Solved

5 public IPs on HWIC-4ESW behind Cisco 2821

Posted on 2013-12-18
13
567 Views
Last Modified: 2013-12-20
Hi,
I am trying to setup cisco 2821 with HWIC-4ESW to use public IPs on the HWIC-4ESW

I am authenticating on gi0/0 using pppoe with one IP, and would like to use the resto of public address from HWIC-4ESW to connect other routers and firewalls.

Need help with setting this up.

Regards,

Oljeg
0
Comment
Question by:pajkico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 39730418
Something like this should work:

Configure a VLAN interface, even if it is VLAN 1, as the switching HWIC doesn't supported routed interfaces.
Configure your IP address space on the VLAN 1 interface.
Configure ip unnumbered vlan1 on the dialer interface.

Fail that, we can try bridging but don't expect that to work along with PPPoE on the router itself.
0
 

Author Comment

by:pajkico
ID: 39730493
thanks, I was looking at "bridging" option, but I didn't like it. Do you think that this is doable with a DMZ port, and then connecting a switch to it, and pulling other IPs from it?
0
 
LVL 13

Expert Comment

by:Quori
ID: 39730516
You'll still need to use the SVI and that will become your public edge VLAN.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 

Author Comment

by:pajkico
ID: 39730610
ok, but couldn't I do this on the ordinary wired router, I can authenticate pppoe on the wan port connection, and then use one lan port az DMZ port, assing one of the IPs to it, and route all the IPs through that port ?
0
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 39730633
You cannot have multiple ports with the same IP address range on a router without using IP unnumbered (as I have).

It sounds like you're assigned a /29 or similar for your PE-CE range and want to use the rest of those addresses for "DMZ" servers, where only 2 are being used for PE-CE connectivity.
The only way to do this is to make them coexist on the same layer 2 domain.

In short, no you cannot. You're not "routing" the rest of the range out another port, it just needs to be shared.
Either by bridging or using the method I've provided.

The only way you're going to do this via routing is getting a range you can subnet off and then using that.
0
 

Author Closing Comment

by:pajkico
ID: 39730658
you are right, I need to provide two static public IPs to a vendor for his router and asa firewall, and use one for our WAN connection. I was hoping to utilize hwic-4esw for this, and I have tried a few other options. I'll try what you suggested. Do you know of any examples?

Thanks
0
 
LVL 13

Expert Comment

by:Quori
ID: 39730714
interface di0
no ip address negoatiated
ip unnumbered vlan100

interface vlan100
ip address x.x.x.x y.y.y.y

interface fax/x/x
switchport access vlan 100

Then just hand fax/x/x off to a switch or to the vendors router. This has worked for me in the past, otherwise you can use bridging.
0
 

Author Comment

by:pajkico
ID: 39730834
Thanks, I'll try to set this up tomorrow morning. So on my Cisco 2821, eth0/0 is setup for pppoe authentication with one static public IP, eth0/1 is my LAN, and HWIC-4ESW is the 4-port switch card where I need to port 2 additional static public IPs for vendor routers...
0
 
LVL 13

Expert Comment

by:Quori
ID: 39731116
Port 0 shouldn't have an IP address configured at all, it would have PPPoE client enabled on it, to a dialer interface. The dialer interface would have the current IP address which needs to be removed (as per the config I provided) and changed over to use the address of the VLAN interface.

I don't think you're quite understanding that you can't and won't have multiple IP addresses from the same range configured on the same router (in this situation).
0
 

Author Comment

by:pajkico
ID: 39731184
this is my current configuration on the Cisco 2821 router:

interface GigabitEthernet0/0
 description $ETH-WAN$
 no ip address
 duplex full
 speed auto
 pppoe enable group global1
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 ip address 192.168.16.1 255.255.255.0
 ip mtu 1452
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 duplex full
 speed 100
 no mop enabled
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Vlan1
 no ip address
!
interface Dialer0
 ip address XXX.XXX.XXX.XXX 255.255.255.248
 ip access-group 103 in
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp chap hostname username@isp.com
 ppp chap password 0 password
 ppp pap sent-username username@isp.com password 0 "password"
 crypto map SDM_CMAP_1
 crypto ipsec df-bit clear

IP address range is from 49 to 54

so I need to modify this as:

interface GigabitEthernet0/0
 description $ETH-WAN$
 no ip address
 duplex full
 speed auto
 pppoe enable group global1
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 ip address 192.168.16.1 255.255.255.0
 ip mtu 1452
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 duplex full
 speed 100
 no mop enabled

interface vlan100
ip address x.x.x.49 y.y.y.y
!
interface FastEthernet0/3/0
switchport access vlan 100
!
interface FastEthernet0/3/1
switchport access vlan 100
!
interface FastEthernet0/3/2
switchport access vlan 100
!
interface FastEthernet0/3/3
switchport access vlan 100
!
interface Vlan1
 no ip address
!
interface Dialer0
 no ip address negoatiated
 ip unnumbered vlan100
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp chap hostname username@isp.com
 ppp chap password 0 password
 ppp pap sent-username username@isp.com password 0 "password"
 crypto map SDM_CMAP_1
 crypto ipsec df-bit clear

and then assign 50-54 IP addresses to the devices connected to HWIC-4ESW...
0
 
LVL 13

Expert Comment

by:Quori
ID: 39732603
Yep that should work, if not we need to go down the bridging method.
I presume you're on site with the device in question in case of any issues?
0
 

Author Comment

by:pajkico
ID: 39733184
I set it up today, and it looks ok.

Thanks again...
0
 
LVL 13

Expert Comment

by:Quori
ID: 39733255
No worries, glad it worked.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question