Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Help needed with Cisco 1721/WIC4ESW setting up a VLAN

Posted on 2004-09-15
14
1,163 Views
Last Modified: 2008-01-09
Hi,

I have a Cisco 1721 router and the 4-port 4ESW WIC in the back.

I have 4 servers that will form a test network.

What I want to do is connect the 4 test servers (one in each port of the 4ESW) and have them as a VLAN - demarked from my production LAN.

Then I just need to be able to route between the the VLAN and LAN

The router's ethernet port will be plugged into the LAN.

Can anyone help me with the config.
0
Comment
Question by:yvsupport
  • 7
  • 6
14 Comments
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12065250
Good news, this is the default configuration. That is, all of the switchports are in the default VLAN (VLAN 1), and traffic is not automatically bridged between the switchports and the integrated Fast Ethernet port on the router (FastEthernet0). All you have to do is define an IP address for the default VLAN's switch virtual interface (SVI), using the configuration mode commands:

interface vlan 1
   ip address ip_address netmask

where ip_address/netmask is in a different IP network than the one connected to FastEthernet0.  Unless you tell it not to, the router will route traffic between FastEthernet0 and VLAN1, so just make the default gateway on the servers the ip_address above.


0
 
LVL 8

Expert Comment

by:holger12345
ID: 12065260
Question: Why do you want to create a virtual LAN? If all 4 Ports on the WIC are used to be in this "VLAN" you could leave them as is...
Just give them another network-IP as the internal LAN-Port has and route them the normal way to set up a routing.

Did you set up something and have problems with it, or dont you know how to configure cisco?

Holger
0
 

Author Comment

by:yvsupport
ID: 12065541
holger12345

i want them in a vlan so I can chose not to forward udp. there will probably be a lot of traffic generated on the test network and I dont want to affect the performance of the production LAN.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:yvsupport
ID: 12065622
jasperomalley

I have added this.

do i need any ip route commands to tell it to route between the two?

also can anyone tell me what these command does?

no aaa new-model
0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12065736
No, you don't need any ip route command to tell it to route between the two connected networks, but if you have any other networks you want the servers on the VLAN to be able to access beyond the router, you will need to add those routes to the router.

no aaa new-model shuts off authentication, authorization, and accounting (AAA). This is the default setting for a router (AAA off). For more mind-numbing detail about what AAA is and what it's used for, see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm
0
 

Author Comment

by:yvsupport
ID: 12066304
here's my config so far then....

Can anyone see anything wrongly configured or missing?



Current configuration : 796 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TestNWRouter
!
enable secret 5 $1$4sA/$sPILAwYaI/6tAYts0SRTg1
enable password ******
!
no aaa new-model
ip subnet-zero
no ip routing
!
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
 ip address 172.16.2.252 255.255.0.0
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 no ip address
!
interface Vlan1
 ip address 10.220.12.254 255.255.0.0
 no ip route-cache
!
ip classless
!
ip http server
!
!
line con 0
line aux 0
line vty 0 4
 password *****
 login
!
no scheduler allocate
!
end
0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12066330
Yes. This command:

   no ip routing

is what's wrong. Enter:

   ip routing

in configuration mode.
0
 

Author Comment

by:yvsupport
ID: 12066383
thought so.

does this stop ip routing by any chance?
0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12066407
Yes, "no ip routing" stops IP routing.
0
 

Author Comment

by:yvsupport
ID: 12066456
I can now ping the vlan address 10.220.12.254

I cant ping the PC on the other side. ip details:

address 10.220.4.1
netmask 255.255.0.0
gateway 10.220.12.254


any ideas?



0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12066500
Can you ping 10.220.12.254 from this PC?
0
 

Author Comment

by:yvsupport
ID: 12066837
sorted - pc had a bad nic.

finally - how can I block UDP and are there any other config tips anyone may have that will contain as much traffic to the vlan as poss?
0
 
LVL 2

Accepted Solution

by:
jasperomalley earned 500 total points
ID: 12067159
Is there any reason you want to block UDP, specifically? Broadcasts will already be contained to the VLAN, so you don't have to worry about them bleeding onto your production LAN. If you really, really want to block all UDP traffic from the VLAN to the LAN, do:

ip access-list 101 deny udp 10.220.0.0 0.0.255.255 any
ip access-list 101 permit ip any any
interface fastethernet0
   ip access-group 101 out

If you want to block more traffic from passing between the LANs, you'll need to define with specificity what sort of traffic you want blocked and what sort of traffic you want to allow.
0
 

Author Comment

by:yvsupport
ID: 12068270
yeah - I see your point. it's the broadcast's I need to contain.

If any test apps require UDP it would give me a new set of issues.

i am happy with this.

I shall award you 500 shiney new points to add to your collection!

Thanks.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Home network with two AP's dropping WiFi connectivity 12 66
Wired Network vs Wireless 12 66
Why does my public IP keep changing? 6 79
Limit traffic to specific Cisco port? 12 50
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question