Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8891
Views
20
Helpful
16
Replies

Cisco 891 Router Config for Subnets

Go to solution
ecilop2010
Level 1
Level 1

‎03-12-2018 10:45 PM - edited ‎03-08-2019 02:14 PM

Hi.  I have some questions when it comes to configuring subnets on my Cisco 891 Router.  I have the DHCP pools setup on a DHCP Server to lease the IP's each of the subnets. 

 

Subnets: 172.16.10.x, 172.16.11.x, 172.16.12.x, 172.16.13.x, and 172.16.15.x

 

So I am not sure what I need to add to my router config so that that when one DHCP runs out it will start using the the other subnets.  Although ideally each building is on a subnet but should be able to communicate on the network with the other subnets.  I also have Cisco 3850 and 2960 switches at the other buildings so I am sure I have to add some programming into the switches as well to get this to work.  Can someone help me and point me in the right direction to get this to work?

 

Below is my current config, but I am lost on what to do to get the subnetting to work with the DHCP server which is separate from the router and then obviously what I need to do with my switches.  The switches between each. building is connected by multimode fiber and each switch has a SFP connected to FIber to pull the internet from the main building.  I preferably need these subnets so that I don't run out of IP addresses.  Any help would be greatly appreciated:

 

version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname H0455
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone Chicago -6 0
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-2330784270
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2330784270
 revocation-check none
 rsakeypair TP-self-signed-2330784270
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 172.16.10.1 172.16.10.20
!
ip dhcp pool ccp-pool
 import all
 network 172.16.10.0 255.255.255.0
 default-router 172.16.10.1
 dns-server 97.64.168.10
 lease 0 2
!
!
!
ip domain name lincolnschallenge.org
ip name-server 97.64.168.10
ip name-server 97.64.183.163
ip name-server 97.64.209.35
ip name-server 97.64.168.11
ip name-server 97.64.183.162
ip name-server 97.64.209.34
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
license udi pid C891FW-A-K9 sn FJC2053L1JX
!
!
ip ssh port 2001 rotary 1
ip ssh version 2
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface FastEthernet0
 ip address 104.xxx.xxx.xx (Static IP from ISP) 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
!
interface GigabitEthernet2
 no ip address
!
interface GigabitEthernet3
 no ip address
!
interface GigabitEthernet4
 no ip address
!
interface GigabitEthernet5
 no ip address
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 no ip address
!
interface GigabitEthernet8
 no ip address
 duplex auto
 speed auto
!
interface Wlan-GigabitEthernet8
 no ip address
!
interface wlan-ap0
 description Embedded Service module interface to manage the embedded AP
 no ip address
!
interface Vlan1
 description LCA
 ip address 172.16.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Async3
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat pool ccp-pool 172.16.10.21 172.16.10.240 netmask 255.255.255.0
ip nat inside source list 7 interface FastEthernet0 overload
ip nat inside source list 23 interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx (IP address Gateway from ISP)
ip route 172.16.10.0 255.255.255.0 FastEthernet0
!
no cdp run
!
access-list 7 permit 172.16.10.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
banner login ^Cine
UNAUTHORIZED ACCESS IS PROHIBITED!! ALERTS SENT TO AUTOMATICALLY TO ADMIN!! ^C
!
line con 0
 no modem enable
 speed 19200
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line 3
 modem InOut
 speed 115200
 flowcontrol hardware
line vty 0 4
 access-class 7 in
 exec-timeout 5 0
 transport input ssh
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
16 Replies 16

Go to solution
paul driver
VIP
VIP

‎03-15-2018 03:24 AM

Hello Chris

Can you confirm if your router is suppose to perfroming the intervlan routing for your clients or do you have a layer 3 core switch designated to do this?

 

It all depends on your topology and how its physcally setup should dpend on how you confiure your network, but suffice to say a 891 router perfroming intervlan routing for a possible 1200+ hosts would be a bit much on the load on the rtr.

Can you post a diagram of this if applicable?

 

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
ecilop2010
Level 1
Level 1
In response to paul driver

‎03-17-2018 05:48 PM

Paul,

I have tried to draw up a diagram of the network and how it is setup.  Obviously there is a Domain Controller, DNS and DHCP Server which is on the network.  Machines should get a DHCP address from the server and that DHCP address should be based on which building (switch) it is coming from.  The reason we have different subnets is so that we can isolate different networks if the need arises for one and so that each Building has several IP's available to them..  We have WAP's in each building which would also consume some of the IP addresses in that building.  If I didn't have these subnets I would run out of IP addresses for all the buildings.  That is the biggest reason I want to do this.  I am confident that the router I have can handle the number of hosts from all buildings.  Please find attached the diagram I have drawn up.  Hopefully it is not too confusing and if you have any questions I will try to clarify them.

 

Thanks,

Chris

Preview file
910 KB
0 Helpful
Customers Also Viewed These Support Documents