03-24-2006 07:12 AM - edited 03-05-2019 11:49 AM
First off, I have learned I do not know as much about routers as I thought I did - and that wasn't much.
My situation. We have a 1760 router with a T1 WIC and 4ESW which is not being used.
We have a /29 subnet and 4 servers with public IPs and one server with a private ip address.
Currently Serial0/0 is running IP unnumbered to Ethernet0/0, and all servers come off a switch connected to the ethernet port.
What I would like to do is, at a minimum configure the router so that Serial 0/0 has its own IP and the NATed internal network and servers with public addresses be reached via an IP address on the Ethernet 0/0 (this is because SDM insists on having 2 ports with IPs to configure firewall).
Ideally, I would like to have my private network and one server inside Ethernet0/0 and the 4 servers with public addresses on the 4ESW.
I received a suggestion in another forum that I use IRB, and bridge the serial port with VLAN1. Tried that and got VLAN Protocol down.
Any help would be appreciated. I can post both my current config as well as what I tried, but it might be easier to start from scratch.
03-24-2006 12:30 PM
you do not use interface vlan with the bridge interfaces using IRB, for that you need to create interface irb, not interface vlan. You posting the current config with a detail explanation of the goal might help. The 4 interface in 4ESW are switchports and on certain IOS they can be L3 interfaces.
03-25-2006 08:00 PM
Thanks, will post original config, along with what I am trying to accomplish when I get in to work.
03-27-2006 08:37 AM
I have a small LAN with a 1760 router. The router contains a T1 CSU/DSU and a WIC4 ESW.
I have recently upgraded the IOS to (C1700-ADVSECURITYK9-M), Version 12.3(11)T5, with the goal of using the security features of the IOS to protect my network.
The present configuration has Serial 0/0 IP unnumbered to FastEthernet0/0.
When I run SDM to help me get started configuring security, it says there must be 2 interfaces with IP addresses. My current config only has one interface with an IP address.
What I have is a small lan with one server serving as a Domain Controller on my private network. I have 4 servers on the 166.102.xxx.65 subnet. This is the only router in the system. It is providing DHCP and NAT to my internal network.
I would like to use the 4 port switch to create a DMZ by attaching the 4 servers with public IP addresses to the switch ports.
On the servers, one is a Citrix/web server, one is a SQL server which handles the database for the web server, a mail server and one is an IVR (integrated voice response) server.
I found a config file where the author had created a bridge group to do what I am trying, so I attempted to modify my config to work like his.
I have attached my modified config to this post.
I appreciate all help; getting a lot of pressure from the boss who doesn't understand this is just a bit different config than what someone who is still working towards a CCNA might feel confident with.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide