Help needed with Cisco 1721/WIC4ESW setting up a VLAN

Hi,

I have a Cisco 1721 router and the 4-port 4ESW WIC in the back.

I have 4 servers that will form a test network.

What I want to do is connect the 4 test servers (one in each port of the 4ESW) and have them as a VLAN - demarked from my production LAN.

Then I just need to be able to route between the the VLAN and LAN

The router's ethernet port will be plugged into the LAN.

Can anyone help me with the config.
yvsupportAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
jasperomalleyConnect With a Mentor Commented:
Is there any reason you want to block UDP, specifically? Broadcasts will already be contained to the VLAN, so you don't have to worry about them bleeding onto your production LAN. If you really, really want to block all UDP traffic from the VLAN to the LAN, do:

ip access-list 101 deny udp 10.220.0.0 0.0.255.255 any
ip access-list 101 permit ip any any
interface fastethernet0
   ip access-group 101 out

If you want to block more traffic from passing between the LANs, you'll need to define with specificity what sort of traffic you want blocked and what sort of traffic you want to allow.
0
 
jasperomalleyCommented:
Good news, this is the default configuration. That is, all of the switchports are in the default VLAN (VLAN 1), and traffic is not automatically bridged between the switchports and the integrated Fast Ethernet port on the router (FastEthernet0). All you have to do is define an IP address for the default VLAN's switch virtual interface (SVI), using the configuration mode commands:

interface vlan 1
   ip address ip_address netmask

where ip_address/netmask is in a different IP network than the one connected to FastEthernet0.  Unless you tell it not to, the router will route traffic between FastEthernet0 and VLAN1, so just make the default gateway on the servers the ip_address above.


0
 
holger12345Commented:
Question: Why do you want to create a virtual LAN? If all 4 Ports on the WIC are used to be in this "VLAN" you could leave them as is...
Just give them another network-IP as the internal LAN-Port has and route them the normal way to set up a routing.

Did you set up something and have problems with it, or dont you know how to configure cisco?

Holger
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
yvsupportAuthor Commented:
holger12345

i want them in a vlan so I can chose not to forward udp. there will probably be a lot of traffic generated on the test network and I dont want to affect the performance of the production LAN.
0
 
yvsupportAuthor Commented:
jasperomalley

I have added this.

do i need any ip route commands to tell it to route between the two?

also can anyone tell me what these command does?

no aaa new-model
0
 
jasperomalleyCommented:
No, you don't need any ip route command to tell it to route between the two connected networks, but if you have any other networks you want the servers on the VLAN to be able to access beyond the router, you will need to add those routes to the router.

no aaa new-model shuts off authentication, authorization, and accounting (AAA). This is the default setting for a router (AAA off). For more mind-numbing detail about what AAA is and what it's used for, see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm
0
 
yvsupportAuthor Commented:
here's my config so far then....

Can anyone see anything wrongly configured or missing?



Current configuration : 796 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TestNWRouter
!
enable secret 5 $1$4sA/$sPILAwYaI/6tAYts0SRTg1
enable password ******
!
no aaa new-model
ip subnet-zero
no ip routing
!
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
 ip address 172.16.2.252 255.255.0.0
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 no ip address
!
interface Vlan1
 ip address 10.220.12.254 255.255.0.0
 no ip route-cache
!
ip classless
!
ip http server
!
!
line con 0
line aux 0
line vty 0 4
 password *****
 login
!
no scheduler allocate
!
end
0
 
jasperomalleyCommented:
Yes. This command:

   no ip routing

is what's wrong. Enter:

   ip routing

in configuration mode.
0
 
yvsupportAuthor Commented:
thought so.

does this stop ip routing by any chance?
0
 
jasperomalleyCommented:
Yes, "no ip routing" stops IP routing.
0
 
yvsupportAuthor Commented:
I can now ping the vlan address 10.220.12.254

I cant ping the PC on the other side. ip details:

address 10.220.4.1
netmask 255.255.0.0
gateway 10.220.12.254


any ideas?



0
 
jasperomalleyCommented:
Can you ping 10.220.12.254 from this PC?
0
 
yvsupportAuthor Commented:
sorted - pc had a bad nic.

finally - how can I block UDP and are there any other config tips anyone may have that will contain as much traffic to the vlan as poss?
0
 
yvsupportAuthor Commented:
yeah - I see your point. it's the broadcast's I need to contain.

If any test apps require UDP it would give me a new set of issues.

i am happy with this.

I shall award you 500 shiney new points to add to your collection!

Thanks.
0
All Courses

From novice to tech pro — start learning today.