[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 497
  • Last Modified:

Cisco 2811 Configuration Assiatance

I have a cisco 2811 and have a pretty simple deployment which i am having trouble with.
The router has 2 network interfaces fe 0/0 and fe 0/1
I have 5 computers that need access to the internet but do not need to communicate with each other (No Nat), so each computer will have its own public ip address which is provided from a dhcp server on the ISP side.
I can setup fe 0/0 with a static public ip address and i can communicate with it from the web but i cannot get any computers on the switch going into fe 0/1 connect to the internet. Do i need to bridge the connections somehow? Also how should i assign the ip addresses of fe 0/0 and fe 0/1 since the computers will end up with public IP addresses
0
v46n
Asked:
v46n
  • 9
  • 6
1 Solution
 
asavenerCommented:
Let me first say that exposing PCs directly to the internet is a really bad idea.

That said, I think you can accomplish what you're trying to do by using the "ip unnumbered interface name" command.

Interface F0/0
ip address w.x.y.z

int f0/1
ip unnumbered interface f0/0
0
 
v46nAuthor Commented:
its a mini isp situation. I expect these people to use routers from their own end, i just want to pass everything on. What you suggest i use for ip addresses for these interfaces. I cant use them in the same subnet and i only really need to manage from the insise.
0
 
v46nAuthor Commented:
nevermind i didnt read the top post correctly
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
bkepfordCommented:
Are you doing any routing? Why you even need to be involved? Why not put in a good switch to manage policies (rate limiting and such if needed). and let the ISP control IP. This way you can setup a private VLAN that would truly separate your "customers".
0
 
v46nAuthor Commented:
its actually for a wireless tower there is 58nodes on a fibre connection, there is 5 towers this is the 1st tower we want to do, for simplicity of the question i said 5 computers. right now we are using switches but need to restrict services like people broadcasting their own dhcp, spam, etc
We currently arent doing the routing but hope to eventually. Just need to control the tower first.
0
 
bkepfordCommented:
If you can get a Cisco Multilayer switch (Cisco 3560)  then you could do what you are trying to do with private VLANs that is were you have isolated ports (all on the same VLAN) that can not see each other but can see the provider (or promiscous port). Lots of vendors do this I like Cisco best though.

If you only need a fiber connection you can get a Fiber SFP port.

Another implementation of the same concept (that I just thought of) would put an 16 port switch network module (NME-16ES-1G) in your router and do the same thing.
0
 
v46nAuthor Commented:
we have a fibre backbone (50mb up down) which is fed to a cisco switch then to an AP then to clients. I want to control traffic from the  tower before exiting.

it tried the rule above, had to remove interface from the bottom line. I still cannot talk between the 2 interfaces. I have 2 laptops plugged into each port with crossovers cables.

Interface F0/0
ip address w.x.y.z

int f0/1
ip unnumbered f0/0

0
 
v46nAuthor Commented:
your answer would work with the switching but our fibre provider actually assigns us our own vlan. so we would at minumum need 1 router to do translation
0
 
v46nAuthor Commented:
Point-to-point (non-multi-access) interfaces only
is what i get when setting f0/1
0
 
bkepfordCommented:
You only need one vlan. no translation needed. The way Private Vlans work . Is one vlan where Promiscious ports talk to every thing and isolated ports talk to nothing but the promiscious ports. You can also have communities where you have a group that can talk but they can not communicate with isolated ports but only with the promiscious port.
0
 
v46nAuthor Commented:
ok that makes sense. I still cant seem to communicate between f0/0 and f0/1 because it wont allow me to use the unnumbered ip. Is there is something i am missing?
0
 
bkepfordCommented:
Here's your problem you are trying to bridge with a router to do this you have to use a bridging protocol.

Try something like this where you bridge the two sides and then assign the ip to the BVI(Bridged Virtual Interface)


interface Fastethernet 0/0
 no ip address
 bridge-group 1
!
interface Fastethernet 0/1
 no ip address
 bridge-group 1
!
interface BVI 1
 ip address x.x.x.x x.x.x.x
!
bridge irb
bridge 1 protocol ieee
 bridge 1 route ip

Open in new window

0
 
v46nAuthor Commented:
ok im in console setup the 2 interfaces when i try to create the BVI 1 interface i get integrated routing and bridging not configured
0
 
bkepfordCommented:
configure this first


bridge irb
0
 
v46nAuthor Commented:
thanks worked perfectly!! So if i need to configure anything now i do it under BVI 1 i assume?
0
 
bkepfordCommented:
Yep, the BVI is the combined interface.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now