12-26-2008 06:11 AM - edited 03-04-2019 03:14 AM
Hello Frnds I have to setup a small network with 30 users and in future it can be expanded So for that i have bought 1 Router 877,1 catlyst switch 2960 and Purchased one DSL connection
Now the problem is that
1.How should i setup my network ?
2.How should i configure my Router and switch?
3.How the users will access internet ?
4.DHCP configration or assign Ip statically
I have decided to design 192.168.1.0/24 ip address scheme for my LAN
Can any one help me ?I will be very thankful
Solved! Go to Solution.
12-26-2008 06:52 AM
Hello Samir,
1) users === switch 2960 -- single lan cable -- 877 ---DSL /phone cable
2) R877
hostname R877
int vlan 1
ip address 192.168.1.1 255.255.255.0
no shut
assign an enable password with
enable secret xxx
do the same for c2960 using
hostname SW2960
int vlan 1
ip address 192.168.1.2 255.255.255.0
no shut
to avoid normal users to access them I suggest to use an ACL to specify administrator's PC ip address
access-list 11 permit host 192.168.1.3
access-list 11 permit host 192.168.1.4
line vty 0 4
access-class 11 in
do it on both devices
3) internet access can be given using nat
access-list 21 permit 192.168.1.0 0.0.0.255
ip nat source inside list 21 int dialer1 overload
int vlan 1
ip nat inside
int dialer 1
ip nat outside
I suppose you use some form of PPPoX on your line and dialer1 is the logical interface used with it. Check with your provider what type has to be used and the ATM parameters VPI/VCI
4) give ip addresses to users with DHCP with just few PCs used by you with static ip addresses for the security reason explained above.
An example is the following:
ip dhcp excluded-address 192.168.1.1 192.168.1.15
!
ip dhcp pool DATA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 1
!
So users will get ip addresses > 192.168.1.1
Hope to help
Giuseppe
12-26-2008 06:52 AM
Hello Samir,
1) users === switch 2960 -- single lan cable -- 877 ---DSL /phone cable
2) R877
hostname R877
int vlan 1
ip address 192.168.1.1 255.255.255.0
no shut
assign an enable password with
enable secret xxx
do the same for c2960 using
hostname SW2960
int vlan 1
ip address 192.168.1.2 255.255.255.0
no shut
to avoid normal users to access them I suggest to use an ACL to specify administrator's PC ip address
access-list 11 permit host 192.168.1.3
access-list 11 permit host 192.168.1.4
line vty 0 4
access-class 11 in
do it on both devices
3) internet access can be given using nat
access-list 21 permit 192.168.1.0 0.0.0.255
ip nat source inside list 21 int dialer1 overload
int vlan 1
ip nat inside
int dialer 1
ip nat outside
I suppose you use some form of PPPoX on your line and dialer1 is the logical interface used with it. Check with your provider what type has to be used and the ATM parameters VPI/VCI
4) give ip addresses to users with DHCP with just few PCs used by you with static ip addresses for the security reason explained above.
An example is the following:
ip dhcp excluded-address 192.168.1.1 192.168.1.15
!
ip dhcp pool DATA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 1
!
So users will get ip addresses > 192.168.1.1
Hope to help
Giuseppe
12-26-2008 07:53 AM
line vty 0 4
access-class 11 in
password XXX
Don't forget the password on the vty or you can use the username uuuuuuuu password ppppppp command and apply login local to the vty.
Also, on the switch at the Switch[config-t]# prompt put in the ip default-gateway.
ip default-gateway 192.168.1.1
12-26-2008 08:21 AM
Hello Richard,
the password under vty is really needed
the default-gateway on the switch is not needed because there is only one internal subnet and then the internet access.
Best Regards
Giuseppe
12-26-2008 08:27 AM
Hi Giuseppe,
You are right about the d-g. It is just one of those steps I have been burned for in the past and it has stuck with me. It isn't needed in that configuration.
V/R,
Richard
12-26-2008 10:12 AM
nice senario.. you guys Rock !!
12-26-2008 01:03 PM
Thank you sir I really appreciated your explanation I will work on it and let you know
12-26-2008 01:10 PM
Sir,Suppose i want to create some vlans on the switch then what will be the configuration
12-26-2008 02:12 PM
Hello Samir,
>> Suppose i want to create some vlans on the switch then what will be the configuration
the router to switch link becomes a trunk port
R877
R877# vlan database
vlan 2
name second_vlan
vlan 3
name third_vlan
let's suppose fas1 connects to the switch
int vlan2
ip address 192.168.2.1 255.255.255.0
no shut
int vlan3
ip address 192.168.3.1 255.255.255.0
no shut
int fas1
switchport
switchport trunk enc dot1q
switchport mode trunk
on the switch
SW2960# config t
SW2960(config)# vlan 2
SW2960 ( )# name second_vlan
SW2960( )# vlan 3
SW2960 ( )# name third_vlan
suppose f0/1 connects to fas1
int f0/1
switchport
switchport trunk enc dot1q
switchport mode trunk
if you want to allow internet access the nat ACL needs more statements and Vlan2 and Vlan3 needs the ip nat inside command
Hope to help
Giuseppe
12-26-2008 10:20 PM
Sir, On which interface of the router should i connect the Switch and i have to assign any ip address on that interface ? What does this commands mean "ip nat inside and ip nat outside
12-26-2008 10:22 PM
Do i have to create vlans on both side router ans switch ?
12-27-2008 02:45 AM
Hello Samir,
1)
I supposed to connect
R877:fas1 ----- SW2960:f0/1
as a trunk port carrying vlans 1,2,3
2)
yes, L2 vlans have to be defined on both devices.
the router 877 uses the vlan database.
The switch can define l2 vlans within normal configuration mode (this is the modern way to do this step)
Hope to help
Giuseppe
12-27-2008 05:51 AM
Sir can you give me your mail ID so that i can take your help through the mail becoz trying to do thru the forum takes a long time
My mail id is samirshaikh52@gmail.com
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: