Cisco 1921 - Can I Route With The 2 Gi0/x Interfaces?

inverted_2000 · ‎09-17-2013

Hi everyone,

I haven't done any Cisco work in a while, and I obtained a new 1921 router with a EWIC card for a T1 line that we were going to route for a VoIP project with. Turned out the carrier supplied us with their own router so now I can repurpose this 1921 for our data line, to upgrade from a Linksys.

Now, this customer has TimeWarner Cable for their dataline. So there's a cable modem in the office and it is a bridge which just passed packets to the Linksys before via straight ethernet.

I don't think I can use the EWIC in this case now, but can I use the 2 onboard Gigabit interfaces...one to the modem and one to the LAN switch?

If so, can you explain the steps of the commands to use (ACL? Default Route?)

Thanks a ton!!!

John Blakley · ‎09-17-2013

You should be able to connect the cable modem to the router on one of the ports and the other would go to the lan. If your Linksys was doing nat before, you'd need to configure nat on this router unless you have something else doing that for you.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

inverted_2000 · ‎09-19-2013

It's not in the thread now...but Tarjeet Singh
posted this:

aaa new-model

!

ip domain name XXX

ip inspect name Firewall tcp

ip inspect name Firewall udp

ip inspect name Firewall icmp

ip inspect name Firewall https

interface GigabitEthernet0/0

description Uplink To Internet | IP

ip address x.x.x.x x.x.x.x

ip access-group Outside_In in

ip nat outside

ip inspect Firewall out

interface GigabitEthernet0/1

description Inside Lan -

ip address 10.0.0.1 255.0.0.0

ip nat inside

ip nat inside source list No_NAT interface GigabitEthernet0/0 overload

ip access-list extended No_NAT

deny ip 10.0.0.0 0.0.255.255 10.0.0.0 0.255.255.255

deny ip 10.0.0.0 0.0.255.255 172.16.0.0 0.0.255.255

deny ip 10.0.0.0 0.0.255.255 192.168.0.0 0.0.255.255

permit ip any any

ip route 0.0.0.0 0.0.0.0 x.x.x.x (next hop ISP router)

ip route 10.0.0.0 255.0.0.0 10.0.0.1 (pointing to next hop inside if there is L3 switch behiend)

ip access-list extended Outside_In

permit icmp any any echo

deny ip any any

(Allow all traffic which need access)

ip access-list extended VTY-ACL

permit ip 10.0.0.0 0.0.255.255 any

(allow traffic which ever need acc to router)

line vty 0 4

access-class VTY-ACL in

privilege level 15

transport input telnet ssh

transport output telnet ssh

!

inverted_2000 · ‎09-19-2013

I think I'm reading this correctly...and I'm preping in my lab with this.

I want the Gi0/0 interface to have 172.20.2.254 on it and the Gi0/1 to have 172.20.0.254

Currently the Linksys uses 172.20.0.1 so I would just have to change up the Gi0/0 IP address to use the static IP from TimeWarner and then I should be ok?

I have some porting rules I'll need to apply for remote access (RDP) but other then that does this all look good?

John Blakley · ‎09-19-2013

Do you have a public address? If so, is it being handed over to your Linksys now? You said that the Linksys uses 172.20.0.1, but that would indicate that the TWC equipment is doing the natting for you. Is that the case?

Thanks,

John

HTH, John *** Please rate all useful posts ***

inverted_2000 · ‎09-19-2013

Yes...I have a static global IP...the Linksys LAN IP is 172.20.0.1.

In my lab I want the LAN IP of the Cisco to be the same...172.20.0.1.

The WAN IP on the Linksys now is a global IP...but to simulate that at home in my lab I'd like to use 172.20.2.254 as the WAN IP so I can uplink it to my core home router.

inverted_2000 · ‎11-06-2013

hey guys,

Will this config allow me to add NAT mappings, for example RDP to an internal address of

10.10.10.100

Also...what if I want to setup vlans on the switch that I have...at cisco switch in the future.

I'll need 2 vlans...one for desktops and one for server traffic.

I remember I need sub interfaces on this...or do I?

If so...what do I do about that and if possible can you show me?

Thank you all!