11-03-2007 08:50 PM - edited 03-03-2019 05:39 AM
Hi, all,
First, I'm definitely a beginer in network field, I don't know much about routers.
Recently, I got a CISCO2610XM router. I tried to use it to set up a LAN and connect the LAN to the network.
However, I found the router only have one FastEthernet0/0 port, and other two ports are console and aux (which I think are used to configure the router, am I right?).
Do I need extra network module (card) to connect to the LAN? And what card should I choose?
The figure I planed for my LAN is:
Network
|
|
ROUTER 2610XM
|
|
A Linux box (Squid, as a cache engine)
|
|
A Switch (NetGear GS105 Gigabit Switch)
|
|
several computers
Thanks in advance.
Joe
Solved! Go to Solution.
11-07-2007 11:12 AM
Joe, didn't mean to confused you, don't want to get into different T-carrier systems provisioning like ADSL, DS0, ISDN etc.. as they use differet WAN protocols, but as lond you know the curcuit is ISDN PRI you should be fine connecting your WAN and move forward with your implementation. To find out you would probably contact your manager or whomever the contact person is in the organization they should have this info from the carrier provider or contact directly the carrier provider and they will have that information . Another way to find out would be to configure the router WIC card interface and stablish connnectivity to the other end of the circuit where your router will stablish connectivity to another router's WAN interface.
The IOS on router is just right for what you need and more later down the road.
Rgds
Jorge
11-03-2007 09:48 PM
Joe, you are correct, you only have one builtin FE port, the other ports is for console local connection
for admin and AUX port for various purposes such as plugin modem for dialin for admin as well.
you could get above cards listed in the link bellow but not required, if you wanted to create several subnets off the FE interface you could do it with atleast 12.4X,T IP BASE IOS image that supports 802.1q trunking, create a trunk link between the router and your switch , as long the netgear
can support 802.1q you can pass these networks created in the router down to your switch, if Netgear can support vlans create the vlans on netgear switch and map each physical port on right vlan .
http://www.cisco.com/en/US/products/hw/routers/ps259/products_data_sheet09186a00801aca3e.html
For example, say you create 4 networks on router.
on the router :
interface FastEthernet0/0
Description CONNECTION TO Layer2 SWITCH
no ip address
no ip proxy-arp
duplex full
speed 100
interface FastEthernet0/0.2
Description VLAN2
encapsulation dot1Q 2 ( for vlan 2 on switch )
ip address 192.168.1.1 255.255.255.0
interface FastEthernet0/0.3
Description VLAN3
encapsulation dot1Q 3 ( for vlan 3 on switch )
ip address 192.168.2.1 255.255.255.0
interface FastEthernet0/0.4
Description VLAN4
encapsulation dot1Q 3 ( for vlan 4 on switch )
ip address 192.168.3.1 255.255.255.0
interface FastEthernet0/0.5
Description VLAN5
encapsulation dot1Q 3 ( for vlan 5 on switch )
ip address 192.168.4.1 255.255.255.0
HTH
Jorge
11-04-2007 07:12 AM
Well if you had a manageable switch that you could create vlans on then could get away with a single interface otherwise you will need an extra FE interface . A simple 2950 would do this , if you wanted to break it out . not sure what the extra FE will cost.
11-04-2007 08:07 AM
the problem is 2610XM can only support
these three types for ethernet/fastethernet services for slot0 based on advisory tools.
NM-16ESW=(1 16 port 10/100 ethernet switch ) L2 ports
NM-1E=(1-port ethrnet net module) Not FE
NM-4E=(4-port ethernet net module) Not FE
[edit] perhaps a 1FE-TX module may work but not listed in advisory.
11-04-2007 12:03 PM
May have to find a manageable switch you can create vlans on and then trunk from your router to that switch and make your network connections from there .
11-04-2007 01:07 PM
I agree with you Glen, a 2950 would probably be the best choice for a manageable switch in this scenario and work with single FE from 2610xm.
11-04-2007 03:09 PM
Thanks to both of you. I really appreciate your great help.
One more questions please:
As I understand, there are two ways to solve this problem:
Way(1): buy a NM-16ESW network module
Way(2): buy a CISCO 2950 switch
I wonder what would my diagram look like if I choose each of those two ways. Since I need the Squid linux box to be in my network(which is the most important part of my experiment), where should I put the linux box?
Originally, I planed as Internet--Router--Squid--Switch--Computers. Then for the first way, I have no idea about the ESW network Module, how should I connect them up?
For the second way, I think original diagram won't work any more because the router only have one FE port, how should I revise the diagram?
Thanks again.
Joe
11-04-2007 06:46 PM
I did not realized you had in mind ISP , this changes things, but lets assume you'll have a static IP for ISP_INternet connection , I'll see if can get a chance to lab this out ,this is a quick setup but you still need to configure some security ACLs.
On 2610XM router:
ip routing
interface FastEthernet0/0
Description CONNECTION TO 2950_SW_PORT_24
no ip address
no ip proxy-arp
duplex full
speed 100
no shut
interface FastEthernet0/0.2
Description VLAN2
encapsulation dot1Q 2 ( for vlan 2 on switch )
ip address ISP_STATIC_IP
ip nat outside
interface FastEthernet0/0.3
Description VLAN3
encapsulation dot1Q 3 ( for vlan 3 on switch )
ip address 192.168.2.1 255.255.255.0
ip nat inside
interface FastEthernet0/0.4
Description VLAN4
encapsulation dot1Q 4 ( for vlan 4 on switch )
ip address 192.168.3.1 255.255.255.0
ip nat inside
interface FastEthernet0/0.5
Description VLAN5
encapsulation dot1Q 5 ( for vlan 5 on switch )
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip nat pool mypool interface fastethernet0/0.2
ip nat inside source list 100 mypool overload
access-list 100 permit ip 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255
access-list 100 prtmit ip 192.168.4.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 ISP_router_interface_IP_address
on the switch config something like this:
vlan database
vtp domain test_net
vtp mode transparent
vlan 2 name outside_ISP_Internet
vlan 3 name 192.168.2.0_subnet
vlan 4 name 192.168.3.0_subnet
vlan 5 name 192.168.4.0_subnet
vlan 6 name 192.168.5.0_subnet
exit
interface fe0/1
description connection_ISP_Router
switchport access vlan 2
speed 100
duplex full
no cdp enable
no shutdown
interface fe0/2
description connection_PC1
switchport access vlan 3
speed 100
duplex full
no shut
interface fe0/3
description connection_PC2
switchport access vlan 4
speed 100
duplex full
no shut
etc..
interface fastethernet0/24
Description Trunk to 2610XM_FE_PORT
switchport mode trunk
Physical would look something like this.
INternet-ISP-router 2610XM
\ /
\ /
2950SW
|
|
PCs
[Edit]
For the Squid server say you have a spare public IP of 2.2.2.2 and Squid local IP is 192.168.2.254 you can create a static NAT on 2610XM router as:
ip nat inside source static 192.168.2.254 2.2.2.2
in addition to access list to allow inbound access through public IP.
11-04-2007 09:52 PM
jorgemcse,
Thanks for your warm-hearted help. Your solution sounds great to me. I will definitely try it out if my boss decided to buy 2950SW.(I need to report all possible solutions to him and wait for his decision)
At this point, I'm still considering using less money to build up the connection.
Is it possible I can add a WIC card to the router so that I can keep the original diagram? The card I found is:
WIC-1B-U WAN Interface Card
Found at:
http://www.cisco.com/en/US/products/hw/modules/ps3129/prod_eol_notice09186a008032d4b1.html
This card is said to work with 2610xm and seems to be cheaper than a switch, but I'm definitely not sure if it's suitable in my situation?
Would this work as:
Internet --> WIC card on router -->router -->FastEthernet0/0 port -->Squid -->Netgear Switch -->PCs
Would you please give me more advise on this?
Thanks a lot.
BTW, if this is feasible, do you have any idea about the differences between WIC-1B-U and WIC-1B-U-V2? I didn't see any on the website:
http://www.cisco.com/en/US/products/hw/modules/ps3129/products_tech_note09186a00800ab515.shtml
Joe
11-05-2007 09:24 AM
Hi Joe, I haven't played with ISDN for quite some time, the V2 is the newer version for the WIC-1B-U, which probably means you may not use a Non-V2 on newer routers as I have seen in some threads perhaps someone can add to this, but the Non V2 should function as the V2 one, however, it is best to go with newer cards if you ever decide to upgrade 2610XM with newer router. Also looking at your layout have you thought of implementing some kind of firewall to better control your inbound outbound access, look into ASA5505..sometimes is best to spend the extran and do it right and have better management.. perhaps someone may differently add to this thread as there are many ways of doing it.
the WAN WIC interface on router will become your nat outside interface as suppost to previuos examples.
Internet --> WIC-2610XM-FE0/0 port->2950SW-->Internal_Net-Squid
With FW ASA5505 has 8 ports integrated switch - plus a great GUI interface to ease management. probably you are looking
at $450.00 plus another $700 for security plus license..
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Internet--> WIC-2610XM-FE0/0-->_FW-ASA5505->-NetgearInternal_Net-Squid_services
Rgds
Jorge
11-06-2007 11:38 AM
Hi, Jorge,
Thanks for your reply, I found all of your replies to be useful for now and for the future.
I need to make sure our design does work, because I want to buy the necessary(or correct) parts as soon as possible.
Here are some questions I'm not sure:
(1).when I mentioned Internet, I refered to follwing things: I work in an organization which has it's own VPN, IP address is class B. The network access spot I have is the wall jack which using RJ-45 cables. Would you please give me a confirmation that the WIC is suitable for this situation.
(2).my budget is hundreds level. Here are the best price I can get(all used or refurbished):
NM-16ESW $725
Switch 2950 with 24 port: $350
WIC-1B-U-V2: $295
WIC-1B-U: $25
Since I'm only in experimental stage, I prefer the combination of WIC-1B-U and Switch 2950. Do you see any problem with this choice? In addition, the cost for my 2610xm is about $250, it would make no sense to my boss if I choose NM-16ESW and other equipments with about $1000 or plus.
(3).I'm not sure about Firewall-ASA5505. Thanks for your consideration, but it seems to be out of my budget and my main purpose.
Appreicate your help.
Joe
11-06-2007 02:52 PM
Joe, when you say " Organization has its own VPN " what does this means exactly? there are several question to be raised , this is important to know because depending on this information the proper recomendation could be given.
No1. There are companies where they do not lease lines as point to point connections between their branche offices and HQ s but thather through a service provider which gives them a VPN point port whereby provides a connection point through their VPN Cloud and to their private network HQ.Is this your scenario where your location will become a branch sort of speak and be part of the organization's private network and use their internet access through their ISP? If this is so then the whole implementation changes, I could gues this is your scenario because you are not considering firewalling infrastructure because your small LAN will techically be inside the organization's security perimeter.
Or
No2. Will you be leasing PRI in order to Client VPN session to the organization's network or vise versa? and will you have an ISP provider giving static WAN IP public addresses.. if this is another scenario you need to reconsider beter design, security and management.
You need to make sure that ISDN cuircuit terminating in your RJ-45-JACK is indeed provisioned as ISDN and if so your 2610XM router will work and support the WIC-1B-U card for your WAN connection.In your experimental stage if considering creating subinterfaces using 802.1q you will need at lease IP Base image version 12.3 General
deplyment or higher to support trunking. IOS versions 12.3 GD or 12.4 LD will required the router to have 64 MB DRAM and 16 MB Flash, if experimenting with just a single flat logical network you should be ok with just any 12.x IOS IP BASE image and one FE interface for your inside LAN connecting to your netgear hub, and inside system connecting to netgear.
IOS image support for WIC-1B-U
http://www.cisco.com/en/US/products/hw/modules/ps3129/products_tech_note09186a00800ab515.shtml
Rgds
Jorge
11-06-2007 06:14 PM
Jorge,
Thanks for your highly detailed help.
(1).You are right, I believe NO1 applies to my situation. I do not have to consider the security problem. Actually, my small LAN will connect to the building's network through a wall jack(assumming it has a static IP address); and for the experiment purpose, I do not need to warry about the security.
(2).Here is the hardware and software description of my 2610XM:
Cisco IOS Software, C2600 Software (C2600-IPBASEK9-M), Version 12.4(11)T3, RELEASE
System image file is "flash:c2600-ipbasek9-mz.124-11.T3.bin"
Cisco 2610XM (MPC860P) processor (revision 1.0) with 127627K/3445K bytes of memory
1 FastEthernet interface
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)
(3).I'm not sure about this:
"You need to make sure that ISDN cuircuit terminating in your RJ-45-JACK is indeed provisioned as ISDN... "
How do I find this out? I can plug in the jack for any computer with a network card and get internet access through it, does this prove anything?
Thanks.
Joe
11-07-2007 11:12 AM
Joe, didn't mean to confused you, don't want to get into different T-carrier systems provisioning like ADSL, DS0, ISDN etc.. as they use differet WAN protocols, but as lond you know the curcuit is ISDN PRI you should be fine connecting your WAN and move forward with your implementation. To find out you would probably contact your manager or whomever the contact person is in the organization they should have this info from the carrier provider or contact directly the carrier provider and they will have that information . Another way to find out would be to configure the router WIC card interface and stablish connnectivity to the other end of the circuit where your router will stablish connectivity to another router's WAN interface.
The IOS on router is just right for what you need and more later down the road.
Rgds
Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: