jasonmichel
asked on
Adding WAN connection to switchport in Cisco 877
Currently have a Cisco 877 router with an ADSL card and the 4 port switch builtin. Currently it appears the LAN is configured as all the switchports as VLAN 1. We just purchased a new Cable connection. So not have a WAN interface and only the 4 switch ports, is there a way to add the WAN connection and keep the LAN Vlan or assign both to individual interfaces? heres the config as it sits
Building configuration...
Current configuration : 6270 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname COB_WAT
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login USER_VPN local
aaa authorization exec default local
aaa authorization network GROUP_VPN local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.11.1 10.1.11.49
ip dhcp excluded-address 10.1.11.61 10.1.11.254
!
ip dhcp pool WAT_Pool
network 10.1.11.0 255.255.255.0
domain-name cobnet.cityofbellevue.com
default-router 10.1.11.1
dns-server 10.1.1.26 208.67.220.220
!
!
no ip domain lookup
ip domain name cityofbellevue.com
ip name-server 208.67.220.220
ip name-server 208.67.222.222
ip inspect name DEFAULT100 http
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
vpdn enable
!
vpdn-group 1
request-dialout
protocol l2tp
!
!
!
crypto pki trustpoint TP-self-signed-1851141259
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1851141259
!
!
crypto pki certificate chain TP-self-signed-1851141259
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383531 31343132 3539301E 170D3032 30333031 30303337
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353131
34313235 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F525 20CC48B0 CC518770 E0CD54E4 D475F7AF AAE59587 71635D5E 342EDC6C
C45181ED 9E3C0284 27810867 DD9ECE45 16DF1D3C 270CEB09 8E890E8E F40DC18D
35B2B804 9E1A3D13 CAEF09A9 10FCF268 5865773C EC04E069 0C0B9C65 61F12213
D907C724 9DA7BDC0 3EC3BC0A 966B2E26 25C7D0EF 6DE20591 6291B3CC D2C20E26
4BC70203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A434F42 5F574154 2E636974 796F6662 656C6C65 7675652E
636F6D30 1F060355 1D230418 30168014 5E950995 1ACA8B8C 616CAE70 B382DDAA
3799AAC5 301D0603 551D0E04 1604145E 9509951A CA8B8C61 6CAE70B3 82DDAA37
99AAC530 0D06092A 864886F7 0D010104 05000381 81003DA3 CA146AF3 BDAE9D52
E1645896 37859961 98034621 CDFBA5BD C1964B6A B65CC319 D447CF4A 28EF66CB
5BBB593E C3C7FC86 B50DC4AC 7C70D2DE 290AF508 F2C3A081 B1821125 DCA09662
DCD399D5 43FCFB4D F8B5FE5F EBBCE78C 48717100 6667E181 1F6CFF3B 100F29C8
C79E6025 AE7380FF 26BBEF48 DCE4EE44 BF0A0237 B68A
quit
username $1$Y4fB$I8ywbW7hmT0QWQbt1y
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key MW_WATERTunnel address 1.1.1.1 no-xauth
crypto isakmp key WAT_0669691419 address 1.1.1.1 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 15
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
!
crypto map VPN client authentication list USER_VPN
crypto map VPN isakmp authorization list GROUP_VPN
crypto map VPN client configuration address respond
crypto map VPN 15 ipsec-isakmp
description Tunnel to COB
set peer 1.1.1.1
set transform-set 3DES
match address WAT2COB
crypto map VPN 20 ipsec-isakmp
description Tunnel to MW
set peer 1.1.1.1
set transform-set 3DES
match address WAT2MW
!
bridge irb
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface ATM0
description OUTSIDE_WAN
no ip address
ip virtual-reassembly
no ip route-cache cef
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 0/35
!
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description INSIDE_LAN
ip address 10.1.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface BVI1
ip address 1.1.1.1 255.255.255.128
ip nat outside
ip virtual-reassembly
crypto map VPN
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
ip http server
ip http port 8080
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map NAT pool PAT overload
!
ip access-list extended WAT2COB
remark WAT VPN to COB
permit ip 10.1.11.0 0.0.0.255 10.1.1.0 0.0.0.255
ip access-list extended WAT2MW
remark WAT VPN to MW
permit ip 10.1.11.0 0.0.0.255 192.168.57.0 0.0.0.255
ip access-list extended inet-traffic
deny ip 10.1.11.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 10.1.11.0 0.0.0.255 172.0.0.0 0.255.255.255
deny ip 10.1.11.0 0.0.0.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
!
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server host 10.1.1.25 version 2c public
no cdp run
!
!
!
route-map NAT permit 10
match ip address inet-traffic
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CC
**************************
* Unauthorized access will be prosecuted to the fullest extent of the law. *
* To avoid criminal charges, disconnect NOW! *
**************************
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Building configuration...
Current configuration : 6270 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname COB_WAT
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login USER_VPN local
aaa authorization exec default local
aaa authorization network GROUP_VPN local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.11.1 10.1.11.49
ip dhcp excluded-address 10.1.11.61 10.1.11.254
!
ip dhcp pool WAT_Pool
network 10.1.11.0 255.255.255.0
domain-name cobnet.cityofbellevue.com
default-router 10.1.11.1
dns-server 10.1.1.26 208.67.220.220
!
!
no ip domain lookup
ip domain name cityofbellevue.com
ip name-server 208.67.220.220
ip name-server 208.67.222.222
ip inspect name DEFAULT100 http
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
vpdn enable
!
vpdn-group 1
request-dialout
protocol l2tp
!
!
!
crypto pki trustpoint TP-self-signed-1851141259
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1851141259
!
!
crypto pki certificate chain TP-self-signed-1851141259
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383531 31343132 3539301E 170D3032 30333031 30303337
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353131
34313235 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F525 20CC48B0 CC518770 E0CD54E4 D475F7AF AAE59587 71635D5E 342EDC6C
C45181ED 9E3C0284 27810867 DD9ECE45 16DF1D3C 270CEB09 8E890E8E F40DC18D
35B2B804 9E1A3D13 CAEF09A9 10FCF268 5865773C EC04E069 0C0B9C65 61F12213
D907C724 9DA7BDC0 3EC3BC0A 966B2E26 25C7D0EF 6DE20591 6291B3CC D2C20E26
4BC70203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A434F42 5F574154 2E636974 796F6662 656C6C65 7675652E
636F6D30 1F060355 1D230418 30168014 5E950995 1ACA8B8C 616CAE70 B382DDAA
3799AAC5 301D0603 551D0E04 1604145E 9509951A CA8B8C61 6CAE70B3 82DDAA37
99AAC530 0D06092A 864886F7 0D010104 05000381 81003DA3 CA146AF3 BDAE9D52
E1645896 37859961 98034621 CDFBA5BD C1964B6A B65CC319 D447CF4A 28EF66CB
5BBB593E C3C7FC86 B50DC4AC 7C70D2DE 290AF508 F2C3A081 B1821125 DCA09662
DCD399D5 43FCFB4D F8B5FE5F EBBCE78C 48717100 6667E181 1F6CFF3B 100F29C8
C79E6025 AE7380FF 26BBEF48 DCE4EE44 BF0A0237 B68A
quit
username $1$Y4fB$I8ywbW7hmT0QWQbt1y
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key MW_WATERTunnel address 1.1.1.1 no-xauth
crypto isakmp key WAT_0669691419 address 1.1.1.1 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 15
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
!
crypto map VPN client authentication list USER_VPN
crypto map VPN isakmp authorization list GROUP_VPN
crypto map VPN client configuration address respond
crypto map VPN 15 ipsec-isakmp
description Tunnel to COB
set peer 1.1.1.1
set transform-set 3DES
match address WAT2COB
crypto map VPN 20 ipsec-isakmp
description Tunnel to MW
set peer 1.1.1.1
set transform-set 3DES
match address WAT2MW
!
bridge irb
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface ATM0
description OUTSIDE_WAN
no ip address
ip virtual-reassembly
no ip route-cache cef
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 0/35
!
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description INSIDE_LAN
ip address 10.1.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface BVI1
ip address 1.1.1.1 255.255.255.128
ip nat outside
ip virtual-reassembly
crypto map VPN
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
ip http server
ip http port 8080
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map NAT pool PAT overload
!
ip access-list extended WAT2COB
remark WAT VPN to COB
permit ip 10.1.11.0 0.0.0.255 10.1.1.0 0.0.0.255
ip access-list extended WAT2MW
remark WAT VPN to MW
permit ip 10.1.11.0 0.0.0.255 192.168.57.0 0.0.0.255
ip access-list extended inet-traffic
deny ip 10.1.11.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 10.1.11.0 0.0.0.255 172.0.0.0 0.255.255.255
deny ip 10.1.11.0 0.0.0.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
!
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server host 10.1.1.25 version 2c public
no cdp run
!
!
!
route-map NAT permit 10
match ip address inet-traffic
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CC
**************************
* Unauthorized access will be prosecuted to the fullest extent of the law. *
* To avoid criminal charges, disconnect NOW! *
**************************
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
exactly ...
hope this will work with you ...
hope this will work with you ...
ASKER
what about the VLAN 1 . Because they are all in VLAN 1 now, i shouldn't have to change that right? i can just keep the other 3 in ?
ASKER
here's what I am getting
COB_WAT(config)#interface fa
COB_WAT(config)#interface fastEthernet 3
COB_WAT(config-if)#sw
COB_WAT(config-if)#switchp
COB_WAT(config-if)#switchp
%Access VLAN 2 does not exist. Please add it to vlan database
COB_WAT(config-if)#switchp
^
% Invalid input detected at '^' marker.
COB_WAT(config)#interface fa
COB_WAT(config)#interface fastEthernet 3
COB_WAT(config-if)#sw
COB_WAT(config-if)#switchp
COB_WAT(config-if)#switchp
%Access VLAN 2 does not exist. Please add it to vlan database
COB_WAT(config-if)#switchp
^
% Invalid input detected at '^' marker.
ASKER
nvm..i got it..had to do in database mode
I assumed you know well in Vlans,,
yes as i mentioned above,,by "you need to create Vlan2 1st"
yes as i mentioned above,,by "you need to create Vlan2 1st"
ASKER
sorry late getting back
ASKER