Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4239
Views
0
Helpful
14
Replies

Cisco 887VA Assigning ip and routing to port address

sanjay.chauhan38
Level 1
Level 1

‎11-13-2015 03:45 AM - edited ‎03-08-2019 02:41 AM

Hi All,

I am fairly new to Cisco networking so please bare with me - this might be an easy question for someone :-)

In my company, we are running a Cisco router 887VA at one of our sites.  The router is only providing a basic internet connection.

This is the problem i have...

PC with IP 172.17.0.50 has been connected to our router - router ip is 192.168.0.1.  There is a vlan1 which is configured already with 192.168.0.1.

How can i configure interface fastethernet 2 which is where the PC is plugged into to be able to see our router?  Do i need to configure another vlan and assign to fe2?

I know easiest option would be to change the ip of the PC to be in same range at router but PC is locked down by a different company.

Any help guidance would help a lot!

Thanks a lot

Labels:
0 Helpful
14 Replies 14

Andre Neethling
Level 4
Level 4

‎11-13-2015 04:01 AM

HI. If you can see the PC's default gateway then you can try this:

create a new vlan interface (eg. interface vlan2)

give the Vlan interface the IP of the gateway of the PC you are trying to connect to your router.

Then add interface fe2 to vlan 2. See config below.

This config is assuming you are using the CLI of the roter:

 conf t

interface vlan2

  ip address <address_of_the_PC_ gateway> <subnet_mask>

interface fa2 (or 0/2)

 switchport access vlan 2

That should get you connected.

0 Helpful

sanjay.chauhan38
Level 1
Level 1
In response to Andre Neethling

‎11-13-2015 04:08 AM

Thanks Andre.

What if there is no gateway defined on the PC - does the pc need the df configured for router to see it?

Thanks again!

0 Helpful

Andre Neethling
Level 4
Level 4
In response to sanjay.chauhan38

‎11-13-2015 04:12 AM

If you need the PC to access anything beyond it's connected network you will need a gateway.

So if you only need it to access the router, then it should be ok.

0 Helpful

sanjay.chauhan38
Level 1
Level 1
In response to Andre Neethling

‎11-13-2015 04:21 AM

OK thanks.

The company which the pc belongs to require temp remote access to it.  What i wanted to do was port forward say 3389 TCP/UDP incoming from WAN IP to the PC address 172.17.0.50 3389.  If the PC can see the router, then in theory i should be able to do this??  Will a gateway still be required for this use?

Thanks,

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sanjay.chauhan38

‎11-13-2015 05:32 AM

If you have configured a L3 interface on the router for the 172.17.0.x subnet then if the PC has no default gateway it may or may not work and you would need to test it.

When the traffic arrives at the PC the src IP is a WAN IP.

So the PC would then send the return traffic to it's default gateway. 

If the PC doesn't have a default gateway it should just send an arp for the WAN IP and the router should respond to that arp request if it is running proxy arp on the L3 interface which it should be by default.

So it depends really and like I say you will have to test it.

Jon

0 Helpful

sanjay.chauhan38
Level 1
Level 1
In response to Jon Marshall

‎11-13-2015 06:47 AM

Thank you guys for your inputs, much appreciated.

I have now managed to get it working.  As Andre explained, I configured a new vlan2 and assigned to the port in which the pc is connected to.  I can now ping the PC from the router.

Thanks all for your inputs!

0 Helpful

sanjay.chauhan38
Level 1
Level 1
In response to sanjay.chauhan38

‎11-17-2015 07:53 AM

Hi Guys,

Just another quick question which I am hoping somebody can help too?

After configuring the 2 VLANS, the router can now see the PC.

However I would like to port forward incoming traffic on Dialler0 interface to the PC ip address.  I have put the rule in but still does not work.  port is RDP 3389.

For this to work, do both Vlans need to be able to talk to one another?

Thanks,

0 Helpful

Andre Neethling
Level 4
Level 4
In response to sanjay.chauhan38

‎11-17-2015 08:04 PM

Can you please post your command you have entered for the poert forward/NAT rule?

As Jon mentioned earlier. It may, or may not work without a default gateway on the PC. Do you have any access at all to the PC? Like Command prompt access?

0 Helpful

sanjay.chauhan38
Level 1
Level 1
In response to Andre Neethling

‎11-18-2015 12:47 AM

This are the rules I have put in along with some further info...

At the moment I do not have access to 172.17.0.51 (PC) to input a gateway

ip nat inside source static udp 172.17.0.51 3389 interface Dialer0 3389
ip nat inside source static tcp 172.17.0.51 3389 interface Dialer0 3389
!
interface Vlan1
 description LAN INSIDE
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan2
 ip address 172.17.0.200 255.255.255.0
!
interface Dialer0
 description BT
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip route-cache policy
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname xxxxxxxxxxxxxxxxxxx
 ppp chap password xxxxxxxxxxxxxxxxxx
 ppp ipcp dns request
 ppp ipcp mask request
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable

0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to sanjay.chauhan38

‎11-18-2015 05:10 AM

please share the config of fastethernet interfaces.

Did you assign one of the fast interface to VLAN 2? PC with the IP of 172 is connected to which interface?

Also share the output of

Show vlan or show vlan-switch

Masoud

0 Helpful

paul driver
VIP
VIP
In response to Andre Neethling

‎11-18-2015 02:21 AM

Hello

You could have applied the 172.17.0.0/24 as a secondary address under the vlan1 interface, then the pc doesnt need a Default-gateway


int vlan 1
ip address 172.17.1.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside

access-list 1 permit 172.17.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source static tcp 172.17.1.50 3389 interface Dialer0 3389
ip nat inside source static udp 172.17.1.50 3389 interface Dialer0 3389
ip route 0.0.0.0 0.0.0.0 Dialer0

res
Paul




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to sanjay.chauhan38

‎11-17-2015 08:24 PM

Hello,

It should be like this:

************************************

ip nat inside source static tcp 172.17.0.50 3389 interface Dialer1 3389


Interface Dialer 0  [Your wan interface]
IP nat outside


Int vlan 2
IP nat inside

******************************

If your interface Dialer 0 has IP address, you can replace red part with the IP address of dialer interface.

PC requires to have default gateway.

Hope it helps,

Masoud

0 Helpful

HAMZA NISAR
Level 1
Level 1
In response to Masoud Pourshabanian

‎01-04-2023 08:07 AM

Hi i need you help i have Cisco 887VA model router i'm trying to add ip address on port but it is showing that % IP addresses may not be configured on L2 links. is there any way to add ip address on ports. i want to do nating outside and inside.

0 Helpful

sardarrom
Level 1
Level 1
In response to sanjay.chauhan38

‎03-09-2021 08:19 AM

hi @sanjay.chauhan38 

please could you tell me how did u make it work??

I am having trouble as well to make my second vlan pass through internet

pls share ur knowledge thanks

0 Helpful
Customers Also Viewed These Support Documents