06-11-2009 10:03 AM - edited 03-06-2019 06:13 AM
I've been struggling with both the Cisco 1841 router and ASA 5505 in trying to assign public IP's on 2 vlans I'm trying to create so both vlans can be segmented but have controled traffic between each other via ACL's. The CLI on both the 1841 and the 5505 will not take a public ip on any of there additional eth ports.
I do have a Catalyst 3750 (ws-c3750g-24t-s) downstream from these devices that will allow me to assign a public ip on a port. I'm basically trying trying to split my ISP handoff to two vlans and providing public ip's to both aa well as restricting traffic between the two via ACL's. Since the additional ports on 1841 and 5505 are not true "WIC's", would this Catalyst allow me to acomplish the above said?
06-11-2009 11:21 AM
John
The 3750 would allow you to do this but you should be able to do this with the 1841. Is the card in your 1841 a HWIC-4ESW ?
If so you can assign these ports into vlans. So you could create the 2 vlans, create the L3 vlan interfaces for each vlan and then assign the ports into the relevant vlans.
Apologies if i have misunderstood.
Jon
06-11-2009 12:42 PM
Thanks for ringing in here Jon. Yes the card is an HWIC-4ESW but the CLI will not accept a public ip for any of the 4 ports on that card, will only take private addresses.
06-11-2009 12:45 PM
John
You need to create a vlan and then assign the public IP to the L3 vlan interface
1) vlan 20 name public
2) int vlan 20
ip address
3) int fa0/1 <--- fa0/1 is one of the 4 ports
switchport access vlan 20
Jon
06-11-2009 01:36 PM
Thanks Jon, I went to the test bench and consoled into the 1841. As you know, when I do a:
1841(config)#int fastethernet 0/1/1
1841(config-if)#ip address
I get the following: "IP address may not be configured on L2 links."
When I try you way there is no way to "name" a vlan. These are the only options in config mode for vlan:
1841(config)# Vlan ?
accounting VLAN accounting config
id descr VLAN subinterface if descr
the command:
1841(config)#vlan 20 name public
is not reconized.
Thanks for your help
06-11-2009 01:45 PM
John
Apologies, you need to use the vlan database command on the 1841 ie.
1841# vlan database
or
1841(config)# vlan database
It's been a while since i used vlan database so i can't remember which one is the correct one - think it's the first one :-).
Once you are in vlan database mode you can then configure the vlan.
Jon
06-11-2009 02:34 PM
WOW that worked!!! Strange way to configure. So now I can do vlan routing and ACL's on the switches even though there L2?
06-11-2009 02:37 PM
John
vlan database is the old way to configure vlans, it's not really used much these days.
You can apply your acl's to the L3 vlan interfaces and that will allow you to control traffic between the 2 vlans.
Jon
06-11-2009 02:44 PM
Thank You. This has been quite an educational experience. I am only CCNA, and this vlan database was not covered in my studies. Thank you again. This item is fully resolved.
06-11-2009 03:15 PM
No problem, glad to have helped.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: