ports?

If you want dhcp and you require to use the cisco devices rather than a server , you just create 2 scopes 1 for each vlan on the router

when the ports are assigned to the specific vlan and set as dhcp in their TCP/IP settings they will request an ip address and the router will respond with 1 from the correct pool

example need 2 of these pools

ip dhcp excluded-address 172.x.x.x  (excklude the vlan interface)
!
ip dhcp pool WIREDCLIENTVLAN.A
 network 172.x.x.x 255.255.255.0
 default-router 172.x.x.x (vlan interface)
 dns-server 8.8.8.8 8.8.4.4
 domain-name xxxx.com
 lease 0 2

ip dhcp excluded-address 172.x.x.x  (excklude the vlan interface)
!
ip dhcp pool WIREDCLIENTVLAN.B
 network 172.x.x.x 255.255.255.0
 default-router 172.x.x.x (vlan interface)
 dns-server 8.8.8.8 8.8.4.4
 domain-name xxxx.com
 lease 0 2

Thank you.
The DHCP works perfect. but...
I can ping to www.cisco.com from the cisco router.
But from the pc ....... no.
This is the configuration that I have so far.
What could happen ??
This is config
! Last configuration change at 13:56:39 UTC Fri May 20 2016                                         
version 15.3                                                                                        
service timestamps debug datetime msec                                                              
service timestamps log datetime msec                                                                
no service password-encryption                                                                      
!                                                                                                   
hostname Router                                                                                     
!                                                                                                   
boot-start-marker                                                                                   
boot-end-marker                                                                      
!                                                                                                   
no aaa new-model                                                                                    
!                                                                                                   
ip cef                                                                                              
!                                                                                                   
ip dhcp excluded-address 10.0.150.1                                                                 
ip dhcp excluded-address 10.0.20.1                                                                  
!                                                                                                   
ip dhcp pool Red150                                                                                 
 network 10.0.150.0 255.255.255.0                                                                   
 default-router 10.0.150.1                                                                          
 dns-server 192.168.1.1                                                                             
 lease 0 2                                                                                          
!                                                                                                   
ip dhcp pool Red20                                                                                  
 network 10.0.20.0 255.255.255.0                                                                    
 default-router 10.0.20.1                                                                           
 dns-server 192.168.1.1                                                                             
 lease 0 2                                                                                          
!                                                                                                   
ip name-server 192.168.1.1                                                                          
no ipv6 cef                                                                                         
!                                                                                                   
multilink bundle-name authenticated                                                                 
!                                                                                                   
voice-card 0                                                                                        
!                                                                                                   
license udi pid CISCO2901/K9 sn FTX180581WJ                                                         
hw-module pvdm 0/0                                                                                  
!                                                                                                   
redundancy                                                                                          
!                                                                                                   
interface Embedded-Service-Engine0/0                                                                
 no ip address                                                                                      
 shutdown                                                                                           
!                                                                                                   
interface GigabitEthernet0/0                                                                        
 ip address 192.168.1.11 255.255.255.0                                                              
 duplex auto                                                                                        
 speed auto                                                                                         
!                                                                                                   
interface GigabitEthernet0/1                                                                        
 no ip address                                                                                      
 shutdown                                                                                           
 duplex auto                                                                                        
 speed auto                                                                                         
!                                                                                                   
interface GigabitEthernet0/1/0                                                                      
 switchport access vlan 150                                                                         
 no ip address                                                                                      
!                                                                                                   
interface GigabitEthernet0/1/1                                                                      
 switchport access vlan 20                                                                          
 no ip address                                                                                      
!                                                                                                   
interface GigabitEthernet0/1/2                                                                      
 no ip address                                                                                      
!                                                                                                   
interface GigabitEthernet0/1/3                                                                      
 no ip address                                                                                      
!                                                                                                   
interface Vlan1                                                                                     
 no ip address                                                                                      
!                                                                                                   
interface Vlan20                                                                                    
 ip address 10.0.20.1 255.255.255.0                                                                 
!                                                                                                   
interface Vlan150                                                                                   
 ip address 10.0.150.1 255.255.255.0                                                                
!                                                                                                   
ip default-gateway 192.168.1.1                                                                      
ip forward-protocol nd                                                                              
!                                                                                                   
no ip http server                                                                                   
no ip http secure-server                                                                            
!                                                                                                   
ip route 0.0.0.0 0.0.0.0 192.168.1.1                                                                
!                                                                                                   
control-plane                                                                                       
!                                                                                                   
mgcp behavior rsip-range tgcp-only                                                                  
mgcp behavior comedia-role none                                                                     
mgcp behavior comedia-check-media-src disable                                                       
mgcp behavior comedia-sdp-force disable                                                             
!                                                                                                   
mgcp profile default                                                                                
!                                                                                                   
gatekeeper                                                                                          
 shutdown                                                                                           
!                                                                                                   
line con 0                                                                                          
line aux 0                                                                                          
line 2                                                                                              
 no activation-character                                                                            
 no exec                                                                                            
 transport preferred none                                                                           
 transport input all                                                                                
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh                                      
 stopbits 1                                                                                         
line vty 0 4                                                                                        
 login                                                                                              
 transport input all                                                                                
!                                                                                                   
scheduler allocate 20000 1000                                                                       
!                                                                                                   
end 

Your config does not include any network address translation. For a PC connected in one of your LANs with a private IP address to access the Internet then there must be NAT or PAT to translate the private address.

HTH

Rick

HTH

Rick

As Richard noted no nat no internet for internal devices , do you require assistance with that config we can provide if your stuck  ?

ip nat inside on each vlan and ip nat outside on the wan port then overload is probably required take a look at this any issues just post we can try assist

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/260-cisco-router-nat-overload.html

Ok, thats work perfect!!

A consultation ...
You can make speed control ip?
Thank you

I am glad that our suggestions about network address translation were helpful. I do not understand your question about speed control ip. Can you provide some clarification?

HTH

Rick

HTH

Rick

Hi.

I wish the Lan 1 had 1MB download and 512KB upload. And Lan 2 have only 512kb download and 252KB upload (eg.)
It's possible??

Greetings and thank you very much!

by the way, finally I'll just make use of a Wan .

Hi

You can use MQC QOS to restrict/provide bandwidth per subnet and protocol on your router , its very flexible you should be able to tweak it for what you require

The policy would be then applied to your wan interface (ISP)

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_mqc/configuration/xe-3s/qos-mqc-xe-3s-book/qos-apply.html

Example: Creating a Traffic Class

In the following example, two traffic classes are created and their match criteria are defined. For the first traffic class called class1, access control list (ACL) 101 is used as the match criterion. For the second traffic class called class2, ACL 102 is used as the match criterion. Packets are checked against the contents of these ACLs to determine if they belong to the class.

Router(config)# class-map class1
Router(config-cmap)# match access-group 101
Router(config-cmap)# exit
Router(config)# class-map class2
Router(config-cmap)# match access-group 102
Router(config-cmap)# end

Example Creating a Traffic Policy

In the following example, a traffic policy called policy1 is defined. The traffic policy contains the QoS features to be applied to two classes--class1 and class2. The match criteria for these classes were previously defined (as described in the Example Creating a Traffic Class).

For class1, the policy includes a bandwidth allocation request and a maximum packet count limit for the queue reserved for the class. For class2, the policy specifies only a bandwidth allocation request.

Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 3000
Router(config-pmap-c)# queue-limit 30
Router(config-pmap-c)# exit
Router(config-pmap)# class class2
Router(config-pmap-c)# bandwidth 2000
Router(config-pmap-c)# end

Example: Attaching a Traffic Policy to an Interface

The following example shows how to attach an existing traffic policy to an interface. After you define a traffic policy with the policy-map command, you can attach it to one or more interfaces by using the service-policy command in interface configuration mode. Although you can assign the same traffic policy to multiple interfaces, each interface can have only one traffic policy attached in the input direction and only one traffic policy attached in the output direction.

Router(config)# interface fastethernet 1/1/1
Router(config-if)# service-policy output policy1
Router(config-if)# exit
Router(config)# interface fastethernet 1/0/0
Router(config-if)# service-policy output policy1
Router(config-if)# end

Hi.
OK thank you very much.
I want the ip delivered by dhcp. have a lower bandwidth. It's possible?
That static ip have the bandwidth, corresponding to Lan. And the dhcp have a value less bandwidth.
thanks!

I know that the translation is bad, I hope to be understood.

I don't really understand that are you saying you want to restrict DHCP broadcast traffic ?

Could you not just assign users longer leases to reduce the traffic if there moving around the network a lot and constantly requesting address from the server

I have never seen qos used to do that with dhcp , ftp an other intensive bandwidth resource protocols yes definitely

really dhcp should not be using so much bandwidth that you need to restrict it

Thanks!

Hi. No. What I want is to reduce the bandwidth of machines with ip by dhcp.

I want the machines with ip by dhcp, have less bandwidth than those with static ip.

For example, the pc with ip by dhcp can not exceed 512kb bandwidth.

Thanks again! (and sorry, i can understand, but cannot write)

Hi

yes that's possible but you would either need to know the full subnet for the DHCP users and match the class-map with an acl against them and then set their bandwidth to be 512kb

so like the example above your DHCP users say would be using acl 101 that would be there subnet , they would be class1 so where bandwidth 3000 is you would change that to 512 or 512000 depending what the platform is using , use the question mark ? after the bandwidth statement to check , you can then police either if required