[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1847
  • Last Modified:

Cisco Router VLAN and Public IP Config

I have a 2621XM router with 2- T1 WICs. The ISP gave us 2- /29 subnets, one for each T1. The goal, is to have public IP addresses assigned to equipment on the LAN side of the router.

Ok, this is what weve got:
-2621XM router with 2 T1 WICs (weve got 2 T1s)
-2924 Catalyst
-Polycom Phones (Soundpoint IP 650 and 501)
-2 Separate /29 networks  one for each T1

This is what I got configured:
-3 VLANS (2 for each company, and 1 for voice traffic) with private IP address
-Each port is trunked with a native VLAN for data and a Voice VLAN for the phone
-DHCP works for all 3 VLANS
-S0/1 has one IP in one subnet and S0/0 has one IP in the other subnet
-I have an Ethernet subinterface with an ip unnumbered s0/1

Now, heres how the Ethernet interfaces are configured on the router

Int fa0/1.1
  Description TPI
  Ip address 10.10.0.1 255.255.0.0
  Encapsulation dot1q 10
  Ip nat inside

Int fa0/1.2
  Description USAN
  Ip address 10.20.0.1 255.255.0.0
  Encapsulation dot1q 20
  Ip nat inside

Int fa0/1.3
  Description Voice
  Ip address 172.16.0.1 255.255.0.0
  Encapsulation dot1q 300
  Ip nat inside

Int fa0/1.4
  Description Public IP VLAN
  Encapsulation dot1q 30
  Ip unnumbered serial0/1

Serial0/1
  Ip address a.b.c.d 255.255.255.248
  Encapsulation ppp
  No shutdown

Ok, heres my problem:

I have a port configured on the switch with VLAN 30 on it. (VLAN 30 is the vlan for public IP address) So, I configured a workstation and connected it to the VLAN 30 switch port. I configured it with an IP address in the same subnet as Serial0/1. But, I could not ping the Serial0/1 interface or anything else.

Any help or ideas? Thanks!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password TelComProducts
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.0.1
ip dhcp excluded-address 10.20.0.1
ip dhcp excluded-address 172.16.0.1
!
ip dhcp pool TPI
   import all
   network 10.10.0.0 255.255.0.0
   default-router 10.10.0.1
   dns-server 64.21.232.2 64.21.232.3
   lease 14
!
ip dhcp pool USAN
   import all
   network 10.20.0.0 255.255.0.0
   default-router 10.20.0.1
   dns-server 64.21.232.2 64.21.232.3
   lease 14
!
ip dhcp pool Voice
   import all
   network 172.16.0.0 255.255.0.0
   default-router 172.16.0.1
   dns-server 64.21.232.2 64.21.232.3
   lease 14
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 ip nat inside
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address x.x.x.x 255.255.255.248
 encapsulation ppp
 shutdown
 no fair-queue
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 description TelCom Products Vlan Subif
 encapsulation dot1Q 10
 ip address 10.10.0.1 255.255.0.0
 no ip redirects
 ip nat inside
!
interface FastEthernet0/1.2
 description USA Northland VLAN Subif
 encapsulation dot1Q 20
 ip address 10.20.0.1 255.255.0.0
 no ip redirects
 ip nat inside
!
interface FastEthernet0/1.3
 description Voice VLAN Subif
 encapsulation dot1Q 300
 ip address 172.16.0.1 255.255.0.0
 ip helper-address 10.10.0.1
 no ip redirects
 ip nat inside
!
interface FastEthernet0/1.4
 description Management VLAN Subif
 encapsulation dot1Q 1 native
 ip address 10.1.0.1 255.255.0.0
!
interface FastEthernet0/1.5
 description Public IP VLAN Subif
 encapsulation dot1Q 30
 ip unnumbered Serial0/1
!
interface Serial0/1
 ip address y.y.y.y 255.255.255.248
 ip nat outside
 encapsulation ppp
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x(gateway from ISP)
ip route 0.0.0.0 0.0.0.0 y.y.y.y(gateway from ISP)
ip route 0.0.0.0 0.0.0.0 Serial0/1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Serial0/1 overload
!
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 1 permit 10.20.0.0 0.0.255.255
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 permit 10.1.0.0 0.0.255.255

Open in new window

0
paulnet
Asked:
paulnet
1 Solution
 
JFrederick29Commented:
Pretty sure you can't use "ip unnumbered" on an ethernet interface.  Try flipping the ethernet and serial:

interface Serial0/1
 ip unnumbered FastEthernet0/1.5
 ip nat outside
 encapsulation ppp

interface FastEthernet0/1.5
 description Public IP VLAN Subif
 encapsulation dot1Q 30
  ip address y.y.y.y 255.255.255.248

If that doesn't work I would ask your ISP for a /30 subnets to use on the Serial interfaces and the /29's to be used on the LAN side of the router.  If they won't do that, you can use NAT on the router and do 1-1 static NAT's for the hosts on the public LAN.
0
 
QuoriCommented:
FYI you can use IP Unnumbered on SUB Ethernet interfaces, not the base one.

Maybe also setup briding between the two interfaces and assign the IP to BVI1.
0
 
paulnetAuthor Commented:
Ok, I called my ISP and got a /29 address space for the router. And after speaking with them for a while, I got help on setting NAT across the PPP multilink
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now