Networks

Question

Gravatar
Locked

Cisco 881 config help

By phtechinc ·
I am trying to configure a Cisco 881 router to have multiple vlans and share the internet connection.

I'm a noob with this stuff and i'm stuck.
this is what i have so far.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
no aaa new-model
!
!
ip source-route
ip dhcp excluded-address 192.168.9.1
ip dhcp excluded-address 192.168.10.1 192.168.10.99
ip dhcp excluded-address 192.168.10.201 192.168.10.254
ip dhcp excluded-address 192.168.11.1 192.168.11.99
ip dhcp excluded-address 192.168.11.201 192.168.11.254
ip dhcp excluded-address 192.168.12.1 192.168.12.99
ip dhcp excluded-address 192.168.12.201 192.168.12.254
!
ip dhcp pool vlan2
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.9.1
!
ip dhcp pool vlan3
import all
network 192.168.11.0 255.255.255.0
default-router 192.168.9.1
!
ip dhcp pool vlan4
import all
network 192.168.12.0 255.255.255.0
default-router 192.168.9.1
!
!
ip cef
!
!
!
!
username name privilege 15 secret 5 $1$P4qP$h1hBpRrCmd2ZfOk/g9/yX0
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
description Blank LAN
!
interface FastEthernet1
description Lawson LAN
switchport access vlan 2
!
interface FastEthernet2
description Ivey LAN
switchport access vlan 3
!
interface FastEthernet3
description Katz LAN
switchport access vlan 4
!
interface FastEthernet4
description WAN
ip address 192.168.9.1 255.255.255.0
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
ip address 192.168.11.1 255.255.255.0
!
interface Vlan4
ip address 192.168.12.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
banner login ^CThis is a secure system. Authorized Personnel Only!^C
!
line con 0
password console
logging synchronous
login
no modem enable
line aux 0
password backdoor
login
line vty 0 4
password telnet
login
!
scheduler max-task-time 5000
end

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

RE: Cisco 881 config help

by tecmjl1981 In reply to Cisco 881 config help

You have a good configuration down so far, but you are missing a few things.

1) The default gateways on your DHCP scope should be the IP Addresses of the VLAN they belong to, so below is how it should be configured
ip dhcp pool vlan2
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
ip dhcp pool vlan3
import all
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
!
ip dhcp pool vlan4
import all
network 192.168.12.0 255.255.255.0
default-router 192.168.12.1

Now you also need a nat rule, here is what I suggest

First - Create the ACL's
Access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.12.0 0.0.0.255

Second - Apply the ACLs to the NAT rule
ip nat inside source list 1 FastEthernet4 overload

Third - Tell the router which interfaces are
IP NAT INSIDE (all VLANS)
and
IP NAT OUTSIDE (FastEthernet4)

Finally, you need a route to the outside (gateway of last resort)
that would be (depending on if your outside IP is given out via DHCP)
ip route 0.0.0.0 0.0.0.0 FastEthernet4
OR
ip route 0.0.0.0 0.0.0.0 DHCP

If you have any further questions feel free to message me!

Thanks,
MIke

gravatar
Collapse -

Cisco 881 config help

by phtechinc In reply to RE: Cisco 881 config help

Thank you for you insight.
I've add the configurations you have suggested. I am getting "% Incomplete command." on the third step about adding IP NAT INSIDE (all Vlans) and IP NAT OUTSIDE (fastethernet4).
Could you explain. I've tried the ? approach to figure it out myself, but I'm stuck again.
Thanks

gravatar
Collapse -

Cisco 881 config help

by phtechinc In reply to RE: Cisco 881 config help

@ tecmj198
Never mind. I got the configurations to work through step 3. I'm not sure about the 4th.
The fa04(wan) connects to the cable modem. I'm assuming its dhcp, but how can i be sure.
Can i use both configurations to get it to work.
Thanks

gravatar
Collapse -

RE: Cisco 881 config help

by tecmjl1981 In reply to Cisco 881 config help

I use my 881W through my cable modem. You have to tell int Fa4 that he is getting an address through DHCP. THat command under Fa0/4 is
ip address DHCP
Then you can use either IP route statement. I used the following;
ip route 0.0.0.0 0.0.0.0 DHCP

Also, one mistake that I made, make sure in global config you type IP DOMAIN LOOKUP (i forget if there is a - between domain and lookup, but IP D? will help you out.

Let me konw how it works out!

gravatar
Collapse -

forgot something

by tecmjl1981 In reply to RE: Cisco 881 config help

You might want to start Cisco Configuration Professional and see about setting up a firewall as well. The GUI will walk you through everything you need.

and I would change your VTY and CON passwords, as we all saw them :)

gravatar
Collapse -

Cisco Configuration Professional

by phtechinc In reply to forgot something

Thank you again for the assist.
I will try to get that config running right now.

As for Cisco Configuration Professional, I?ve tried it numerous times, never could get it to discover the device. Maybe I was missing something like the correct ip/hostname.. or username & passwords.

gravatar
Collapse -

RE: Cisco Configuration Professional

by tecmjl1981 In reply to Cisco Configuration Profe ...

You are most welcome!

all you are missing is the following lines you need to add in global config

IP HTTP SERVER
IP HTTP AUTHENTICATION LOCAL

The first command tells it to beable accept HTTP messages and the second, tells the authentication to go to the local database (which you have a user created already).

Incase you dont know, the user(s) who will be accessing CCP or SDM need to have a priv level of 15, which your user account has, if it needed it this is the command you put into global config

username <name> priv 15 secret <password>

If you need any further help please dont hesitate to ask.

gravatar
Collapse -

Cisco 881 config help

by phtechinc In reply to RE: Cisco 881 config help

Everything is working; vlans are giving out address, internet access. Thanks tecmjl

one thing i may have forgot to explain in detail is that i was hoping to keep the networks (vlans, IPs) separate from each other.

i'm assuming this can be done with access list. I'm just not understanding how its done. At the moment, pings are getting through to each network.

Any help would be appreciative.

gravatar
Collapse -

RE: Cisco 881 config help

by tecmjl1981 In reply to Cisco 881 config help

Yes you can do it with ACLs. If you understand how ACLs work, then blocking access shouldnt be a problem. You can do it by network or by host.

If you want help, let me know what you are looking to do and I will help you out.

Mike

gravatar
Collapse -

ACL list help

by phtechinc In reply to RE: Cisco 881 config help

I would like to limit access from each network (or vlans). so vlan1 should not be able to access vlan 2 and vlan 3... by access i mean ping... or i may not be understanding how this all works.
an so on, vlan 2 should not have access to vlan 1 or vlan 3. and vlan 3 should not have access to vlan 1 or vlan 2.

example would be to keep each network visible to only that network ip .10 or .11 or .12

i've tried creating access-lists to permit then deny others, but didn't work. I even upgraded access-list to 101 but still didn't work. And now also, i can't get out to the internet..

Thanks so much for your input.

Back to Networks Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Start or search

Related Discussions

Related Forums