10-09-2011 12:20 PM - edited 03-07-2019 02:41 AM
Hi,
Hi there, I am a new member here. Here is a question I have maybe one of you Cisco geniuses could shed some light.
Let me first explain:
Internet connection is BT Business (PPOA) ADSL Fixed IP
I would like to have a network with a DMZ and a corporate LAN.
I would like to segment the DMZ and Corp LAN at layer2 (using VLANs).
The DMZ is to be unfiltered internet, and the corp LAN filtered, but allowing Traffic for our mail server.
The Cisco Device I have purchased is a Cisco 877W with the advanced IP services IOS
**See the show version command below** & **sh run**
The way I am configuring the 877W is as follows:
Creating 2 SVI’s VLAN 10 & 20
10 with an ip of 192.168.211.254/24 & 20 with an ip of 192.168.2.254/24
10 with a DHCP pool
20 without a DHCP pool
I still have not figured how these devices on the different interfaces will then communicate to the dialer…
I would like to associate the interface Dot11Radio0 with the DMZ VLAN 10
Lets worry about the above, when I solve my next problem…
I have a very strange situation on my hands, for some reason when I connect my pc up to any one of the fa ports apart from fa0 native VLAN, I can’t ping the SVI’s. Yes the NIC on my pc would be on the correct network, Say 192.168.211.1/24 for VLAN10 and 192.168.2.1/24 for VLAN 20.
Also I also tried creating subinterfaces (router on a stick) on this router but I am not able to?...
And why is it that sh vlans gives me this output?
SilkR1#sh vlans
No Virtual LANs configured.
SilkR1#sh vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0
10 VLAN0010 active Fa1
20 VLAN0020 active Fa2, Fa3
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
**sh version output**
SilkR1#sh version
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 15.1(4)M2, R
ELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 27-Sep-11 00:18 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
SilkR1 uptime is 10 hours, 36 minutes
System returned to ROM by reload
System image file is "flash:c870-advipservicesk9-mz.151-4.M2.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 877W (MPC8272) processor (revision 4.0) with 118784K/12288K bytes of memor
y.
Processor board ID FCZ131790GF
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
1 802.11 Radio
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)
**sh run**
SilkR1# sh run
Building configuration...
Current configuration : 3509 bytes
!
! Last configuration change at 01:35:37 UTC Fri Mar 1 2002
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SilkR1
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-973792425
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-973792425
revocation-check none
rsakeypair TP-self-signed-973792425
!
!
crypto pki certificate chain TP-self-signed-973792425
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39373337 39323432 35301E17 0D303230 33303130 30353634
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3937 33373932
34323530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B52C9DE7 235772EA 431677C2 CF039053 1E364F2A DFCFFFE4 8768465C 702D8159
085590B1 E65C012D A5E1D112 638354DB B08286B6 8F332C93 CE5036FF DE80153C
7934200B 9F1D9616 CF73C8BE 604EF9E3 121D03DA 44CCE9FF F76330C3 29C480E2
539E5458 3D86B0BA 121B1EA6 4F106A9A A2FAF083 68D0DF43 309E27B3 0A8FC8E5
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 80149842 AAB3CC85
0E9F4926 49198092 3D750A1C 1820301D 0603551D 0E041604 149842AA B3CC850E
9F492649 1980923D 750A1C18 20300D06 092A8648 86F70D01 01040500 03818100
04BEF220 E5807E3A 05199556 E1E86A71 FF9A2CC0 641DCF37 5E2E258B 87F22789
5B698619 49998457 2BF36EE6 B798B3D5 E7D94208 4404B210 5F269A86 0AFA7B03
A7DD6E69 0845173B 7ED6883E EDCC09B6 C396740A 31B2D020 E6AD54CC 3E8F73DC
E79DCF53 868A8A4D BD064613 E2ED6AEC 91DC1E2C 1AEDF0D7 1B0F3F35 7B8DCE2D
quit
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.211.1 192.168.211.99
ip dhcp excluded-address 192.168.211.201 192.168.211.254
!
ip dhcp pool sdm-pool1
network 192.168.211.0 255.255.255.0
default-router 192.168.211.254
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
username james privilege 15 password 0 cisco
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
switchport trunk native vlan 99
switchport mode trunk
no ip address
!
interface FastEthernet1
description DMZ Interface
switchport access vlan 10
no ip address
!
interface FastEthernet2
description Corporate Interface
switchport access vlan 20
no ip address
!
interface FastEthernet3
description Corporate Interface
switchport access vlan 20
no ip address
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
!
interface Vlan10
description DMZ Vlan
ip address 192.168.211.254 255.255.255.0
!
interface Vlan20
description Corporate Vlan
ip address 192.168.2.254 255.255.255.0
!
interface Vlan99
no ip address
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
scheduler max-task-time 5000
end
10-09-2011 03:27 PM
The Cisco 877, when running IOS version 12.4 will only allow TWO (2) VLANs with VLAN 1 one of them. You have three VLANs.
If you want to use more than two VLANs, then you need to downgrade to IOS version 12.3.
10-09-2011 11:31 PM
Hi Leolaohoo,
I have tried pinging SVI as you suggested with just to vlans Native and another one I created, this makes no difference.
If i am not mistaken the AdvancedIPServices IOS gives you 4 vlans any how.
Feature Description
•Routing Protocols
◦Open Shortest Path First (OSPF)
◦Border Gateway Protocol (BGP)
◦Enhanced Interior Gateway Routing Protocol (EIGRP)
•General Router Features
◦4 802.1q VLANs on Advanced IP Services IOS image
◦Web Content Caching Protocol (WCCP)
◦Demilitarized Zone (DMZ)
◦ARP-Auto Logoff
•Security Features
◦Intrusion detection system/intrusion prevention system (IDS/IPS)
◦Dynamic Multipoint VPN (DMVPN) (multipoint GRE and Next Hop Resolution Protocol [NHRP])
◦Lock and Key
◦URL filtering: Websense and N2H2
◦Digital certificates (PKI)
◦Network Admissions Control (NAC)
•QoS Features
◦Priority and custom queuing
◦lass-Based Weighted Random Early Detection (CBWRED)
◦Network-Based Application Recognition (NBAR)
◦Link Fragmentation and Interleaving (LFI)
◦Resource Reservation Protocol (RSVP)
◦RTP Header compression (Real Time Protocol)
◦Differentiated Services (DiffServ)
◦QoS Preclassify & Pre-fragmentation
◦Class-Based Marking (CBM)
•Multicast Features
◦ Protocol Independent Multicast (PIM) Sparse Mode
◦PIM Sparse-Dense Mode
◦Auto route processing (Auto-RP)
•High-Availability Features · Multigroup HSRP (MHSRP)
10-10-2011 12:26 AM
I know you won't get more than 2 VLANs with 12.4 IOS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide