2 Lan 2 Wan..... problem. - Page 2

erdosain99 · ‎05-19-2016

Hi. I have a Cisco 2901 (2 onboard GE) and 4 interfaces ethernet module.
I have to configure 2 Wan. and two Lan. It is possible in this cisco?
When I want to configure LAN interfaces of the module I get
"May not be IP addresses configured on L2 links" ... so I understand that I can not assign an ip. How i could have two Lan working?
Greetings and thanks to all
This is a google translation.

erdosain99 · ‎06-07-2016

Hi...... sorry but... i dont know how to "know the full subnet for DHCP"...

DHCP goes from 10.0.150.153 to 10.0.150.254

and 192.168.9.153 to 10.0.150.254

but i dont know how to do a access list for the range.... what would be the syntax??

Thanks!

Mark Malone · ‎06-07-2016

Hi

The scope you have in the original post is a /24 class C , I don't see any scope set for a 192 range

access-list 176 permit ip 10.0.150.0 0.0.0.255 any

Then under your class-map you would set the acl

class-map class1

match access-group 176

....................................................................................................

ip dhcp pool Red150
network 10.0.150.0 255.255.255.0
default-router 10.0.150.1
dns-server 192.168.1.1
lease 0 2

erdosain99 · ‎06-08-2016

but i want a acl just for the DHCP... to put that acl in the class-map...

Remember that just want to control the bandwidth in the IP delivered by the dhcp.

This is the config...

! Last configuration change at 17:49:07 UTC Mon Jun 6 2016
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
!
ip dhcp excluded-address 10.0.150.1 10.0.150.153
ip dhcp excluded-address 192.168.9.1 192.168.9.153
!
ip dhcp pool Red150
network 10.0.150.0 255.255.255.0
default-router 10.0.150.1
dns-server 192.168.1.1
lease 0 2
!
ip dhcp pool Red9
network 192.168.9.0 255.255.255.0
default-router 192.168.9.1
dns-server 192.168.1.1
lease 0 2
!
ip name-server 192.168.1.1
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
license udi pid CISCO2901/K9 sn FTX180581WJ
hw-module pvdm 0/0
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.11 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.9.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
switchport access vlan 150
no ip address
!
interface GigabitEthernet0/1/1
switchport access vlan 150
no ip address
!
interface GigabitEthernet0/1/2
switchport access vlan 150
no ip address
!
interface GigabitEthernet0/1/3
switchport access vlan 150
no ip address
!
interface Vlan1
no ip address
!
interface Vlan150
ip address 10.0.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 109 interface GigabitEthernet0/0 overload
ip nat inside source list 150 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 109 remark ==Red9==
access-list 109 permit ip 192.168.9.0 0.0.0.255 any
access-list 110 remark ==DHCP-Red9==
access-list 150 remark ==Red 150==
access-list 150 permit ip 10.0.150.0 0.0.0.255 any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
shutdown
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

THANKS!!

Joseph W. Doherty · ‎05-19-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

A couple of notes:

Often L2 interfaces for routing, on ISRs, don't offer all the same features as a L3 interface port.

L2 interfaces, on ISRs, might not offer the same performance of the built-in ports.

(BTW, often ISRs can obtain add additional L3 ports, as modules.)

erdosain99 · ‎05-19-2016

but is posible enable dhcp for each Lan??

Thanks

paul driver · ‎05-20-2016

Hello

Just like to add marks excellent post, that if you do use floating default static addressing be aware that if you lost connectivity somewhere off the WAN1 network, you may get a blackhole senario as to when your router still thinks that it primary next hop is valid which it may well be but the some outage is occurring elsewhere.

I would suggest apply some IP SLA tracking towards an remote ip available via WAN1 network sourcing from your WAN1 Lan connection, then if that become unavailable your primary default static will be removed from router routing table and the secondary default will be used.

Example:

ip sla 10
icmp-echo (remote wan1 ip) source-ip vlan 10 svi ip
frequency 5
ip sla schedule 10 life forever start-time now

track 10 rtr 10 reachability

Ip route 0.0.0.0 0.0.0.0 <WAN1 nexthop ip> track 10

ip route 0.0.0.0 0.0.0.0 <WAN2 nexthop ip> 220

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul