Solved

5 public IPs on HWIC-4ESW behind Cisco 2821

Posted on 2013-12-18
13
540 Views
Last Modified: 2013-12-20
Hi,
I am trying to setup cisco 2821 with HWIC-4ESW to use public IPs on the HWIC-4ESW

I am authenticating on gi0/0 using pppoe with one IP, and would like to use the resto of public address from HWIC-4ESW to connect other routers and firewalls.

Need help with setting this up.

Regards,

Oljeg
0
Comment
Question by:pajkico
  • 7
  • 6
13 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 39730418
Something like this should work:

Configure a VLAN interface, even if it is VLAN 1, as the switching HWIC doesn't supported routed interfaces.
Configure your IP address space on the VLAN 1 interface.
Configure ip unnumbered vlan1 on the dialer interface.

Fail that, we can try bridging but don't expect that to work along with PPPoE on the router itself.
0
 

Author Comment

by:pajkico
ID: 39730493
thanks, I was looking at "bridging" option, but I didn't like it. Do you think that this is doable with a DMZ port, and then connecting a switch to it, and pulling other IPs from it?
0
 
LVL 13

Expert Comment

by:Quori
ID: 39730516
You'll still need to use the SVI and that will become your public edge VLAN.
0
 

Author Comment

by:pajkico
ID: 39730610
ok, but couldn't I do this on the ordinary wired router, I can authenticate pppoe on the wan port connection, and then use one lan port az DMZ port, assing one of the IPs to it, and route all the IPs through that port ?
0
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 39730633
You cannot have multiple ports with the same IP address range on a router without using IP unnumbered (as I have).

It sounds like you're assigned a /29 or similar for your PE-CE range and want to use the rest of those addresses for "DMZ" servers, where only 2 are being used for PE-CE connectivity.
The only way to do this is to make them coexist on the same layer 2 domain.

In short, no you cannot. You're not "routing" the rest of the range out another port, it just needs to be shared.
Either by bridging or using the method I've provided.

The only way you're going to do this via routing is getting a range you can subnet off and then using that.
0
 

Author Closing Comment

by:pajkico
ID: 39730658
you are right, I need to provide two static public IPs to a vendor for his router and asa firewall, and use one for our WAN connection. I was hoping to utilize hwic-4esw for this, and I have tried a few other options. I'll try what you suggested. Do you know of any examples?

Thanks
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 13

Expert Comment

by:Quori
ID: 39730714
interface di0
no ip address negoatiated
ip unnumbered vlan100

interface vlan100
ip address x.x.x.x y.y.y.y

interface fax/x/x
switchport access vlan 100

Then just hand fax/x/x off to a switch or to the vendors router. This has worked for me in the past, otherwise you can use bridging.
0
 

Author Comment

by:pajkico
ID: 39730834
Thanks, I'll try to set this up tomorrow morning. So on my Cisco 2821, eth0/0 is setup for pppoe authentication with one static public IP, eth0/1 is my LAN, and HWIC-4ESW is the 4-port switch card where I need to port 2 additional static public IPs for vendor routers...
0
 
LVL 13

Expert Comment

by:Quori
ID: 39731116
Port 0 shouldn't have an IP address configured at all, it would have PPPoE client enabled on it, to a dialer interface. The dialer interface would have the current IP address which needs to be removed (as per the config I provided) and changed over to use the address of the VLAN interface.

I don't think you're quite understanding that you can't and won't have multiple IP addresses from the same range configured on the same router (in this situation).
0
 

Author Comment

by:pajkico
ID: 39731184
this is my current configuration on the Cisco 2821 router:

interface GigabitEthernet0/0
 description $ETH-WAN$
 no ip address
 duplex full
 speed auto
 pppoe enable group global1
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 ip address 192.168.16.1 255.255.255.0
 ip mtu 1452
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 duplex full
 speed 100
 no mop enabled
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Vlan1
 no ip address
!
interface Dialer0
 ip address XXX.XXX.XXX.XXX 255.255.255.248
 ip access-group 103 in
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp chap hostname username@isp.com
 ppp chap password 0 password
 ppp pap sent-username username@isp.com password 0 "password"
 crypto map SDM_CMAP_1
 crypto ipsec df-bit clear

IP address range is from 49 to 54

so I need to modify this as:

interface GigabitEthernet0/0
 description $ETH-WAN$
 no ip address
 duplex full
 speed auto
 pppoe enable group global1
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 ip address 192.168.16.1 255.255.255.0
 ip mtu 1452
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 duplex full
 speed 100
 no mop enabled

interface vlan100
ip address x.x.x.49 y.y.y.y
!
interface FastEthernet0/3/0
switchport access vlan 100
!
interface FastEthernet0/3/1
switchport access vlan 100
!
interface FastEthernet0/3/2
switchport access vlan 100
!
interface FastEthernet0/3/3
switchport access vlan 100
!
interface Vlan1
 no ip address
!
interface Dialer0
 no ip address negoatiated
 ip unnumbered vlan100
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp chap hostname username@isp.com
 ppp chap password 0 password
 ppp pap sent-username username@isp.com password 0 "password"
 crypto map SDM_CMAP_1
 crypto ipsec df-bit clear

and then assign 50-54 IP addresses to the devices connected to HWIC-4ESW...
0
 
LVL 13

Expert Comment

by:Quori
ID: 39732603
Yep that should work, if not we need to go down the bridging method.
I presume you're on site with the device in question in case of any issues?
0
 

Author Comment

by:pajkico
ID: 39733184
I set it up today, and it looks ok.

Thanks again...
0
 
LVL 13

Expert Comment

by:Quori
ID: 39733255
No worries, glad it worked.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now