pajkico
asked on
5 public IPs on HWIC-4ESW behind Cisco 2821
Hi,
I am trying to setup cisco 2821 with HWIC-4ESW to use public IPs on the HWIC-4ESW
I am authenticating on gi0/0 using pppoe with one IP, and would like to use the resto of public address from HWIC-4ESW to connect other routers and firewalls.
Need help with setting this up.
Regards,
Oljeg
I am trying to setup cisco 2821 with HWIC-4ESW to use public IPs on the HWIC-4ESW
I am authenticating on gi0/0 using pppoe with one IP, and would like to use the resto of public address from HWIC-4ESW to connect other routers and firewalls.
Need help with setting this up.
Regards,
Oljeg
ASKER
thanks, I was looking at "bridging" option, but I didn't like it. Do you think that this is doable with a DMZ port, and then connecting a switch to it, and pulling other IPs from it?
You'll still need to use the SVI and that will become your public edge VLAN.
ASKER
ok, but couldn't I do this on the ordinary wired router, I can authenticate pppoe on the wan port connection, and then use one lan port az DMZ port, assing one of the IPs to it, and route all the IPs through that port ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
you are right, I need to provide two static public IPs to a vendor for his router and asa firewall, and use one for our WAN connection. I was hoping to utilize hwic-4esw for this, and I have tried a few other options. I'll try what you suggested. Do you know of any examples?
Thanks
Thanks
interface di0
no ip address negoatiated
ip unnumbered vlan100
interface vlan100
ip address x.x.x.x y.y.y.y
interface fax/x/x
switchport access vlan 100
Then just hand fax/x/x off to a switch or to the vendors router. This has worked for me in the past, otherwise you can use bridging.
no ip address negoatiated
ip unnumbered vlan100
interface vlan100
ip address x.x.x.x y.y.y.y
interface fax/x/x
switchport access vlan 100
Then just hand fax/x/x off to a switch or to the vendors router. This has worked for me in the past, otherwise you can use bridging.
ASKER
Thanks, I'll try to set this up tomorrow morning. So on my Cisco 2821, eth0/0 is setup for pppoe authentication with one static public IP, eth0/1 is my LAN, and HWIC-4ESW is the 4-port switch card where I need to port 2 additional static public IPs for vendor routers...
Port 0 shouldn't have an IP address configured at all, it would have PPPoE client enabled on it, to a dialer interface. The dialer interface would have the current IP address which needs to be removed (as per the config I provided) and changed over to use the address of the VLAN interface.
I don't think you're quite understanding that you can't and won't have multiple IP addresses from the same range configured on the same router (in this situation).
I don't think you're quite understanding that you can't and won't have multiple IP addresses from the same range configured on the same router (in this situation).
ASKER
this is my current configuration on the Cisco 2821 router:
interface GigabitEthernet0/0
description $ETH-WAN$
no ip address
duplex full
speed auto
pppoe enable group global1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.16.1 255.255.255.0
ip mtu 1452
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Vlan1
no ip address
!
interface Dialer0
ip address XXX.XXX.XXX.XXX 255.255.255.248
ip access-group 103 in
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname username@isp.com
ppp chap password 0 password
ppp pap sent-username username@isp.com password 0 "password"
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
IP address range is from 49 to 54
so I need to modify this as:
interface GigabitEthernet0/0
description $ETH-WAN$
no ip address
duplex full
speed auto
pppoe enable group global1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.16.1 255.255.255.0
ip mtu 1452
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex full
speed 100
no mop enabled
interface vlan100
ip address x.x.x.49 y.y.y.y
!
interface FastEthernet0/3/0
switchport access vlan 100
!
interface FastEthernet0/3/1
switchport access vlan 100
!
interface FastEthernet0/3/2
switchport access vlan 100
!
interface FastEthernet0/3/3
switchport access vlan 100
!
interface Vlan1
no ip address
!
interface Dialer0
no ip address negoatiated
ip unnumbered vlan100
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname username@isp.com
ppp chap password 0 password
ppp pap sent-username username@isp.com password 0 "password"
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
and then assign 50-54 IP addresses to the devices connected to HWIC-4ESW...
interface GigabitEthernet0/0
description $ETH-WAN$
no ip address
duplex full
speed auto
pppoe enable group global1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.16.1 255.255.255.0
ip mtu 1452
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Vlan1
no ip address
!
interface Dialer0
ip address XXX.XXX.XXX.XXX 255.255.255.248
ip access-group 103 in
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname username@isp.com
ppp chap password 0 password
ppp pap sent-username username@isp.com password 0 "password"
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
IP address range is from 49 to 54
so I need to modify this as:
interface GigabitEthernet0/0
description $ETH-WAN$
no ip address
duplex full
speed auto
pppoe enable group global1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.16.1 255.255.255.0
ip mtu 1452
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex full
speed 100
no mop enabled
interface vlan100
ip address x.x.x.49 y.y.y.y
!
interface FastEthernet0/3/0
switchport access vlan 100
!
interface FastEthernet0/3/1
switchport access vlan 100
!
interface FastEthernet0/3/2
switchport access vlan 100
!
interface FastEthernet0/3/3
switchport access vlan 100
!
interface Vlan1
no ip address
!
interface Dialer0
no ip address negoatiated
ip unnumbered vlan100
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname username@isp.com
ppp chap password 0 password
ppp pap sent-username username@isp.com password 0 "password"
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
and then assign 50-54 IP addresses to the devices connected to HWIC-4ESW...
Yep that should work, if not we need to go down the bridging method.
I presume you're on site with the device in question in case of any issues?
I presume you're on site with the device in question in case of any issues?
ASKER
I set it up today, and it looks ok.
Thanks again...
Thanks again...
No worries, glad it worked.
Configure a VLAN interface, even if it is VLAN 1, as the switching HWIC doesn't supported routed interfaces.
Configure your IP address space on the VLAN 1 interface.
Configure ip unnumbered vlan1 on the dialer interface.
Fail that, we can try bridging but don't expect that to work along with PPPoE on the router itself.