Adding WAN connection to switchport in Cisco 877

jasonmichel
jasonmichel used Ask the Experts™
on
Currently have a Cisco 877 router with an ADSL card and the 4 port switch builtin.  Currently it appears the LAN is configured as all the switchports as VLAN 1. We just purchased a new Cable connection.  So not have a WAN interface and only the 4 switch ports, is there a way to add the WAN connection and keep the LAN Vlan or assign both to individual interfaces?  heres the config as it sits

Building configuration...

Current configuration : 6270 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname COB_WAT
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login USER_VPN local
aaa authorization exec default local
aaa authorization network GROUP_VPN local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.11.1 10.1.11.49
ip dhcp excluded-address 10.1.11.61 10.1.11.254
!
ip dhcp pool WAT_Pool
   network 10.1.11.0 255.255.255.0
   domain-name cobnet.cityofbellevue.com
   default-router 10.1.11.1
   dns-server 10.1.1.26 208.67.220.220
!
!
no ip domain lookup
ip domain name cityofbellevue.com
ip name-server 208.67.220.220
ip name-server 208.67.222.222
ip inspect name DEFAULT100 http
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
vpdn enable
!
vpdn-group 1
 request-dialout
  protocol l2tp
!
!
!
crypto pki trustpoint TP-self-signed-1851141259
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1851141259
 revocation-check none
 rsakeypair TP-self-signed-1851141259
!
!
crypto pki certificate chain TP-self-signed-1851141259
 certificate self-signed 01
  30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383531 31343132 3539301E 170D3032 30333031 30303337
  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353131
  34313235 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100F525 20CC48B0 CC518770 E0CD54E4 D475F7AF AAE59587 71635D5E 342EDC6C
  C45181ED 9E3C0284 27810867 DD9ECE45 16DF1D3C 270CEB09 8E890E8E F40DC18D
  35B2B804 9E1A3D13 CAEF09A9 10FCF268 5865773C EC04E069 0C0B9C65 61F12213
  D907C724 9DA7BDC0 3EC3BC0A 966B2E26 25C7D0EF 6DE20591 6291B3CC D2C20E26
  4BC70203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
  551D1104 1E301C82 1A434F42 5F574154 2E636974 796F6662 656C6C65 7675652E
  636F6D30 1F060355 1D230418 30168014 5E950995 1ACA8B8C 616CAE70 B382DDAA
  3799AAC5 301D0603 551D0E04 1604145E 9509951A CA8B8C61 6CAE70B3 82DDAA37
  99AAC530 0D06092A 864886F7 0D010104 05000381 81003DA3 CA146AF3 BDAE9D52
  E1645896 37859961 98034621 CDFBA5BD C1964B6A B65CC319 D447CF4A 28EF66CB
  5BBB593E C3C7FC86 B50DC4AC 7C70D2DE 290AF508 F2C3A081 B1821125 DCA09662
  DCD399D5 43FCFB4D F8B5FE5F EBBCE78C 48717100 6667E181 1F6CFF3B 100F29C8
  C79E6025 AE7380FF 26BBEF48 DCE4EE44 BF0A0237 B68A
  quit
username $1$Y4fB$I8ywbW7hmT0QWQbt1yi891
!
!
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key MW_WATERTunnel address 1.1.1.1 no-xauth
crypto isakmp key WAT_0669691419 address 1.1.1.1 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 15
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
!
crypto map VPN client authentication list USER_VPN
crypto map VPN isakmp authorization list GROUP_VPN
crypto map VPN client configuration address respond
crypto map VPN 15 ipsec-isakmp
 description Tunnel to COB
 set peer 1.1.1.1
 set transform-set 3DES
 match address WAT2COB
crypto map VPN 20 ipsec-isakmp
 description Tunnel to MW
 set peer 1.1.1.1
 set transform-set 3DES
 match address WAT2MW
!
bridge irb
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.252
!
interface ATM0
 description OUTSIDE_WAN
 no ip address
 ip virtual-reassembly
 no ip route-cache cef
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no snmp trap link-status
 pvc 0/35
 !
 bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description INSIDE_LAN
 ip address 10.1.11.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface BVI1
 ip address 1.1.1.1 255.255.255.128
 ip nat outside
 ip virtual-reassembly
 crypto map VPN
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
ip http server
ip http port 8080
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map NAT pool PAT overload
!
ip access-list extended WAT2COB
 remark WAT VPN to COB
 permit ip 10.1.11.0 0.0.0.255 10.1.1.0 0.0.0.255
ip access-list extended WAT2MW
 remark WAT VPN to MW
 permit ip 10.1.11.0 0.0.0.255 192.168.57.0 0.0.0.255
ip access-list extended inet-traffic
 deny   ip 10.1.11.0 0.0.0.255 192.168.0.0 0.0.255.255
 deny   ip 10.1.11.0 0.0.0.255 172.0.0.0 0.255.255.255
 deny   ip 10.1.11.0 0.0.0.255 10.1.0.0 0.0.255.255
 permit ip 10.1.0.0 0.0.255.255 any
!
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server host 10.1.1.25 version 2c public
no cdp run
!
!
!
route-map NAT permit 10
 match ip address inet-traffic
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CC
*****************************************************************************
* Unauthorized access will be prosecuted to the fullest extent of the law.  *
* To avoid criminal charges, disconnect NOW!                                *
*****************************************************************************
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
hi
1st create vlan2

interace vlan 2
ip address x.x.x.x x.x.x.x
no shut

then assign ethernet ports to the appropriate vlans as:


interface fa0/4
switchport access vlan 2

by the way; cisco 877 can create only 2 vlan's unless you have the advanced ip services IOS.....

Author

Commented:
we do have the advanced IP services. but 2 is all we should need.  Ill give it a try and let you know..thanks

Commented:
exactly ...

hope this will work with you ...
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
what about the VLAN 1 .  Because they are all in VLAN 1 now, i shouldn't have to change that right?  i can just keep the other 3 in ?

Author

Commented:
here's what I am getting

COB_WAT(config)#interface fa
COB_WAT(config)#interface fastEthernet 3
COB_WAT(config-if)#sw
COB_WAT(config-if)#switchport ac
COB_WAT(config-if)#switchport access Vlan 2
%Access VLAN 2 does not exist. Please add it to vlan database
COB_WAT(config-if)#switchport access Vlan2
                                         ^
% Invalid input detected at '^' marker.

Author

Commented:
nvm..i got it..had to do in database mode

Commented:
I assumed you know well in Vlans,,
yes as i mentioned above,,by "you need to create Vlan2 1st"


Author

Commented:
sorry late getting back

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial