?
Solved

cisco 877 route to wan over fastethernet

Posted on 2011-05-07
20
Medium Priority
?
2,635 Views
Last Modified: 2012-08-13
HI Experts,

We have been using the router for Adsl connection and it is all working good however now we have fiber internet in place and i need to route all my connection to the FE 1 .

Currently I have vlan 1 192.168.0.10 and local ip data
vlan 2: 192.168.100.1 Wireless (Dot 1 Radio) (Fe0)
vlan 3: 192.168.200.1 Phone Lan (Fe2)
Vlan 4: external IP xxx.xxx.2x6.x34 /30 (Fe1)
Vlan 5: VPN backhaul 10.10.10.2/30 (Fe3)

I woudl like to route to the WAN via FE1. Please advise if this is possible. See my config below and i have advance ip services already. Let me know what changes are needed.

Current configuration : 7291 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pfcisco
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-22.T1.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$u72h$7LBDWXc1cupMYDu5conB81
!
no aaa new-model
clock timezone WST 8
!
crypto pki trustpoint TP-self-signed-223618724
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-223618724
 revocation-check none
 rsakeypair TP-self-signed-223618724
!
!
crypto pki certificate chain TP-self-signed-223618724
 certificate self-signed 01
  30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32323336 31383732 34301E17 0D303230 33303130 30303835
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3232 33363138
  37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C14C325F 999A0888 8A446F30 9F4ED8DD 25994CA0 37712BB0 3087A411 F4B762A8
  CC5F9932 647B4FDE BE0EF344 7C60418F 75A0DE3B 776B5340 843CBC11 91524A2B
  9355C296 454EB064 9FD03BAD 4418B22A 8FB9770E FF036F63 4121C186 AFE2F78C
  2DC7B2A6 6BE59571 C6AEF9BA C979F24C A76D5964 B5C93B52 769D2FC3 8C596FE9
  02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
  11041730 15821370 66636973 636F2E70 66656E67 2E6C6F63 616C301F 0603551D
  23041830 16801442 85B55C32 492BEBBB CEBF70ED 15E87AFB 1F5CDF30 1D060355
  1D0E0416 04144285 B55C3249 2BEBBBCE BF70ED15 E87AFB1F 5CDF300D 06092A86
  4886F70D 01010405 00038181 006E69F1 2181D2AA F638B98D 73202E32 F278AC61
  8C6B3E75 39D047A8 9B8D8A14 477D6390 86BA9C17 1890D70D C92CFF40 71BEFF33
  CE1BD671 AC00598C 068E6AE2 98C80E30 90F89027 62CA379C 87C0C8A9 22A95706
  58A8CD90 985D0A3D AC258EE5 60809EAE A878B9DD 0FD8945E 86B6C12A 4B3DF103
  9625C207 4B013741 EF87E3A5 7D
        quit
dot11 association mac-list 700
dot11 syslog
!
dot11 ssid pfwifi
 vlan 2
 authentication open
 authentication key-management wpa
 wpa-psk ascii 7 08731F1A58495505130200
!
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool Wireless
   network 192.168.100.0 255.255.255.0
   domain-name pfeng.local
   dns-server 192.168.0.1 203.153.224.42
   default-router 192.168.100.1
!
!
ip cef
no ip bootp server
ip domain name pfeng.local
ip name-server 192.168.0.1
ip name-server xxx.xxx.xx.xxx
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username xxxxxxx privilege 15
!
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
bridge irb
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 ip flow ingress
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
 description Fibre
 switchport access vlan 4
!
interface FastEthernet2
 switchport access vlan 3
!
interface FastEthernet3
 description VPN Backhaul to Broome
 switchport access vlan 5
 duplex full
 speed 10
!
interface Dot11Radio0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 !
 encryption vlan 2 mode ciphers tkip
 !
 ssid pfwifi
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 channel least-congested 2412 2442 2462
 station-role root
 no cdp enable
!
interface Dot11Radio0.1
 description Wireless vlan2
 encapsulation dot1Q 2
 ip address 192.168.100.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.0.10 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
interface Vlan2
 no ip address
!
interface Vlan3
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan4
 ip address xxx.xxx.2x6.x34 255.255.255.252
 ip nat inside
 ip virtual-reassembly
!
interface Vlan5
 ip address 10.10.10.2 255.255.255.252
!
interface Dialer0
 ip address xxx.xx.xxx.xxx 255.255.255.128
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname pfeng3
 ppp chap password 7 1407140E02033A2A373B6B6D
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.166 255.255.255.255 FastEthernet1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.0.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.1 1723 interface Dialer0 1723
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.166 3389 interface Dialer0 3389
ip nat inside source list 2 interface FastEthernet1 overload
ip nat inside source list 3 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.170 9000 interface Dialer0 9000
ip nat inside source static tcp 192.168.0.170 18004 interface Dialer0 18004
ip nat inside source static tcp 192.168.0.1 25 interface Dialer0 25
ip nat inside source static tcp 192.168.0.170 8080 interface FastEthernet1 8080
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 3 remark SDM_ACL Category=130
access-list 3 remark Wireless Lan
access-list 3 permit 192.168.100.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 102 remark Wireless traffic
access-list 700 permit 0026.ff79.55e0   0000.0000.0000
access-list 700 permit 0023.146c.6c18   0000.0000.0000
access-list 700 permit 000e.35cf.2cdd   0000.0000.0000
access-list 700 permit dc2b.6109.1d12   0000.0000.0000
access-list 700 permit dc2b.6138.47e7   0000.0000.0000
access-list 700 permit 74f0.6d4d.765d   0000.0000.0000
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
banner exec ^CSuccessful Login! Save Settings before making any changes.^C
banner login ^C
Authorised Users only! Please Contact Administrator.^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 access-class 1 in
 exec-timeout 30 0
 privilege level 15
 password 7 14071408051729247578
 login
 transport input telnet ssh
 transport output none
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp server 203.161.12.165 prefer
end

Thanks in advance.

0
Comment
Question by:mun_84
  • 12
  • 6
  • 2
20 Comments
 

Author Comment

by:mun_84
ID: 35711627
i might add that i want to disable dialer 0 entirely
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 400 total points
ID: 35711945
You could try...

interface Vlan4
no ip nat inside
ip nat outside
exit
no ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 xxx.xxx.2x6.x33
      (This should be the IP of the router connected to FastEthernet1)


As the IP address is a /30 you could configure FastEthernet1 as a Layer3 port instead of configuring it as a switchport and assigning the IP to Vlan4 - although it will work just the same.
0
 
LVL 2

Accepted Solution

by:
sumandan earned 1600 total points
ID: 35714280
simple...

step 1)   "no switchport" on the FE1 interface.
step 2) "ip route 0.0.0.0 0.0.0.0 <ip address of the remote end of the fibre connection >
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:mun_84
ID: 35714285
will try in 2-3 hrs and let you guys know
0
 

Author Comment

by:mun_84
ID: 35714330
how about the access list? will that need to be deleted and redo?
0
 
LVL 2

Expert Comment

by:sumandan
ID: 35714411
the interface fe1 should have an "ip nat outside" on it.
0
 
LVL 2

Expert Comment

by:sumandan
ID: 35714418
acl is fine
0
 

Author Comment

by:mun_84
ID: 35714732
i cant apply ip nat outside on FE1
0
 

Author Comment

by:mun_84
ID: 35715055
i manage to get it working however then i close dialer 0 and shutdown i loose internet connectivity. Can you point to what is doing on. Thanks.
0
 

Author Comment

by:mun_84
ID: 35715077
i tried RDP 3389 to my local desktop and it doesnt work too?
0
 
LVL 2

Assisted Solution

by:sumandan
sumandan earned 1600 total points
ID: 35715421
can you remove the "ip nat outside" from the dialer interface and then put it on the fe1.
Also remove the "ip route 0.0.0.0 0.0.0.0 Dialer0"

I think then, even if you shutdown the dialer it should not affect anything.
0
 

Author Comment

by:mun_84
ID: 35715429
how about this line here do i need to change it?

ip nat inside source list 1 interface Dialer0 overload
0
 

Author Comment

by:mun_84
ID: 35715433
i dont think you can assign ip nat outside on FE3 as it is a swichtport. If i dont make it a switchport i cant assign an ip address? this is an 877w router by the way
0
 
LVL 2

Expert Comment

by:sumandan
ID: 35715437
Once you remove the "ip nat outside" from the dialer intf, this line would not carry anything...So doesnt really matter if it is there or not
0
 

Author Comment

by:mun_84
ID: 35715468
not really . I just did that and now i lost connectivity to the router!
0
 

Author Comment

by:mun_84
ID: 35717116
I figured it out. instead of using interface FastEthernet 1 you have to you the vlan that the nat outside is on.

ip nat inside source list 1 interface valn 4 overload
ip nat inside source static tcp 192.168.0.166 3389 interface vlan 4 3389
ip nat inside source list 2 interface vlan 4 overload
ip nat inside source list 3 interface vlan 4 overload


Thanks Sumandan for getting me hald way there!
0
 
LVL 2

Expert Comment

by:sumandan
ID: 35717750

Sure thing....But as a practice, a router is used to route traffic out over an L3 WAN interface, with an ip address on its outside interface.There are quite a few policies/commands that may not apply on a Vlan interface as compared to a routed interface. But since your requirements are pretty straight forward and simple, you could use the vlan ( mostly a switching scenario) to achieve what you needed.
0
 

Author Comment

by:mun_84
ID: 35717832
well i get what you mean however on an 877 you dont have FE as layer 3 unless you make it a switchport. I get what you mean and will use it in my Cisco knowledge. Thanks agian
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 35718597
Sorry guys, but I'm just reading what's actually been done here, and it appears that my solution was what was actually done!?
0
 

Author Comment

by:mun_84
ID: 35718620
Yea and so i rewarded you accordingly. Sumandan appeared more helpful as he was quick with the responses.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question