03-01-2007 09:19 AM - edited 03-05-2019 02:39 PM
Hi,
We have several Cisco 831 routers, most of which are using the IOS version 12.2(13)ZH4. I am given the task of finding the right software for 831 that will be able to do atleast the first 2 of the following if not all 3 feature sets.
1. Firewall N2H2 support
2. Virtual LAN's
3. DMZ zone
I am not quite sure what feature does VLAN fall under and so I have not been able to find anything so far.
Anyone has any suggestions as to what software will work with the top 2 listed features?
Also I am novice when it comes to configuring the routers and would like all the help in configuring the Vlan part of my task.
Thanks
03-01-2007 09:32 AM
I don't think you can get VLAN support on the 83x series. You need the 87x series for that.
http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet09186a008010e5c5.html
You can use the feature navigator:
to choose the right feature set.
03-01-2007 09:46 AM
Ok, So here is another question.
I have several 831's that we cannot replace unless they die, due to budget constraints. What we are doing in the meantime is to add a wireless router to the equation. The bottom line we want to achieve is to keep the two networks totally seperate. Wireless router has a WAN IP set up as 10.10.10.x and the LAN for wireless users is 192.168.0.x
As of right now, wireless users can browse my 10.x network and access the shares, which we want to avoid using VLAN's. Is there any other way we can achieve this solution?
Thanks
03-01-2007 09:57 AM
I am confused about your setup. Are all your 10.10.10.x devices connected directly to the router or are you using a switch?
If you are using a switch, does it support VLANS and 802.1q trunking.
03-01-2007 10:15 AM
Yes all the 10.10.10.x devices are connected directly to the router (usually 1-3 PC's and 1 Wireless router). There are a couple exception to this where we have more than 4 devices and we use a small 5-10 port switch to overcome the issue.
03-01-2007 10:14 AM
You can use ACLS' to block the access from one segment to another.
-amit singh
03-01-2007 12:15 PM
I am not sure how I can block using ACLS' so I am posting parts of the configuration that we have currently on the routers.
E1 - Static Public IP address
E0 - LAN IP - 10.10.10.x range
Access list associated with E0
access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq cmd
access-list 100 deny tcp any host 10.10.10.1 eq telnet
access-list 100 deny tcp any host 10.10.10.1 eq 22
access-list 100 deny tcp any host 10.10.10.1 eq www
access-list 100 deny tcp any host 10.10.10.1 eq 443
access-list 100 deny tcp any host 10.10.10.1 eq cmd
access-list 100 deny udp any host 10.10.10.1 eq snmp
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0
For the sake of this example if my wireless router has ip address 10.10.10.5 should I add this to the access list to make this work? Would doing this stop it from going out on the internet? (Internet --- [static IP] Cisco 831 [IPs 10.10.10.x range] --- [10.10.10.5 IP] Wireless Router [192.168.0.x range] --- Wireless Clients)
All internet traffic goes out through the cisco 831.
access-list 100 deny tcp 10.10.10.5 10.10.10.0 0.0.0.7 eq any
Thanks again!
03-01-2007 09:39 AM
I am in doubt if 831 routers support vlans. AFAIK 850/870 series support Vlans. Please see the datasheet for the features supported on 830 series routers.Please see the IOS feature set required to support the other 2 features in the link below.
http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet09186a008010e5c5.html
I've searched under "Network Scenarios, Basic router Configuration, and Advance Router configuration" and I don't see anywhere in the docs that you can configure 2 logical networks behind the router. Only networks is 1 Lan and 1 WAN, but nothing relating to 2 logical Lan. so no support for multiple vlans on the 831 router.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/826/swg/index
.htm
HTH,Please rate if it does.
-amit singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide