cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
40
Helpful
13
Replies

Naive question about router

insert7992
Level 1
Level 1

Hi, all,

First, I'm definitely a beginer in network field, I don't know much about routers.

Recently, I got a CISCO2610XM router. I tried to use it to set up a LAN and connect the LAN to the network.

However, I found the router only have one FastEthernet0/0 port, and other two ports are console and aux (which I think are used to configure the router, am I right?).

Do I need extra network module (card) to connect to the LAN? And what card should I choose?

The figure I planed for my LAN is:

Network

|

|

ROUTER 2610XM

|

|

A Linux box (Squid, as a cache engine)

|

|

A Switch (NetGear GS105 Gigabit Switch)

|

|

several computers

Thanks in advance.

Joe

1 Accepted Solution

Accepted Solutions

Joe, didn't mean to confused you, don't want to get into different T-carrier systems provisioning like ADSL, DS0, ISDN etc.. as they use differet WAN protocols, but as lond you know the curcuit is ISDN PRI you should be fine connecting your WAN and move forward with your implementation. To find out you would probably contact your manager or whomever the contact person is in the organization they should have this info from the carrier provider or contact directly the carrier provider and they will have that information . Another way to find out would be to configure the router WIC card interface and stablish connnectivity to the other end of the circuit where your router will stablish connectivity to another router's WAN interface.

The IOS on router is just right for what you need and more later down the road.

Rgds

Jorge

Jorge Rodriguez

View solution in original post

13 Replies 13

JORGE RODRIGUEZ
Level 10
Level 10

Joe, you are correct, you only have one builtin FE port, the other ports is for console local connection

for admin and AUX port for various purposes such as plugin modem for dialin for admin as well.

you could get above cards listed in the link bellow but not required, if you wanted to create several subnets off the FE interface you could do it with atleast 12.4X,T IP BASE IOS image that supports 802.1q trunking, create a trunk link between the router and your switch , as long the netgear

can support 802.1q you can pass these networks created in the router down to your switch, if Netgear can support vlans create the vlans on netgear switch and map each physical port on right vlan .

http://www.cisco.com/en/US/products/hw/routers/ps259/products_data_sheet09186a00801aca3e.html

For example, say you create 4 networks on router.

on the router :

interface FastEthernet0/0

Description CONNECTION TO Layer2 SWITCH

no ip address

no ip proxy-arp

duplex full

speed 100

interface FastEthernet0/0.2

Description VLAN2

encapsulation dot1Q 2 ( for vlan 2 on switch )

ip address 192.168.1.1 255.255.255.0

interface FastEthernet0/0.3

Description VLAN3

encapsulation dot1Q 3 ( for vlan 3 on switch )

ip address 192.168.2.1 255.255.255.0

interface FastEthernet0/0.4

Description VLAN4

encapsulation dot1Q 3 ( for vlan 4 on switch )

ip address 192.168.3.1 255.255.255.0

interface FastEthernet0/0.5

Description VLAN5

encapsulation dot1Q 3 ( for vlan 5 on switch )

ip address 192.168.4.1 255.255.255.0

HTH

Jorge

Jorge Rodriguez

glen.grant
VIP Alumni
VIP Alumni

Well if you had a manageable switch that you could create vlans on then could get away with a single interface otherwise you will need an extra FE interface . A simple 2950 would do this , if you wanted to break it out . not sure what the extra FE will cost.

the problem is 2610XM can only support

these three types for ethernet/fastethernet services for slot0 based on advisory tools.

NM-16ESW=(1 16 port 10/100 ethernet switch ) L2 ports

NM-1E=(1-port ethrnet net module) Not FE

NM-4E=(4-port ethernet net module) Not FE

[edit] perhaps a 1FE-TX module may work but not listed in advisory.

Jorge Rodriguez

May have to find a manageable switch you can create vlans on and then trunk from your router to that switch and make your network connections from there .

I agree with you Glen, a 2950 would probably be the best choice for a manageable switch in this scenario and work with single FE from 2610xm.

Jorge Rodriguez

Thanks to both of you. I really appreciate your great help.

One more questions please:

As I understand, there are two ways to solve this problem:

Way(1): buy a NM-16ESW network module

Way(2): buy a CISCO 2950 switch

I wonder what would my diagram look like if I choose each of those two ways. Since I need the Squid linux box to be in my network(which is the most important part of my experiment), where should I put the linux box?

Originally, I planed as Internet--Router--Squid--Switch--Computers. Then for the first way, I have no idea about the ESW network Module, how should I connect them up?

For the second way, I think original diagram won't work any more because the router only have one FE port, how should I revise the diagram?

Thanks again.

Joe

I did not realized you had in mind ISP , this changes things, but lets assume you'll have a static IP for ISP_INternet connection , I'll see if can get a chance to lab this out ,this is a quick setup but you still need to configure some security ACLs.

On 2610XM router:

ip routing

interface FastEthernet0/0

Description CONNECTION TO 2950_SW_PORT_24

no ip address

no ip proxy-arp

duplex full

speed 100

no shut

interface FastEthernet0/0.2

Description VLAN2

encapsulation dot1Q 2 ( for vlan 2 on switch )

ip address ISP_STATIC_IP

ip nat outside

interface FastEthernet0/0.3

Description VLAN3

encapsulation dot1Q 3 ( for vlan 3 on switch )

ip address 192.168.2.1 255.255.255.0

ip nat inside

interface FastEthernet0/0.4

Description VLAN4

encapsulation dot1Q 4 ( for vlan 4 on switch )

ip address 192.168.3.1 255.255.255.0

ip nat inside

interface FastEthernet0/0.5

Description VLAN5

encapsulation dot1Q 5 ( for vlan 5 on switch )

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip nat pool mypool interface fastethernet0/0.2

ip nat inside source list 100 mypool overload

access-list 100 permit ip 192.168.2.0 0.0.0.255

access-list 100 permit ip 192.168.3.0 0.0.0.255

access-list 100 prtmit ip 192.168.4.0 0.0.0.255

access-list 100 permit ip 192.168.5.0 0.0.0.255

ip route 0.0.0.0 0.0.0.0 ISP_router_interface_IP_address

on the switch config something like this:

vlan database

vtp domain test_net

vtp mode transparent

vlan 2 name outside_ISP_Internet

vlan 3 name 192.168.2.0_subnet

vlan 4 name 192.168.3.0_subnet

vlan 5 name 192.168.4.0_subnet

vlan 6 name 192.168.5.0_subnet

exit

interface fe0/1

description connection_ISP_Router

switchport access vlan 2

speed 100

duplex full

no cdp enable

no shutdown

interface fe0/2

description connection_PC1

switchport access vlan 3

speed 100

duplex full

no shut

interface fe0/3

description connection_PC2

switchport access vlan 4

speed 100

duplex full

no shut

etc..

interface fastethernet0/24

Description Trunk to 2610XM_FE_PORT

switchport mode trunk

Physical would look something like this.

INternet-ISP-router 2610XM

\ /

\ /

2950SW

|

|

PCs

[Edit]

For the Squid server say you have a spare public IP of 2.2.2.2 and Squid local IP is 192.168.2.254 you can create a static NAT on 2610XM router as:

ip nat inside source static 192.168.2.254 2.2.2.2

in addition to access list to allow inbound access through public IP.

Jorge Rodriguez

jorgemcse,

Thanks for your warm-hearted help. Your solution sounds great to me. I will definitely try it out if my boss decided to buy 2950SW.(I need to report all possible solutions to him and wait for his decision)

At this point, I'm still considering using less money to build up the connection.

Is it possible I can add a WIC card to the router so that I can keep the original diagram? The card I found is:

WIC-1B-U WAN Interface Card

Found at:

http://www.cisco.com/en/US/products/hw/modules/ps3129/prod_eol_notice09186a008032d4b1.html

This card is said to work with 2610xm and seems to be cheaper than a switch, but I'm definitely not sure if it's suitable in my situation?

Would this work as:

Internet --> WIC card on router -->router -->FastEthernet0/0 port -->Squid -->Netgear Switch -->PCs

Would you please give me more advise on this?

Thanks a lot.

BTW, if this is feasible, do you have any idea about the differences between WIC-1B-U and WIC-1B-U-V2? I didn't see any on the website:

http://www.cisco.com/en/US/products/hw/modules/ps3129/products_tech_note09186a00800ab515.shtml

Joe

Hi Joe, I haven't played with ISDN for quite some time, the V2 is the newer version for the WIC-1B-U, which probably means you may not use a Non-V2 on newer routers as I have seen in some threads perhaps someone can add to this, but the Non V2 should function as the V2 one, however, it is best to go with newer cards if you ever decide to upgrade 2610XM with newer router. Also looking at your layout have you thought of implementing some kind of firewall to better control your inbound outbound access, look into ASA5505..sometimes is best to spend the extran and do it right and have better management.. perhaps someone may differently add to this thread as there are many ways of doing it.

the WAN WIC interface on router will become your nat outside interface as suppost to previuos examples.

Internet --> WIC-2610XM-FE0/0 port->2950SW-->Internal_Net-Squid

With FW ASA5505 has 8 ports integrated switch - plus a great GUI interface to ease management. probably you are looking

at $450.00 plus another $700 for security plus license..

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Internet--> WIC-2610XM-FE0/0-->_FW-ASA5505->-NetgearInternal_Net-Squid_services

Rgds

Jorge

Jorge Rodriguez

Hi, Jorge,

Thanks for your reply, I found all of your replies to be useful for now and for the future.

I need to make sure our design does work, because I want to buy the necessary(or correct) parts as soon as possible.

Here are some questions I'm not sure:

(1).when I mentioned Internet, I refered to follwing things: I work in an organization which has it's own VPN, IP address is class B. The network access spot I have is the wall jack which using RJ-45 cables. Would you please give me a confirmation that the WIC is suitable for this situation.

(2).my budget is hundreds level. Here are the best price I can get(all used or refurbished):

NM-16ESW $725

Switch 2950 with 24 port: $350

WIC-1B-U-V2: $295

WIC-1B-U: $25

Since I'm only in experimental stage, I prefer the combination of WIC-1B-U and Switch 2950. Do you see any problem with this choice? In addition, the cost for my 2610xm is about $250, it would make no sense to my boss if I choose NM-16ESW and other equipments with about $1000 or plus.

(3).I'm not sure about Firewall-ASA5505. Thanks for your consideration, but it seems to be out of my budget and my main purpose.

Appreicate your help.

Joe

Joe, when you say " Organization has its own VPN " what does this means exactly? there are several question to be raised , this is important to know because depending on this information the proper recomendation could be given.

No1. There are companies where they do not lease lines as point to point connections between their branche offices and HQ s but thather through a service provider which gives them a VPN point port whereby provides a connection point through their VPN Cloud and to their private network HQ.Is this your scenario where your location will become a branch sort of speak and be part of the organization's private network and use their internet access through their ISP? If this is so then the whole implementation changes, I could gues this is your scenario because you are not considering firewalling infrastructure because your small LAN will techically be inside the organization's security perimeter.

Or

No2. Will you be leasing PRI in order to Client VPN session to the organization's network or vise versa? and will you have an ISP provider giving static WAN IP public addresses.. if this is another scenario you need to reconsider beter design, security and management.

You need to make sure that ISDN cuircuit terminating in your RJ-45-JACK is indeed provisioned as ISDN and if so your 2610XM router will work and support the WIC-1B-U card for your WAN connection.In your experimental stage if considering creating subinterfaces using 802.1q you will need at lease IP Base image version 12.3 General

deplyment or higher to support trunking. IOS versions 12.3 GD or 12.4 LD will required the router to have 64 MB DRAM and 16 MB Flash, if experimenting with just a single flat logical network you should be ok with just any 12.x IOS IP BASE image and one FE interface for your inside LAN connecting to your netgear hub, and inside system connecting to netgear.

IOS image support for WIC-1B-U

http://www.cisco.com/en/US/products/hw/modules/ps3129/products_tech_note09186a00800ab515.shtml

Rgds

Jorge

Jorge Rodriguez

Jorge,

Thanks for your highly detailed help.

(1).You are right, I believe NO1 applies to my situation. I do not have to consider the security problem. Actually, my small LAN will connect to the building's network through a wall jack(assumming it has a static IP address); and for the experiment purpose, I do not need to warry about the security.

(2).Here is the hardware and software description of my 2610XM:

Cisco IOS Software, C2600 Software (C2600-IPBASEK9-M), Version 12.4(11)T3, RELEASE

System image file is "flash:c2600-ipbasek9-mz.124-11.T3.bin"

Cisco 2610XM (MPC860P) processor (revision 1.0) with 127627K/3445K bytes of memory

1 FastEthernet interface

32K bytes of NVRAM.

32768K bytes of processor board System flash (Read/Write)

(3).I'm not sure about this:

"You need to make sure that ISDN cuircuit terminating in your RJ-45-JACK is indeed provisioned as ISDN... "

How do I find this out? I can plug in the jack for any computer with a network card and get internet access through it, does this prove anything?

Thanks.

Joe

Joe, didn't mean to confused you, don't want to get into different T-carrier systems provisioning like ADSL, DS0, ISDN etc.. as they use differet WAN protocols, but as lond you know the curcuit is ISDN PRI you should be fine connecting your WAN and move forward with your implementation. To find out you would probably contact your manager or whomever the contact person is in the organization they should have this info from the carrier provider or contact directly the carrier provider and they will have that information . Another way to find out would be to configure the router WIC card interface and stablish connnectivity to the other end of the circuit where your router will stablish connectivity to another router's WAN interface.

The IOS on router is just right for what you need and more later down the road.

Rgds

Jorge

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco