Solved: Re: Question about Cisco Router 800 series

beppefranchi · ‎09-27-2006

Hi everyone,

Just a stupid question:

I have to create a new network design in a school.

2 networks must share the same Internet ADSL connection but the users in a network must not be able to reach the other network. We thought to supply a little router, because the budget is quite low.

The question is quite simple: In a Cisco 800 series router (we suggested Cisco 877) is it possible to configure every FastEthernet interface with a different IP address (and different networks) and create firewall policies between ports, like bigger routers? It's a stupid question, but I never had experience with those routers and I want to be sure that the solution we designed is possible...

Thank you

Beppe

gpulos · ‎09-27-2006

in short, YES,

you can use the 800 series routers to define a subnet for each of four possible VLANs.

then you will need to create and apply access lists so that the different subnets cannot communicate to each other.

please see the following link for more 877 configuration info:

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d26d.html

please see the following link for more access-list configuration info:

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080716eba.html

please see the following link for info on a firewall configured on the 877:

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d275.html

View solution in original post

mmorris11 · ‎10-02-2006

Beppe,

Not a stupid question. Building and troubleshooting networks in many ways is like assembling a gas grill correctly. It's all about reading the instructions. You will want to look at a few docs:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_data_sheet0900aecd800fd118.html

This guide is a little old but will still have relevant scenarios and config examples:

http://www.cisco.com/en/US/customer/products/hw/routers/ps380/products_configuration_guide_book09186a008011a32f.html

That being said, you can certainly acheive your goals with this router, although you will also want to compliment the solution with a managed switch like at least a 2950. This will allow you to trunk via dot1q to the router and use sub interfaces on the router to which ip access lists can be applied and used as gatways for the corresponding networks.

HTH pls rate!

View solution in original post

gpulos · ‎09-27-2006

in short, YES,

you can use the 800 series routers to define a subnet for each of four possible VLANs.

then you will need to create and apply access lists so that the different subnets cannot communicate to each other.

please see the following link for more 877 configuration info:

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d26d.html

please see the following link for more access-list configuration info:

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080716eba.html

please see the following link for info on a firewall configured on the 877:

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d275.html

mmorris11 · ‎10-02-2006

Beppe,

Not a stupid question. Building and troubleshooting networks in many ways is like assembling a gas grill correctly. It's all about reading the instructions. You will want to look at a few docs:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_data_sheet0900aecd800fd118.html

This guide is a little old but will still have relevant scenarios and config examples:

http://www.cisco.com/en/US/customer/products/hw/routers/ps380/products_configuration_guide_book09186a008011a32f.html

That being said, you can certainly acheive your goals with this router, although you will also want to compliment the solution with a managed switch like at least a 2950. This will allow you to trunk via dot1q to the router and use sub interfaces on the router to which ip access lists can be applied and used as gatways for the corresponding networks.

HTH pls rate!

enandres · ‎10-30-2006

Hi folks,

I've got a 857 and I think I am only allow to create 1 vlan.

Is this correct?

thxs

mikraus · ‎10-31-2006

Unfortunately, that is correct. Note in the Q&A when it describes the differences between the 850 & 870 series, it talks about "VLAN support" on the 870 series switch:

http://www.cisco.com/en/US/products/hw/routers/ps380/products_qanda_item0900aecd8028a982.shtml

Many people have made statments in the past like "all 100Mbps ports support 802.1q trunking" or "no 10Mbps ports support 802.1q trunking". These statements are decent generalizations, but are not 100% accurate.

It is certainly confusing, as there isn't a global list of all the products that support 802.1q trunking, it needs to be evaluated on a cases by case basis.

enandres · ‎11-01-2006

Hi again,

Thank you for the reply. But I think you can create VLANs inside the dot11 interface and assign them to a SSID. My question now is next:

Can I with my 857 make a link via wireless (WDS) with other non cisco AP router? What about setting up the 857 as a repeater of a non cisco AP router?

Many thxs for your support,

Enrique.