cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1313
Views
0
Helpful
7
Replies
Highlighted

Basic 861 interfaces configuration

Hello and thanks in advance for the help.

I have a Cisco 861 and am trying to configure a very basic LAN setup. I have a lot of experience with an 1841 router and am used to working with subinterfaces and connected the router to a separate switch to separate vlan traffic and what not...

The 861 has 1 WAN port, Fa4, and 4 switchports, Fa0-3.

Now, all I am trying to do is establish a LAN segment with PAT. I have the WAN interface working good. I have a static IP and the default route is set... I can ping addresses on the internet. I also have the vty lines setup with SSH and all is working.

Now the LAN configuration is the part I can't seem to figure out. I tried adding an IP to VLAN 1 and doing an extended ping from the address I assigned to the vlan, no success...

Honestly, I'm not sure how to configure the LAN on this at all. I've taken some unsuccessful configuration guesses, but I thought it would be much more time efficient to have someone explain how to configure an ISR router with an embedded switch. I actually have an 1841 in house that has a 4 port switch connected to an addin slot... that I have never been able to use... I assume because I have the same problem understand how it is supposed to be used.

I have read through the configuration guides for the 860 series.. and wasn't able to find much help. I figure I need either to configure the vlans properly or configure a loopback interface... Thanks for the help!

7 REPLIES 7
Highlighted
Hall of Fame Expert

Hi James,

How many vlans are you planning to deploy?

Do you have a switch/hub sitting behind this router?

Cab you post "sh run" and sh ver?

HTH

Highlighted
Advisor

Hi,

suppose you have a PC in vlan 10 on port f1/0 then the config would be:

int vlan 10

ip address x.x.x.x y.y.y.y

no sh

int f1/1

switchport mode access

switchport access vlan 10

Regards.

Alain.

Don't forget to rate helpful posts.
Highlighted

Thank you for the replies.

My initial idea was to deploy 2 vlans, SERVERS and LAN, with intervlan routing so the networks can communicate. Here is the configuration as it stands right now. This is totally cut down to only the essentials and one vlan. The IOS image appears to be limited to only 2 vlans and since vlan 1 cannot be deleted, I believe that I must use it and then configure a second vlan. This configuration current will not allow an extended ping from the inside address of vlan 1 on the router. A standard ping to the net works.

Edit: I only have a few devices to connect to the network at the moment, so I was going to use the switchports built into the router for switching.

Lab#sho ver

Cisco IOS Software, C860 Software (C860-UNIVERSALK9-M), Version 12.4(20)T5, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Mon 08-Mar-10 17:36 by prod_rel_team

ROM: System Bootstrap, Version 12.4(15r)XZ5, RELEASE SOFTWARE (fc1)

Lab uptime is 3 hours, 33 minutes

System returned to ROM by reload

System image file is "flash:c860-universalk9-mz.124-20.T5.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 861 (MPC8300) processor (revision 0x100) with 249856K/12288K bytes of memory.

Processor board ID FTX141482E3

5 FastEthernet interfaces

256K bytes of non-volatile configuration memory.

126000K bytes of ATA CompactFlash (Read/Write)

License Information for 'c860-data'

    License Level: advsecurity   Type: Permanent

    Next reboot license Level: advsecurity

Configuration register is 0x2102

Lab#sho run

Building configuration...

Current configuration : 1323 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Areas_Micros_Lab

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 *****

!

no aaa new-model

!

!

ip source-route

!

!

ip cef

no ip domain lookup

ip domain name xxxxx.local

ip name-server 208.67.220.220

ip name-server 208.67.222.222

ip name-server 66.155.216.122

ip name-server 207.59.153.242

!

!

!

!

username ***** privilege 15 secret 5 *****

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 207.x.x.x 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

ip address 10.255.255.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 207.x.x.x

no ip http server

no ip http secure-server

!

ip nat inside source list 10 interface FastEthernet4 overload

!

access-list 10 permit 10.255.255.0 0.0.0.255

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login local

transport input ssh

!

scheduler max-task-time 5000

end

Lab#

Highlighted

This is what I am trying to do with the pings...

Lab#ping 208.67.222.222

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

Lab#ping

Protocol [ip]:

Target IP address: 208.67.222.222

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.255.255.254

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:

Packet sent with a source address of 10.255.255.254

.....

Success rate is 0 percent (0/5)

Lab#

Highlighted

Hi,

access-list 10 permit 10.255.255.0 0.0.0.255 

How the IOS let you configure this? the wildcard mask is not good it must be 0.0.0.255

do a sh ip int br | exc unna to verify int vlan1 is up/up change the wildcard in the ACL and then try again

if it still doesn't work then do debug ip nat and try again.

By the way for your extended ping you can do : ping 208.67.222.222 source 10.255.255.254

Regards.

Alain.

Don't forget to rate helpful posts.
Highlighted

Hi Alain,

The wildcard mask is 0.0.0.255, which is correct.

As Alain noted, can you try ping 208.67.222.222 source 10.255.255.254 or ping 208.67.222.222 source vlan1

Highlighted

Alain,

Thanks for the tip on the extended ping... much easier.

The ACL was and is configured correctly. I'm not sure what you mean about the wildcard mask... it is 0.0.0.255... both in the configuration, and as listed on your reply.

When I do a sho ip bri, vlan 1 is up/down...

So, given that information, I was able to make it work! I knew the problem/answer was simple...

I didn't have any devices connected to the switchports on the router. Therefore, Vlan1 did not come up... which caused the pings from the inside interface were failing.

Oh man I wish I would have realized that yesterday... Thank you to those that helped!

Content for Community-Ad