techspeciali
asked on
Configure static routes on differents Interface on the same router
Hi,
I have a cisco router 3845 with 16 FastEthernet Ports.
Each Ports are connecting to different networks.
For example those are the networks connected to my interfaces:
E1/0: 10.1.1.0 /24
E1/1: 10.2.1.0 /24
E1/2 192.168.1.0 /24
E1/3 192.168.10.16/29
E1/4 10.20.20.1 / 24
Let's pretend this.
E1/0 needs to communicate with E1/1 and E1/2 but not with the others interfaces
E1/1 needs to communicate with E1/0 and E/1/3 but not with the others interfaces
E1/2 only need to communicate with E1/0 and not with the others interfaces.
.
.
.
My question is how can i configure that on my cisco.
Do I have to create differents vlans for each network and then assigned them to an interfaces?
If yes, how can i add static routes on vlans interfaces?
Thanks a lot for your help
I have a cisco router 3845 with 16 FastEthernet Ports.
Each Ports are connecting to different networks.
For example those are the networks connected to my interfaces:
E1/0: 10.1.1.0 /24
E1/1: 10.2.1.0 /24
E1/2 192.168.1.0 /24
E1/3 192.168.10.16/29
E1/4 10.20.20.1 / 24
Let's pretend this.
E1/0 needs to communicate with E1/1 and E1/2 but not with the others interfaces
E1/1 needs to communicate with E1/0 and E/1/3 but not with the others interfaces
E1/2 only need to communicate with E1/0 and not with the others interfaces.
.
.
.
My question is how can i configure that on my cisco.
Do I have to create differents vlans for each network and then assigned them to an interfaces?
If yes, how can i add static routes on vlans interfaces?
Thanks a lot for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Depends what you want to do, but the example I gave you controls what comes inbound to that port into the router. So you would do that for each interface you want to have limits on.
ASKER
Ok I understand that.
To test it, i simulate each network by plugging a laptop but i"m not able to ping each other.
Do I have to add a route on each device?
To test it, i simulate each network by plugging a laptop but i"m not able to ping each other.
Do I have to add a route on each device?
You said you have a 3845 with 16 fastethernet interfaces? Are they layer 3 interface or is that a 16 port switch module with layer 2 interfaces you are talking about? It makes a difference in how you do this.
If we are talking layer 3 interfaces, then when you assign an ip address to the interface the router automatically inserts a Connected route into the routing table when the interface comes up. Also, to plug a laptop into a layer 3 interface on the router you will need a crossover cable.
why dont you post your config.
If we are talking layer 3 interfaces, then when you assign an ip address to the interface the router automatically inserts a Connected route into the routing table when the interface comes up. Also, to plug a laptop into a layer 3 interface on the router you will need a crossover cable.
why dont you post your config.
ASKER
It's a 16 port FastEthernet layer 2 Interfaces(NM-ESW-16), I cannot Assigned an Specific IP on It, only created Vlans.
My Config:
!
archive
log config
hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 10.x.x.x 255.255.255.248
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface FastEthernet1/0
switchport access vlan 22
switchport trunk native vlan 22
switchport mode trunk
!
interface FastEthernet1/1
switchport access vlan 168
!
interface FastEthernet1/2
switchport access vlan 93
!
interface FastEthernet1/3
switchport access vlan 204
switchport trunk native vlan 3
switchport mode trunk
!
interface FastEthernet1/4
switchport trunk native vlan 4
switchport mode trunk
!
interface FastEthernet1/5
switchport trunk native vlan 5
switchport mode trunk
!
interface FastEthernet1/6
switchport trunk native vlan 6
switchport mode trunk
!
interface FastEthernet1/7
switchport access vlan 204
!
interface FastEthernet1/8
shutdown
!
interface FastEthernet1/9
shutdown
!
interface FastEthernet1/10
shutdown
!
interface FastEthernet1/11
shutdown
!
interface FastEthernet1/12
shutdown
!
interface FastEthernet1/13
shutdown
!
interface FastEthernet1/14
shutdown
!
interface FastEthernet1/15
!
interface GigabitEthernet1/0
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 192.168.x.1 255.255.255.248
ip access-group 103 in
!
interface Vlan4
ip address 192.168.x.17 255.255.255.248
ip access-group 104 in
!
interface Vlan5
ip address 192.168.x.33 255.255.255.248
!
interface Vlan6
ip address 192.168.x.65 255.255.255.248
!
interface Vlan22
ip address 10.x.x.0 255.255.0.0
ip access-group 122 in
!
interface Vlan93
ip address 10.x.x.10 255.255.255.0
!
interface Vlan168
ip address 10.x.x.1 255.255.255.0
ip access-group 168 in
!
interface Vlan204
ip address 192.168.x.1 255.255.255.0
!
ip forward-protocol nd
ip route 10.x.x.0 255.255.255.0 Vlan93 2 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
!
access-list 103 remark xxxxxxxxx
access-list 103 remark SDM_ACL Category=1
access-list 103 remark xxxxxxxxx
access-list 103 permit ip 192.168.x.0 0.0.0.15 10.x.0.0 0.0.255.255
access-list 103 remark xxxxxxxxx
access-list 103 permit ip 192.168.x.0 0.0.0.15 10.x.x.0 0.0.0.255
access-list 103 remark xxxxxxxxx
access-list 103 permit ip 192.168.x.0 0.0.0.15 192.168.x.0 0.0.0.255
access-list 104 remark xxxxxxxxx
access-list 104 remark SDM_ACL Category=1
access-list 104 remark xxxxxxxxx
access-list 104 permit ip 192.168.x.16 0.0.0.15 10.x.x.0 0.0.0.255
access-list 104 remark xxxxxxxxx
access-list 104 permit ip 192.168.x.16 0.0.0.15 10.x.0.0 0.0.255.255
access-list 104 remark xxxxxxxx
access-list 104 permit ip 192.168.x.16 0.0.0.15 192.168.x.64 0.0.0.15
access-list 122 remark xxxxxxxxx
access-list 122 remark SDM_ACL Category=1
access-list 122 remark xxxxxxxxxx
access-list 122 permit ip 10.x.0.0 0.0.255.255 192.168.x.0 0.0.0.15
access-list 122 remark permit xxxxxxxx
access-list 122 permit ip 10.22.0.0 0.0.255.255 192.168.x.16 0.0.0.15
access-list 168 remark xxxxxxxxxxxx
access-list 168 remark SDM_ACL Category=1
access-list 168 permit ip 10.x.x.0 0.0.0.255 192.168.x.16 0.0.0.15
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Thanks
My Config:
!
archive
log config
hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 10.x.x.x 255.255.255.248
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface FastEthernet1/0
switchport access vlan 22
switchport trunk native vlan 22
switchport mode trunk
!
interface FastEthernet1/1
switchport access vlan 168
!
interface FastEthernet1/2
switchport access vlan 93
!
interface FastEthernet1/3
switchport access vlan 204
switchport trunk native vlan 3
switchport mode trunk
!
interface FastEthernet1/4
switchport trunk native vlan 4
switchport mode trunk
!
interface FastEthernet1/5
switchport trunk native vlan 5
switchport mode trunk
!
interface FastEthernet1/6
switchport trunk native vlan 6
switchport mode trunk
!
interface FastEthernet1/7
switchport access vlan 204
!
interface FastEthernet1/8
shutdown
!
interface FastEthernet1/9
shutdown
!
interface FastEthernet1/10
shutdown
!
interface FastEthernet1/11
shutdown
!
interface FastEthernet1/12
shutdown
!
interface FastEthernet1/13
shutdown
!
interface FastEthernet1/14
shutdown
!
interface FastEthernet1/15
!
interface GigabitEthernet1/0
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 192.168.x.1 255.255.255.248
ip access-group 103 in
!
interface Vlan4
ip address 192.168.x.17 255.255.255.248
ip access-group 104 in
!
interface Vlan5
ip address 192.168.x.33 255.255.255.248
!
interface Vlan6
ip address 192.168.x.65 255.255.255.248
!
interface Vlan22
ip address 10.x.x.0 255.255.0.0
ip access-group 122 in
!
interface Vlan93
ip address 10.x.x.10 255.255.255.0
!
interface Vlan168
ip address 10.x.x.1 255.255.255.0
ip access-group 168 in
!
interface Vlan204
ip address 192.168.x.1 255.255.255.0
!
ip forward-protocol nd
ip route 10.x.x.0 255.255.255.0 Vlan93 2 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
!
access-list 103 remark xxxxxxxxx
access-list 103 remark SDM_ACL Category=1
access-list 103 remark xxxxxxxxx
access-list 103 permit ip 192.168.x.0 0.0.0.15 10.x.0.0 0.0.255.255
access-list 103 remark xxxxxxxxx
access-list 103 permit ip 192.168.x.0 0.0.0.15 10.x.x.0 0.0.0.255
access-list 103 remark xxxxxxxxx
access-list 103 permit ip 192.168.x.0 0.0.0.15 192.168.x.0 0.0.0.255
access-list 104 remark xxxxxxxxx
access-list 104 remark SDM_ACL Category=1
access-list 104 remark xxxxxxxxx
access-list 104 permit ip 192.168.x.16 0.0.0.15 10.x.x.0 0.0.0.255
access-list 104 remark xxxxxxxxx
access-list 104 permit ip 192.168.x.16 0.0.0.15 10.x.0.0 0.0.255.255
access-list 104 remark xxxxxxxx
access-list 104 permit ip 192.168.x.16 0.0.0.15 192.168.x.64 0.0.0.15
access-list 122 remark xxxxxxxxx
access-list 122 remark SDM_ACL Category=1
access-list 122 remark xxxxxxxxxx
access-list 122 permit ip 10.x.0.0 0.0.255.255 192.168.x.0 0.0.0.15
access-list 122 remark permit xxxxxxxx
access-list 122 permit ip 10.22.0.0 0.0.255.255 192.168.x.16 0.0.0.15
access-list 168 remark xxxxxxxxxxxx
access-list 168 remark SDM_ACL Category=1
access-list 168 permit ip 10.x.x.0 0.0.0.255 192.168.x.16 0.0.0.15
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The reason why i don't have trunk mode on all those interface is because my config was not complete yet and i want to test between 2 interfaces and make sure it work..
Now im able to ping, my error: Did not put crossover cable into the laptop.
Well for now things seems to go on the right way.
Thanks a lot for your help, really appreciate it.
Now im able to ping, my error: Did not put crossover cable into the laptop.
Well for now things seems to go on the right way.
Thanks a lot for your help, really appreciate it.
ASKER
Do I have create an ACL for the outbound also?