Connecting Cisco 2821 Router, Switch, and Cable Modem

c.shinneman1 · ‎12-16-2014

Hey everyone,

I am currently in the Cisco Network Academy at my school and just finished CCNA 1. I have a few questions though.

I am purchasing new equipment and that equipment includes:

1-Cisco 2821 2-port Gigabit Router
1-Linksys SE3016 16-Port Gigabit Switch (unmanaged)
1-Cisco WAP4410n Wireless Access Point
1-Motorla SurfBoard Gigabit Cable Modem (no router built in-Just standalone Modem used with Comcast Xfinity High Speed Internet)
1-12U Network Rack (not enclosed)

I am confused on how I will connect the cable modem to the router and the router to the switch and the WAP so that I still have WiFi. Since the router only has 2 Ge Ports, how would I cable this up?

If my assumptions are correct, would I do the following set up?

Take the Cable Modem and run a Straight Thru to Port 1 of the Router.
Connect the Switch Port 1 to Port 2 of the Router using a Straight Thru cable (I believe I will most likely have to Subnet a network, won't I?).
Connect Switch Port 2 to WAP using Straight Thru Cable (so I still have WiFi in my home).
Connect all my computers and other devices to the Switch (this includes several PC's/Laptops, two printers that are ethernet, two TV's that are ethernet, an AppleTV and a Blue Ray Player that are both ethernet, and some Cisco Powerline Network Adapters).

Will that set up work?

Also, how would I configure the router to work with my cable modem AND act as a DHCP Server so that all of my devices get IP Addresses? I have the Cisco Command Guide Book, but it is confusing to me as of now.

Thanks!

Chris

devils_advocate · ‎12-17-2014

What you have described should work fine.

You would give Port 1 of the router your Public IP address, or set it to DHCP if you do not have a static IP address from your ISP.

You would give Port 2 on the Router an IP address in the Private IP range you want to use on your LAN, something like 192.168.1.1 with a mask of 255.255.255.0.

The switch is layer 2 and not vlan aware anyway so you would simply configure the router with a DHCP scope in the 192.168.1.0 /24 subnet and by hooking it up as described above, your AP and your hosts should pickup an IP address fine. As the Linksys is not Vlan aware, it will forward the DHCPDISCOVER packets out all its switchports, including the one up to the router and the router will then assign an IP address from its DHCP scope you have setup.

FYI - You will need to configure NAT (actually PAT) on the Router to ensure your Private IP addresses are translated to the Public IP address assigned by your ISP :)

Hope this helps!

Thanks

c.shinneman1 · ‎12-17-2014

Thanks for your replies! Below is a list of the commands I will use to configure the router. They are listed in the order that I will type them. Would you mind going through and making sure I didn't miss anything or mess any of them up? I am not that good at the commands yet. Still have a lot of practice to do, but will be getting that this coming school quarter when I begin CCNA 2.

Anything with a paranthesis is NOT included in the actual command line. Just to help me understand what the command is for.

COMMANDS:

enable

clock set (insert time and date)

conf t

hostname R1

no ip domain-lookup

enable secret (insert password)

int g0/0 (WAN)

ip address dhcp

no shutdown

exit

Should be back to R1#

int g0/1 (LAN)

ip address 10.0.0.1 255.255.0.0

no shutdown

exit

Should be back to R1#

ip dhcp excluded-address 10.0.0.1 10.0.0.99 (Router, Server 1, Server 2, WAP)

ip dhcp pool ARAMISDOMAIN

network 10.0.0.0 255.255.0.0

default-router 10.0.0.1

dns-server 8.8.8.8

lease 0 4 0

exit

Should be back to R1#

copy run start

devils_advocate · ‎12-17-2014

A good start but a few points I would make.

If you set the clock manually, you may find it resets itself after a router reboot. I would look at pointing it at an NTP server:
- #ntp server x.x.x.x
- #clock timezone GMT (Assuming you are UK based)
Although not required, I would put a description on each of the interfaces as it may help identify them later if you are not physically in front of the Router.
- #interface gi0/0
- #description WAN
- Same for LAN
You have set up your LAN subnet with a /16 subnet mask which is effectively 10.0.0.1 - 10.0.255.254. This is a large subnet allowing over 65k hosts which is not best practice on enterprise networks. It probably won't cause you any issues but I doubt you will have any more than 254 hosts so personally I would use a /24 subnet (255.255.255.0)

The only major thing missing is NAT which needs to be configured on the router to translate the LAN IP addresses from their 10.* private range to the Public IP address on the Gi0/0 WAN Interface.

Firstly you need to define the 'inside' and 'outside' NAT interfaces which is fairly self explanatory:

#interface gi0/0
#ip nat outside

#interface gi0/1
#ip nat inside

Gi0/0 is your outside interface because its facing the Outside world (i.e the internet) and Gi0/1 is your inside interface because its facing Inside your LAN.

Then you need to tell the router which addresses to translate against by first creating an access list:

#ip access-list standard LAN-Addresses
#permit 10.0.0.0 0.0.255.255

Finally you need to tell the router to start translating:

#ip nat inside source list LAN-Addresses interface gi0/0 overload

Oh, I have just noticed that you do not have a 'default route' configured. A router forwards packets by first looking up the destination IP address of the packet (i.e where its going) in it's own routing table. Obviously home routers are not going to have an entry for every Public IP subnet on the internet so they use something called a default route which effectively says 'If I cannot find an entry for this packet in my routing table, use the default route'.

As you are on DHCP and your IP address (and even default gateway) could change on your WAN interface, I would not bother with the next hop address in the default route but rather use the outgoing interface as below:

#ip route 0.0.0.0 0.0.0.0 gi0/0

Hope this helps!

c.shinneman1 · ‎12-18-2014

Here is my updated list of commands in the order I will type them. Is the order correct or does it matter?

enable

ntp server 10.0.0.2 (Domain Controller Server)

clock timezone PST -8

conf t

hostname R1

no ip domain-lookup

enable secret (insert password)

int g0/0 (WAN)

#description WAN

ip address dhcp

ip nat outside

no shutdown

exit

Should be back to R1#

int g0/1 (LAN)

#description LAN

ip address 10.0.0.1 255.255.0.0

ip nat inside

no shutdown

exit

Should be back to R1#

ip dhcp excluded-address 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4

ip dhcp pool ARAMISDOMAIN

network 10.0.0.0 255.255.0.0

default-router 10.0.0.1

dns-server 8.8.8.8

lease 0 4 0

exit

Should be back to R1#

ip access-list standard LAN-Addresses

permit 10.0.0.0 0.0.255.255

ip nat inside source list LAN-Addresses interface gi0/0 overload

copy run start

Jason Vanlandingham · ‎12-17-2014

That's pretty darn close to the setup I have, except that I got a 24-port etherswitch module to put in my 2821. I really recommend getting one of those 24 or 16 port modules. They use the guts of a 3750, which is a good layer 3 switch, so you can do VLANs and SVRs. It only cost me around $100.

Anyway, as devils_advocate said, your setup sounds good. For some extra fun, try setting that router up as a DNS server. There are all kinds of things the ISRs will do. Enjoy!