Cisco 1801 Router - using interfaces and PPP interface

Using a 1801 router with IOS 12.1.
Have the Dialer (PPP) inteface up and working, allocated the 8 switch ports to a single VLAN and happily ping the address allocated to the VLAN.
Need to use the FastEthernet0 as the inside and PPP as the outside to provide eventually a link to another site over a VPN.
I have allocated an IP address of 192.168.35.230 to the the IP address of the VLAN.
I want my default route to be point to thr FastEthernet0 interface. So set that to 192.168.35.254 and try to apply that IP to the FastEthernet0 interface. Return IP address map error if i assign this. I dont seem to be able to assign an IP to the interface and use this as the default gateway
 
ccfcfcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
Don JohnstonInstructorCommented:
I'm not sure I follow you.

You've got three networks:
8 switch ports with a VLAN interface on the 192.168.35.0 network
What network is the Fastethernet 0 interface on?
Do you have a serial interface using PPP? What network is that on?

Can you post your current config?

0
 
ccfcfcAuthor Commented:
Yes the 8 ports are in VLan100
See current config concerning the interfaces in question. Hope this helps.


interface FastEthernet0
 no ip address
 speed 100
 full-duplex
 vlan-id dot1q 10
  exit-vlan-config
 !
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown

interface FastEthernet1 -8 are the same
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 no ip address
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452

interface Vlan100
 ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
 description internet dialer
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname Bxxxx@xxxx.btclick.com
 ppp chap password 0 xxxx1
 ppp pap sent-username Bxxxx@xxxx.btclick.com password 0 xxxxxx01
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map intamap
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable
!
ip local pool isl-remote-pool 192.168.200.1 192.168.200.10
ip default-gateway 192.168.34.254
ip route 0.0.0.0 0.0.0.0 Dialer1

0
 
Don JohnstonInstructorCommented:
I still don't understand what you're trying to accomplish.

>I have allocated an IP address of 192.168.35.230 to the the IP address of the VLAN.

>So set that to 192.168.35.254 and try to apply that IP to the FastEthernet0 interface.

Both of those IP addresses are on the same network.  You can't have two layer 3 interfaces connected to the same network.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ccfcfcAuthor Commented:
Ok, So I can easily apply a different Ip adress to the FastEthernet0.
Once I have done that, will set my default gateway to this IP address. Then when clients that are connected on any of the FastEthernet1-8 ports should attempt to connect via the FastEthernet0 which should then go out the DIALER interface . Is that correct. ?
Obviously assuming U have the access-list are sorted out ?

I am using this router at as remote site with ADSL conenction only to provide a DR site with a few servers on , conencting to the mainoffice via a VPN session between the main PIX firewall and this router. I am more used to using PIX firewalls. Hope this helps a  little.


0
 
Don JohnstonInstructorCommented:
Any of the hosts connected to ports 1-8 will have their default gateway set to the IP address of the VLAN 100 interface.
0
 
ccfcfcAuthor Commented:
so the default  gateway on the 1801 shoudl be the FastEthernet0 Ip address then ?
assuming i put in the line ip route 0.0.0.0 0.0.0.0 dialer1 that should allow access or a route out for hosts on the Vlan100 and go out via FastEthernet0 which will route OUT via the Dialer1 address ?
 
0
 
Don JohnstonInstructorCommented:
I'm really sorry, but I can't figure out what you're asking.

>so the default  gateway on the 1801 shoudl be the FastEthernet0 Ip address then ?

The 1801 is a router. Routers don't have default gateways. They can have a default route. If the default route points out a point-to-point link, then you can use it's interface instead of the next hop address:
ip route 0.0.0.0 0.0.0.0 dialer0

If the default route points out a multi-access interface (ethernet) then you need to specify an actual next hop address:
ip route 0.0.0.0 0.0.0.0 192.168.1.1

0
 
ccfcfcAuthor Commented:
Well I am trying to set this 1801 ADSL router to be a remote DR -so the PPP connection will be connected back to the main site via a VPN. The on-site servers will be connected to one of the 8 interfaces (FastEthernet1-8) The interface FastEthernet0 to be defined as "inside" .
So need the servers on the FastEthernet interface to have access to outside for either web access or down the VPN to the head office.
Although I can ping external IP's from the router, so I know the PPP connection is up, I cannot from a device connected into FastEthernet1. Also, ho do I get it to use the dialup providers DNS ? SHoudl it get picker up automatically or do I need to issue a command ?
See config below. Hope this helps

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname intamac-dev-backup
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$5NrE$ZFNFFGJfKqI6X.NU5ec/5.
!
aaa new-model
ip cef
no ip dhcp use vrf connected
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-1452941595
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1452941595
 revocation-check none
 rsakeypair TP-self-signed-1452941595
!
!
crypto dynamic-map remote-map 10
 set security-association idle-time 1800
crypto map intamap 1000 ipsec-isakmp dynamic remote-map

interface FastEthernet0
 ip address 192.168.34.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
 vlan-id dot1q 10
  exit-vlan-config
 !
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet2
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet3
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet4
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet5
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet6
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet7
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet8
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Virtual-PPP1
 no ip address
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 no ip address
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan100
 ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
 description internet dialer
 ip address xxx.xxx.xxx.xxx 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname xxxxxx@hg39.btclick.com
 ppp chap password 0 xxxxxxx
 ppp pap sent-username xxxxxxxx@hg39.btclick.com password 0 xxxxxxx
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map intamap
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable
!
ip local pool isl-remote-pool 192.168.200.1 192.168.200.10
ip default-gateway 192.168.34.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.34.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
 
ccfcfcAuthor Commented:
sorted the DNS lookup on the router, just took the NO off on the IP DNS LOOKUP line.....this is working,  but not for the devices in the FastEthernet1 interface.
0
 
ccfcfcAuthor Commented:
I seem to be struggling which getting traffic out from the interfaces in the VLAN100 , I know traffic is going out the dialer (PPP interafce) as I can ping external IP's and Web Sites from the router. Any device that is connected to FastEthernet1-8 doesnt seem to have a route out.
I have added the line  "ip route 0.0.0.0 0.0.0.0 Dialer1" .

0
 
Don JohnstonInstructorCommented:
You need to add a line to your ACL the defines your dialer-group.

access-list 1 permit 192.168.35.0 0.0.0.255

Open in new window

0
 
ccfcfcAuthor Commented:
Have added that line still no difference, see output from sh ip route :-

tamac-dev-backup#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
     217.41.207.0/32 is subnetted, 1 subnets
C       217.41.207.73 is directly connected, Dialer1
     217.41.116.0/28 is subnetted, 1 subnets
C       217.41.116.224 is directly connected, Dialer1
C    192.168.35.0/24 is directly connected, Vlan100
S*   0.0.0.0/0 is directly connected, Dialer1
intamac-dev-backup#
0
 
Don JohnstonInstructorCommented:
Sorry, I didn't notice you were doing NAT.

You need to define interface VLAN 100 as an inside interface.
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
ccfcfcAuthor Commented:
Thats worked, why did I need to do that ?
One other quick question before i give you the points, DNS works on the router (enables it) what do I need to set up the clients on FastEthernet1-8 to use as DNS - the Dialer interface ?

Thanks
0
 
Don JohnstonInstructorCommented:
It looks like you've got a public address on the dialer interface. Which indicates it's connected to the internet. Private IP addresses are not allowed on the internet. Any packet with a private source or destination address is discarded by routers on the internet. So in order for your inside traffic to transit the internet, they need to have their address translated to a legal, public address.

You can use any DNS server you want on the hosts. Just set your hosts to use 4.2.2.1 and 4.2.2.2

http://theos.in/windows-xp/free-fast-public-dns-server-list/

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.