Solved

Cisco 1801 Router - using interfaces and PPP interface

Posted on 2008-10-16
15
764 Views
Last Modified: 2008-10-22
Using a 1801 router with IOS 12.1.
Have the Dialer (PPP) inteface up and working, allocated the 8 switch ports to a single VLAN and happily ping the address allocated to the VLAN.
Need to use the FastEthernet0 as the inside and PPP as the outside to provide eventually a link to another site over a VPN.
I have allocated an IP address of 192.168.35.230 to the the IP address of the VLAN.
I want my default route to be point to thr FastEthernet0 interface. So set that to 192.168.35.254 and try to apply that IP to the FastEthernet0 interface. Return IP address map error if i assign this. I dont seem to be able to assign an IP to the interface and use this as the default gateway
 
0
Comment
Question by:ccfcfc
  • 8
  • 7
15 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22730643
I'm not sure I follow you.

You've got three networks:
8 switch ports with a VLAN interface on the 192.168.35.0 network
What network is the Fastethernet 0 interface on?
Do you have a serial interface using PPP? What network is that on?

Can you post your current config?

0
 

Author Comment

by:ccfcfc
ID: 22732323
Yes the 8 ports are in VLan100
See current config concerning the interfaces in question. Hope this helps.


interface FastEthernet0
 no ip address
 speed 100
 full-duplex
 vlan-id dot1q 10
  exit-vlan-config
 !
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown

interface FastEthernet1 -8 are the same
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 no ip address
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452

interface Vlan100
 ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
 description internet dialer
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname Bxxxx@xxxx.btclick.com
 ppp chap password 0 xxxx1
 ppp pap sent-username Bxxxx@xxxx.btclick.com password 0 xxxxxx01
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map intamap
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable
!
ip local pool isl-remote-pool 192.168.200.1 192.168.200.10
ip default-gateway 192.168.34.254
ip route 0.0.0.0 0.0.0.0 Dialer1

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22734044
I still don't understand what you're trying to accomplish.

>I have allocated an IP address of 192.168.35.230 to the the IP address of the VLAN.

>So set that to 192.168.35.254 and try to apply that IP to the FastEthernet0 interface.

Both of those IP addresses are on the same network.  You can't have two layer 3 interfaces connected to the same network.

0
 

Author Comment

by:ccfcfc
ID: 22738451
Ok, So I can easily apply a different Ip adress to the FastEthernet0.
Once I have done that, will set my default gateway to this IP address. Then when clients that are connected on any of the FastEthernet1-8 ports should attempt to connect via the FastEthernet0 which should then go out the DIALER interface . Is that correct. ?
Obviously assuming U have the access-list are sorted out ?

I am using this router at as remote site with ADSL conenction only to provide a DR site with a few servers on , conencting to the mainoffice via a VPN session between the main PIX firewall and this router. I am more used to using PIX firewalls. Hope this helps a  little.


0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22739794
Any of the hosts connected to ports 1-8 will have their default gateway set to the IP address of the VLAN 100 interface.
0
 

Author Comment

by:ccfcfc
ID: 22739899
so the default  gateway on the 1801 shoudl be the FastEthernet0 Ip address then ?
assuming i put in the line ip route 0.0.0.0 0.0.0.0 dialer1 that should allow access or a route out for hosts on the Vlan100 and go out via FastEthernet0 which will route OUT via the Dialer1 address ?
 
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22739990
I'm really sorry, but I can't figure out what you're asking.

>so the default  gateway on the 1801 shoudl be the FastEthernet0 Ip address then ?

The 1801 is a router. Routers don't have default gateways. They can have a default route. If the default route points out a point-to-point link, then you can use it's interface instead of the next hop address:
ip route 0.0.0.0 0.0.0.0 dialer0

If the default route points out a multi-access interface (ethernet) then you need to specify an actual next hop address:
ip route 0.0.0.0 0.0.0.0 192.168.1.1

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:ccfcfc
ID: 22765493
Well I am trying to set this 1801 ADSL router to be a remote DR -so the PPP connection will be connected back to the main site via a VPN. The on-site servers will be connected to one of the 8 interfaces (FastEthernet1-8) The interface FastEthernet0 to be defined as "inside" .
So need the servers on the FastEthernet interface to have access to outside for either web access or down the VPN to the head office.
Although I can ping external IP's from the router, so I know the PPP connection is up, I cannot from a device connected into FastEthernet1. Also, ho do I get it to use the dialup providers DNS ? SHoudl it get picker up automatically or do I need to issue a command ?
See config below. Hope this helps

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname intamac-dev-backup
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$5NrE$ZFNFFGJfKqI6X.NU5ec/5.
!
aaa new-model
ip cef
no ip dhcp use vrf connected
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-1452941595
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1452941595
 revocation-check none
 rsakeypair TP-self-signed-1452941595
!
!
crypto dynamic-map remote-map 10
 set security-association idle-time 1800
crypto map intamap 1000 ipsec-isakmp dynamic remote-map

interface FastEthernet0
 ip address 192.168.34.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
 vlan-id dot1q 10
  exit-vlan-config
 !
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet2
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet3
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet4
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet5
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet6
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet7
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet8
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Virtual-PPP1
 no ip address
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 no ip address
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan100
 ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
 description internet dialer
 ip address xxx.xxx.xxx.xxx 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname xxxxxx@hg39.btclick.com
 ppp chap password 0 xxxxxxx
 ppp pap sent-username xxxxxxxx@hg39.btclick.com password 0 xxxxxxx
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map intamap
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable
!
ip local pool isl-remote-pool 192.168.200.1 192.168.200.10
ip default-gateway 192.168.34.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.34.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
 

Author Comment

by:ccfcfc
ID: 22765522
sorted the DNS lookup on the router, just took the NO off on the IP DNS LOOKUP line.....this is working,  but not for the devices in the FastEthernet1 interface.
0
 

Author Comment

by:ccfcfc
ID: 22774371
I seem to be struggling which getting traffic out from the interfaces in the VLAN100 , I know traffic is going out the dialer (PPP interafce) as I can ping external IP's and Web Sites from the router. Any device that is connected to FastEthernet1-8 doesnt seem to have a route out.
I have added the line  "ip route 0.0.0.0 0.0.0.0 Dialer1" .

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22775336
You need to add a line to your ACL the defines your dialer-group.

access-list 1 permit 192.168.35.0 0.0.0.255

Open in new window

0
 

Author Comment

by:ccfcfc
ID: 22775504
Have added that line still no difference, see output from sh ip route :-

tamac-dev-backup#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
     217.41.207.0/32 is subnetted, 1 subnets
C       217.41.207.73 is directly connected, Dialer1
     217.41.116.0/28 is subnetted, 1 subnets
C       217.41.116.224 is directly connected, Dialer1
C    192.168.35.0/24 is directly connected, Vlan100
S*   0.0.0.0/0 is directly connected, Dialer1
intamac-dev-backup#
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 22775547
Sorry, I didn't notice you were doing NAT.

You need to define interface VLAN 100 as an inside interface.
0
 

Author Comment

by:ccfcfc
ID: 22776286
Thats worked, why did I need to do that ?
One other quick question before i give you the points, DNS works on the router (enables it) what do I need to set up the clients on FastEthernet1-8 to use as DNS - the Dialer interface ?

Thanks
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22776412
It looks like you've got a public address on the dialer interface. Which indicates it's connected to the internet. Private IP addresses are not allowed on the internet. Any packet with a private source or destination address is discarded by routers on the internet. So in order for your inside traffic to transit the internet, they need to have their address translated to a legal, public address.

You can use any DNS server you want on the hosts. Just set your hosts to use 4.2.2.1 and 4.2.2.2

http://theos.in/windows-xp/free-fast-public-dns-server-list/

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now