Vlan and Trunk

erdosain99 · ‎12-15-2016

Hi. I have a Cisco 2901 (2 onboard GE) and 4 interfaces ethernet module.

i want to know if it is possible do

four vlan: 1,2,3,4

and one trunk for that vlans....? (the trunk will be the wan of my config).

Can someone give my a hand??

This is my wan

"interface GigabitEthernet0/0
ip address 192.168.1.11 255.255.255.0"

and this my config:

Current configuration : 3789 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Rxxxx
!
boot-start-marker
boot-end-marker
!
!
enable password 7 131512020A5F5C7D78957A60242309
!
aaa new-model
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.0.158.1 10.0.158.128
ip dhcp excluded-address 192.168.9.1 192.168.9.128
!
ip dhcp pool Red9
network 192.168.9.0 255.255.255.0
default-router 192.168.9.1
dns-server 192.168.1.1
lease 0 2
!
ip dhcp pool Red158
network 10.0.158.0 255.255.255.0
default-router 10.0.158.1
dns-server 192.168.1.1
lease 0 2
!
ip domain name xxxx
ip name-server 192.168.1.1
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
license udi pid CISCO2901/K9 sn FTX180581WJ
!
hw-module pvdm 0/0
!
username admin secret 4 18ENFd/4nHi1uCHjK8Ai/fLcHh.HWwQWGpc4D7sdqs.
!
redundancy
!
ip ssh time-out 90
ip ssh authentication-retries 2
ip ssh version 2
!
class-map match-all Red9
match access-group 169
class-map match-all Red158
match access-group 158
!
policy-map AnchoBanda
class Red9
bandwidth 1500
class Red158
bandwidth 500
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.11 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output AnchoBanda
!
interface GigabitEthernet0/1
ip address 192.168.9.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
switchport access vlan 158
no ip address
!
interface GigabitEthernet0/1/1
switchport access vlan 158
no ip address
!
interface GigabitEthernet0/1/2
switchport access vlan 158
no ip address
!
interface GigabitEthernet0/1/3
switchport access vlan 158
no ip address
!
interface Vlan1
no ip address
!
interface Vlan158
ip address 10.0.158.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 109 interface GigabitEthernet0/0 overload
ip nat inside source list 158 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
access-list 109 remark ==Red9 con acceso telefonico y bloqueo a red 1==
access-list 109 permit udp 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255 range 10000 20000
access-list 109 permit udp 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255 range 5060 5065
access-list 109 deny ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 any
access-list 158 remark ==Red 158 con acceso telefC3nico y bloqueo a red 1==
access-list 158 permit udp 10.0.158.0 0.0.0.255 192.168.1.0 0.0.0.255 range 10000 20000
access-list 158 permit udp 10.0.158.0 0.0.0.255 192.168.1.0 0.0.0.255 range 5060 5065
access-list 158 deny ip 10.0.158.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 158 permit ip 10.0.158.0 0.0.0.255 any
access-list 168 remark ==Ancho de banda lan 158==
access-list 168 permit ip 10.0.158.0 0.0.0.255 any
access-list 169 remark ==Ancho de banda Lan 9==
access-list 169 permit ip 192.168.9.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 0831495E084A5D40405A5E573B2A3E
transport input ssh
!
scheduler allocate 20000 1000
!
end

Cisco CISCO2901/K9

mikeleebrla · ‎12-15-2016

I'm not 100% sure i understand your question completely, but if you are asking how to trunk the GIG0/0 interface on your router into VLANs 1,2,3, and 4, below is the config.

interface GigabitEthernet0/0.1
description *** VLAN 1 ***
encapsulation dot1Q 1 native
ip address x.x.x.x 255.255.255.0

!
interface GigabitEthernet0/0.2
description *** VLAN 2 ***
encapsulation dot1Q 2
ip address y.y.y.y 255.255.255.0

!
interface GigabitEthernet0/0.3
description **** VLAN 3****
encapsulation dot1Q 3
ip address a.a.a.a 255.255.255.0

!
interface GigabitEthernet0/0.4
description ***VLAN 4***
encapsulation dot1Q 4
ip address b.b.b.b 255.255.255.0

erdosain99 · ‎12-15-2016

Yes, sorry, i dont speak well english....

That's what i want. But i have declare also "ip nat outside"?? in all the sub interfaces??

And, for example, if i have a server in 192.168.9.250 and i want to have accesible that server from internet in port 9000......... the syntax will be???

The wan of that cisco, like i say is 192.168.1.11 (its not the border router.......)

mikeleebrla · ‎12-16-2016

you just need to add the "ip nat outside" to whichever subinterface has the IP that you are trying to NAT, not all of them. Do the NAT/PAT commands just how you would normally as if there aren't any sub-interfaces or a trunk. See below:

R1(config)#ip nat inside source static tcp 192.168.9.250 9000 Public-IP-Here 9000
R1(config)#interface GigabitEthernet0/0.1 ----- this is your outside interface
R1(config-if)#ip nat outside
R1(config-if)#interface GigabitEthernet0/1 ----this is your inside interface
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#exit

AJ Acevedo · ‎12-22-2016

Be careful with posting Cisco configurations that include your enable password hash. It is not secure and simply using an online Cisco password cracker can reveal your actual decrypted password.

erdosain99 · ‎12-22-2016

Thanks! but i change some letters and numbers :-)

AJ Acevedo · ‎12-22-2016

ah! Smart move!