cisco 867 switchport LAN and WAN ethernet

robertsouthgate · ‎01-30-2014

Hi,

I am trying to configure a cisco 867 router. It has a FastEthernet switchport with 4 ports, but am not that familiar with switchports and splitting them up.

How would I go about configuring one of the ports for WAN (with one IP) and configuring another port for LAN (with a different IP) and route between the two. Both interfaces actually have external IPs (in different ranges), although I assume that shouldn;t make much of a difference in the configuration.

Thanks

Jon Marshall · ‎01-30-2014

Robert

I'm not familiar with the 867 but it sounds like you don't want to use the ADSL interface and the WAN connection is ethernet ?

If so you can try this -

vlan 10 = LAN

vlan 11 = WAN

int fa0

switchport access vlan 10

int fa1

switchport access vlan 11

int vlan 10

ip address x.x.x.x

no shut

int vlan 11

ip address y.y.y.y

no shut

note that the L3 vlan interfaces will not come up until you have physical devices connected to the fa ports.

You should then be able to route between these subnets.

Jon

robertsouthgate · ‎01-30-2014

Hi,

I have tried this, but it hasn't worked or at least I am still unable to route between the interfaces. I cannot ping the WAN side (Fe1), only the LAN side (Fe0)

I also get an error saying "Vlan can not be added. Maximum number of 2 vlan(s) in the database."

Any ideas?

I have tried deleting any vlan interfaces I can see in the config, but this hasn't helped.

cadet alain · ‎01-30-2014

Hi,

deleting the SVI(vlan interface ) doesn't get rid of the vlan, to get rid of the other vlan than vlan 1 then issue no vlan x where x is vlan number in config mode.

then create the new vlan with vlan x command and assign the second interface to this vlan and put an ip address on the SVI in correct subnet.

Regards

Alain

Don't forget to rate helpful posts.

robertsouthgate · ‎01-30-2014

Thanks got that, however I am still unable to route between the interfaces. I don't want to use NAT simply to use the router as pass through for an ethernet service. I can ping out from the router to the internet but not from the LAN side.

I have config as the following:

interface FastEthernet0

description WAN

!

interface FastEthernet1

description LAN

switchport access vlan 2

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 192.168.101.247 255.255.255.0

!

interface Vlan2

ip address x.x.x.93 255.255.255.252

!

ip forward-protocol nd

!

ip route 0.0.0.0 0.0.0.0 192.168.101.1

Jon Marshall · ‎01-30-2014

Robert

So is the LAN side vlan 2 ?

If so on the device that is the next hop ie. 192.168.101.1 you need to add a route for the vlan 2 network so that device knows how to get back to the subnet.

If you cannot add a route then you could use NAT but can you confirm which is the LAN interface. If it is vlan 2 then can i ask why you are using public addressing on the LAN ?

Jon

cadet alain · ‎01-30-2014

Hi,

if you have a private IP on LAN side then you need to NAT.

I don't want to use NAT simply to use the router as pass through for an ethernet service

Can you elaborate ?

Regards

Alain

Don't forget to rate helpful posts.

cadet alain · ‎01-30-2014

Hi,

conf t

vlan 2

int f0/0

desc LAN

switchport access vlan 1

int f0/1

desc WAN

switchport access vlan 2

int vlan 1

ip add 192.168.1.254 255.255.255.0

int vlan 2

ip add 192.168.2.254 255.255.255.0

Of course change the IP/mask accordingly

EDIT: jon beat me on this

Regards

Alain

Don't forget to rate helpful posts.

Nish Vamadevan · ‎01-30-2014

It is fairly simple to achieve and I have done similar setup on an 877w with an external modem.

First, we setup FastEthernet3 as part of VLAN 20, which will be our VLAN Interface for the WAN

!
interface FastEthernet3
 description EXTERNAL DSL IPoATM
 switchport access vlan 20
!

Then we setup Interface Vlan20 and add the IP Address & Subnet Mask given by the ISP. Here is an example...

!
interface Vlan20
 description EXTERNAL DSL IPoATM VLAN INTERFACE
 ip address 87.194.x.x 255.255.x.x
 ip nat outside
 ip virtual-reassembly
!

Then add the default route as follows. The Default-Gateway IP Address is given by the ISP.

!
ip route 0.0.0.0 0.0.0.0 87.194.x.x
!

And add the NAT Statements as follows. Interface VLAN 20 becomes the outside interface, as for Inside Interface, it could use be BVI/Dot11Radio etc. I am using the WIRED ACL which actually match the LAN Subnet.

!
ip nat inside source list WIRED interface Vlan20 overload
!

Hope this helps... and you can see my post here...

http://www.nish.com/2012/04/cisco-877w-with-external-modem-rfc-1493-ipoatm/