Solved: Re: Help to configure Cisco 881 Router with different vlan

adaptivecomputing.apj · ‎07-30-2011

Hi,

I'm new to cisco product. I just purchased cisco 881 router which I will connect to my DSL modem. Currently, I have configured it to use public IP with default vlan1 for all 4 LAN ports. I would like to configure the 2 ports to be used for public IP (123.123.123.160-175) with vlan (External network) and the other 2 ports for internal IP (192.168.XXX.XXX) with vlan as well. How can I configure it?

Also, I would like to enable and configure the dhcp service on my router to allocate the IP to my internal network with different subnet. I plan to connect the 2 internal ports (192.168.) to my Layer 2 switch, so all the devices able to get the IP from dhcp server on my router. If someone have running configuration with the similar setup or able to provide detail instruction in configuring the router, appreciate if you can share with me.

Thank you in advance!

Regards,

Jim

Jon Marshall · ‎08-08-2011

Vlan 1 works because it using public addressing. Vlan 3 is using private addressing so this won't route on the internet. You need to set up NAT ie. add this to your config -

access-list 101 permit ip 192.168.100.0 0.0.0.255 any

ip nat inside source list 101 interface fa4 overload

int fa4

ip nat outside

int vlan 3

ip nat inside

also you have an issue with the address on fa4 and the default route.

128.15.29.63 255.255.255.252 is not the right address because that is the broadcast address for that subnet. The subnet is -

128.15.29.60 255.255.255.252 which means you have 2 addresses you can use -

128.15.29.61

128.15.29.62

so one of the above addresses should be assigned to fa4 and the other will be used by your ISP. You need to check with your ISP which one of the above 2 addresses they are using and then use the other one on the fa4 interface. So if your ISP is using 128.15.29.62 then you would assign .61 to your fa4 interface ie.

int fa4

ip address 128.15.29.61 255.255.255.252

your default-route is currently -

ip route 0.0.0.0 0.0.0.0 128.15.29.63 which is the ip address of fa4. This needs changing to -

ip route 0.0.0.0 0.0.0.0 <--- where ISP next-hop will be the 129.15.29.6x address that the ISP is using.

Jon

View solution in original post

Todd Pula · ‎08-01-2011

A sample configuration will look something like this...

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool INSIDE-VLAN-POOL

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 4.2.2.2

lease 0 2

vlan 2

name Inside VLAN

interface FastEthernet0

description To Internet

switchport mode access

switchport access vlan 1

no ip address

interface FastEthernet1

description To LAN

switchport mode access

switchport access vlan 2

no ip address

interface Vlan1

description Outside VLAN

ip address 11.11.11.1 255.255.255.0

!

interface Vlan2

description Inside VLAN

ip address 10.10.10.1 255.255.255.0

adaptivecomputing.apj · ‎08-08-2011

Hi,

Thanks for the quick reply.

I have tried the above suggestion configuration, but I'm not able to acces to outside internet from internal vlan3 (192.168.100.0). It works fine for public IP using vlan1. Here's my router configuration, appreciate your advice on this. Thanks!

no ip source-route

!

ip dhcp excluded-address 192.168.100.1

!

ip dhcp pool ccp-pool1

import all

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

dns-server 192.168.100.1

lease infinite

!

ip cef

no ip bootp server

no ip domain lookup

ip domain name yourdomain.com

no ipv6 cef

!

ip tcp synwait-time 10

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

description To LAN

switchport access vlan 3

!

interface FastEthernet4

description WAN

ip address 128.15.29.63 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex full

speed 100

!

interface Vlan1

description External LAN

ip address 11.11.13.16 255.255.255.240

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip tcp adjust-mss 1452

!

interface Vlan3

ip address 192.168.100.1 255.255.255.0

!

ip forward-protocol nd

ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 128.15.29.63

ip route 192.168.100.0 255.255.255.0 Vlan3

Jon Marshall · ‎08-08-2011

Vlan 1 works because it using public addressing. Vlan 3 is using private addressing so this won't route on the internet. You need to set up NAT ie. add this to your config -

access-list 101 permit ip 192.168.100.0 0.0.0.255 any

ip nat inside source list 101 interface fa4 overload

int fa4

ip nat outside

int vlan 3

ip nat inside

also you have an issue with the address on fa4 and the default route.

128.15.29.63 255.255.255.252 is not the right address because that is the broadcast address for that subnet. The subnet is -

128.15.29.60 255.255.255.252 which means you have 2 addresses you can use -

128.15.29.61

128.15.29.62

so one of the above addresses should be assigned to fa4 and the other will be used by your ISP. You need to check with your ISP which one of the above 2 addresses they are using and then use the other one on the fa4 interface. So if your ISP is using 128.15.29.62 then you would assign .61 to your fa4 interface ie.

int fa4

ip address 128.15.29.61 255.255.255.252

your default-route is currently -

ip route 0.0.0.0 0.0.0.0 128.15.29.63 which is the ip address of fa4. This needs changing to -

ip route 0.0.0.0 0.0.0.0 <--- where ISP next-hop will be the 129.15.29.6x address that the ISP is using.

Jon

Jon Marshall · ‎08-08-2011

One last point -

in your DHCP pool you have your DNS server as 192.168.100.1 which is the router. This won't work. You need to add the ISPs DNS server(s) to the DHCP pool and remove the 192.168.100.1 entry or clients in vlan 3 will not be able to use DNS names in their web broswer.

Jon

adaptivecomputing.apj · ‎08-09-2011

Jon,

Thank you for your help, my vlan3 is working corrently now. Have no issue to browse the web.

One more last thing, is there anyway to configure few dhcp subnets from 881 router and make them able to communicate to each other?

Just a funny idea... Since I have configured the vlan3 (FastEthernet3) as internal network using dhcp service (192.168.100.X), is it possible to configure the same port to serve more dhcp subnets? If the single port from router not able to serve multiple dhcp subnets, I can still use the other port that currently not in use. I just need to find out how to configure the other interface (such as FastEthernet2) using different dhcp subnet and then make it communicate with devices in my existing dhcp (192.168.100.X) network.

Once I have multiple dhcp subnets configure properly on my 881 router, I would like to configure them to communicate (both direction) with the other wireless router that currently connected to my 881 router using public IP. My wireless router also served as dhcp server which provide IP 192.168.1.X.

Also, how can I use my L2 cisco switch (SLM2024) for multiple subnets? Anyway to configure multiple vlan using different subnets and make them communicate each other?

In summary, I would like to configure few more dhcp subnets and make them to be able to access between different network included my wireless router that currently using public ip with dhcp setup.

Appreciate your advice on this, thanks in advance!

Regards,

Jim