831 Vlan IOS software

Unanswered Question
Mar 1st, 2007

Hi,

We have several Cisco 831 routers, most of which are using the IOS version 12.2(13)ZH4. I am given the task of finding the right software for 831 that will be able to do atleast the first 2 of the following if not all 3 feature sets.

1. Firewall N2H2 support

2. Virtual LAN's

3. DMZ zone

I am not quite sure what feature does VLAN fall under and so I have not been able to find anything so far.

Anyone has any suggestions as to what software will work with the top 2 listed features?

Also I am novice when it comes to configuring the routers and would like all the help in configuring the Vlan part of my task.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
mskhalsa Thu, 03/01/2007 - 09:46

Ok, So here is another question.

I have several 831's that we cannot replace unless they die, due to budget constraints. What we are doing in the meantime is to add a wireless router to the equation. The bottom line we want to achieve is to keep the two networks totally seperate. Wireless router has a WAN IP set up as 10.10.10.x and the LAN for wireless users is 192.168.0.x

As of right now, wireless users can browse my 10.x network and access the shares, which we want to avoid using VLAN's. Is there any other way we can achieve this solution?

Thanks

ahmednaas Thu, 03/01/2007 - 09:57

I am confused about your setup. Are all your 10.10.10.x devices connected directly to the router or are you using a switch?

If you are using a switch, does it support VLANS and 802.1q trunking.

mskhalsa Thu, 03/01/2007 - 10:15

Yes all the 10.10.10.x devices are connected directly to the router (usually 1-3 PC's and 1 Wireless router). There are a couple exception to this where we have more than 4 devices and we use a small 5-10 port switch to overcome the issue.

Amit Singh Thu, 03/01/2007 - 10:14

You can use ACLS' to block the access from one segment to another.

-amit singh

mskhalsa Thu, 03/01/2007 - 12:15

I am not sure how I can block using ACLS' so I am posting parts of the configuration that we have currently on the routers.

E1 - Static Public IP address

E0 - LAN IP - 10.10.10.x range

Access list associated with E0

access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq 22

access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq 443

access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq cmd

access-list 100 deny tcp any host 10.10.10.1 eq telnet

access-list 100 deny tcp any host 10.10.10.1 eq 22

access-list 100 deny tcp any host 10.10.10.1 eq www

access-list 100 deny tcp any host 10.10.10.1 eq 443

access-list 100 deny tcp any host 10.10.10.1 eq cmd

access-list 100 deny udp any host 10.10.10.1 eq snmp

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0

For the sake of this example if my wireless router has ip address 10.10.10.5 should I add this to the access list to make this work? Would doing this stop it from going out on the internet? (Internet --- [static IP] Cisco 831 [IPs 10.10.10.x range] --- [10.10.10.5 IP] Wireless Router [192.168.0.x range] --- Wireless Clients)

All internet traffic goes out through the cisco 831.

access-list 100 deny tcp 10.10.10.5 10.10.10.0 0.0.0.7 eq any

Thanks again!

Amit Singh Thu, 03/01/2007 - 09:39

I am in doubt if 831 routers support vlans. AFAIK 850/870 series support Vlans. Please see the datasheet for the features supported on 830 series routers.Please see the IOS feature set required to support the other 2 features in the link below.

http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet09186a008010e5c5.html

I've searched under "Network Scenarios, Basic router Configuration, and Advance Router configuration" and I don't see anywhere in the docs that you can configure 2 logical networks behind the router. Only networks is 1 Lan and 1 WAN, but nothing relating to 2 logical Lan. so no support for multiple vlans on the 831 router.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/826/swg/index

.htm

HTH,Please rate if it does.

-amit singh

Actions

This Discussion