11-21-2010 09:35 AM - edited 03-06-2019 02:08 PM
Hello,
The bellow configuration is working well (thanks to Jon) , but just for my knowledge I would like to connect 2 VLANS with each other and send ALL VLANS via a trunk on FA0/1 to my CISCO2950 SWITCH.
Is this possible ?
Thank You in advance for your help
PS: ANY IDEA WHY IT TAKE 45 SECONDS TO RECEIVE A IP ADDRESS ON THE HWIC-4ESW PORTS ?
!
! Last configuration change at 14:16:42 gmt+1 Sun Nov 21 2010 by admin
! NVRAM config last updated at 14:18:58 gmt+1 Sun Nov 21 2010 by admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password 7 05080F1C2243
!
aaa new-model
!
!
aaa authentication banner
THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES
!
!
aaa session-id common
clock timezone gmt+1 1
clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.99
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.40.1
!
ip dhcp pool internal
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 192.168.100.1
lease 5
!
ip dhcp pool vlan10
import all
network 192.168.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.10.1
lease 5
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
lease 5
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.30.1
!
ip dhcp pool vlan40
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
dns-server 192.168.40.1
!
!
no ip bootp server
ip domain name dri.be
ip ddns update method DynDNS
HTTP
interval maximum 1 0 0 0
interval minimum 1 0 0 0
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2996752687
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2996752687
revocation-check none
rsakeypair TP-self-signed-2996752687
!
!
!
!
username didier privilege 15 password 7 xxxxxxxxxxxxxxxxxxxx
username Admin privilege 15 secret 5 xxxxxxxx
username Homer privilege 15 password 7 xxxxxxxxxxxxxx
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 8096 rotary 1
ip ssh version 2
!
!
!
interface FastEthernet0/0
description DMZ
ip ddns update hostname cisco1841.dyndns.info
ip ddns update DynDNS
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description INTERNAL$ETH-LAN$
ip address 192.168.100.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
switchport access vlan 10
!
interface FastEthernet0/0/1
switchport access vlan 20
!
interface FastEthernet0/0/2
switchport access vlan 30
!
interface FastEthernet0/0/3
switchport access vlan 40
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan40
ip address 192.168.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip 192.168.40.0 0.0.0.255 any
no cdp run
!
!
!
control-plane
!
!
banner exec
WELCOME YOU ARE NOW LOGED IN
banner login
WARNING !!!
IF YOU ARE NOT :
Didier Ribbens
Please Leave NOW !!!
YOUR IP and MAC address will be LOGGED !!!
!
line con 0
speed 115200
line aux 0
line vty 0 4
access-class 5 in
privilege level 15
rotary 1
transport input telnet ssh
line vty 5 15
access-class 5 in
rotary 1
!
scheduler allocate 20000 1000
ntp clock-period 17178501
ntp server 66.27.60.10
end
Solved! Go to Solution.
11-21-2010 10:21 AM
Didier
The bellow configuration is working well (thanks to Jon) , but just for my knowledge I would like to connect 2 VLANS with each other and send ALL VLANS via a trunk on FA0/1 to my CISCO2950 SWITCH.
Is this possible ?
Thank You in advance for your help
PS: ANY IDEA WHY IT TAKE 45 SECONDS TO RECEIVE A IP ADDRESS ON THE HWIC-4ESW PORTS ?
If you want to connect to 2950 switch and send multiple vlans you can use subinterfaces on fa0/1 but as you have an HWIC-ESW then a better solution is to connect one of the HWIC-ESW ports to the 2950 switch and configure the port as -
int fa0/0/3
switchport mode trunk
switchport trunk encapsulation dot1q
and then configure the 2950 port as -
int fa/01
switchport mode trunk
as for the 45 seconds - add this to your HWIC-ESW ports in your config -
int fa0/0/0
spanning-tree portfast
Note if you do use one of the HWIC-ESW ports to connect to the 2950 as a trunk link do not configure "spanning-tree portfast" on that port.
Jon
11-22-2010 10:07 AM
Didier1966 wrote:
Hi Jon,
Thanks AGAIN
It works.
Do you know how I can route LAN 10 and LAN 20 ,I just like to share the printer that I have in LAN 20 with IP 192.168.20.100 to LAN 10.
All other traffic is forbidden.
Thank you in advance for your help
PS: Is it not possible to use FA0/1 ?
Best Regards,
Didier
Didier
access-list 101 permit ip 192.168.10.0 0.0.255 host 192.168.200.10
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip any any
int vlan 10
ip access-group 101 in
note i have used "permit ip" to host 192.168.200.10 but if you know all the printer ports used then you can be more specific. Note also that with windows if the printers is in active directory and the active directory servers are in vlan 20 you may need to add additional access.
You can use fa0/1 but with the HWIC-ESW it would be the wrong solution.
Jon
11-21-2010 10:21 AM
Didier
The bellow configuration is working well (thanks to Jon) , but just for my knowledge I would like to connect 2 VLANS with each other and send ALL VLANS via a trunk on FA0/1 to my CISCO2950 SWITCH.
Is this possible ?
Thank You in advance for your help
PS: ANY IDEA WHY IT TAKE 45 SECONDS TO RECEIVE A IP ADDRESS ON THE HWIC-4ESW PORTS ?
If you want to connect to 2950 switch and send multiple vlans you can use subinterfaces on fa0/1 but as you have an HWIC-ESW then a better solution is to connect one of the HWIC-ESW ports to the 2950 switch and configure the port as -
int fa0/0/3
switchport mode trunk
switchport trunk encapsulation dot1q
and then configure the 2950 port as -
int fa/01
switchport mode trunk
as for the 45 seconds - add this to your HWIC-ESW ports in your config -
int fa0/0/0
spanning-tree portfast
Note if you do use one of the HWIC-ESW ports to connect to the 2950 as a trunk link do not configure "spanning-tree portfast" on that port.
Jon
11-22-2010 09:53 AM
Hi Jon,
Thanks AGAIN
It works.
Do you know how I can route LAN 10 and LAN 20 ,I just like to share the printer that I have in LAN 20 with IP 192.168.20.100 to LAN 10.
All other traffic is forbidden.
Thank you in advance for your help
PS: Is it not possible to use FA0/1 ?
Best Regards,
Didier
11-22-2010 10:07 AM
Didier1966 wrote:
Hi Jon,
Thanks AGAIN
It works.
Do you know how I can route LAN 10 and LAN 20 ,I just like to share the printer that I have in LAN 20 with IP 192.168.20.100 to LAN 10.
All other traffic is forbidden.
Thank you in advance for your help
PS: Is it not possible to use FA0/1 ?
Best Regards,
Didier
Didier
access-list 101 permit ip 192.168.10.0 0.0.255 host 192.168.200.10
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip any any
int vlan 10
ip access-group 101 in
note i have used "permit ip" to host 192.168.200.10 but if you know all the printer ports used then you can be more specific. Note also that with windows if the printers is in active directory and the active directory servers are in vlan 20 you may need to add additional access.
You can use fa0/1 but with the HWIC-ESW it would be the wrong solution.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide