Need help with 1760 + WIC 4ESW

bobgentry · ‎03-24-2006

First off, I have learned I do not know as much about routers as I thought I did - and that wasn't much.

My situation. We have a 1760 router with a T1 WIC and 4ESW which is not being used.

We have a /29 subnet and 4 servers with public IPs and one server with a private ip address.

Currently Serial0/0 is running IP unnumbered to Ethernet0/0, and all servers come off a switch connected to the ethernet port.

What I would like to do is, at a minimum configure the router so that Serial 0/0 has its own IP and the NATed internal network and servers with public addresses be reached via an IP address on the Ethernet 0/0 (this is because SDM insists on having 2 ports with IPs to configure firewall).

Ideally, I would like to have my private network and one server inside Ethernet0/0 and the 4 servers with public addresses on the 4ESW.

I received a suggestion in another forum that I use IRB, and bridge the serial port with VLAN1. Tried that and got VLAN Protocol down.

Any help would be appreciated. I can post both my current config as well as what I tried, but it might be easier to start from scratch.

Roberto Salazar · ‎03-24-2006

you do not use interface vlan with the bridge interfaces using IRB, for that you need to create interface irb, not interface vlan. You posting the current config with a detail explanation of the goal might help. The 4 interface in 4ESW are switchports and on certain IOS they can be L3 interfaces.

bobgentry · ‎03-25-2006

Thanks, will post original config, along with what I am trying to accomplish when I get in to work.

bobgentry · ‎03-27-2006

I have a small LAN with a 1760 router. The router contains a T1 CSU/DSU and a WIC4 ESW.

I have recently upgraded the IOS to (C1700-ADVSECURITYK9-M), Version 12.3(11)T5, with the goal of using the security features of the IOS to protect my network.

The present configuration has Serial 0/0 IP unnumbered to FastEthernet0/0.

When I run SDM to help me get started configuring security, it says there must be 2 interfaces with IP addresses. My current config only has one interface with an IP address.

What I have is a small lan with one server serving as a Domain Controller on my private network. I have 4 servers on the 166.102.xxx.65 subnet. This is the only router in the system. It is providing DHCP and NAT to my internal network.

I would like to use the 4 port switch to create a DMZ by attaching the 4 servers with public IP addresses to the switch ports.

On the servers, one is a Citrix/web server, one is a SQL server which handles the database for the web server, a mail server and one is an IVR (integrated voice response) server.

I found a config file where the author had created a bridge group to do what I am trying, so I attempted to modify my config to work like his.

I have attached my modified config to this post.

I appreciate all help; getting a lot of pressure from the boss who doesn't understand this is just a bit different config than what someone who is still working towards a CCNA might feel confident with.