10-16-2010 08:54 AM - edited 03-06-2019 01:33 PM
Recently I had purchased a cisco ADSL 877 Router. This will be dedicated for only two vlans on Multilayer
This router is connected to Cisco 6500 Switcport ( configured with multiple vlans) in VLAN 100.
I had configured a dhcp pool on a cisco router. The dhcp pool has network 192.168.10.0/24
Now I had here 2 vlans which should get internet access from this router
VLAN 100 -- 10.1.100.0 /24
VLAN 101 -- 10.1.101.0/24
This vlans will be my dhcp clients.
How is it possible ?
Please help me to setup this.
10-16-2010 09:57 AM
Hi,
I don't see the problem if you configure routing correctly.
Can you post a drawing of what you want to do?
Federico.
10-16-2010 10:29 AM
10-16-2010 12:16 PM
Let's see..
VLANs 100 and 101 have their default gateway as the 6500 correct?
The connection between the 6500 and the 877 is L2.
So, what you need is the 6500 to send the traffic to the 877 when it's coming
from VLAN 100 and 101 and when going to the internet?
A route-map can do that.
route-map ADSL permit 10
match ip address 100
set ip next-hop x.x.x.x
ip access-list extended 100
permit ip VLAN 100 any
permit ip VLAN 101 any
x.x.x.x --> is the IP of the 877
The route-map will be applied on the L3 interface where the traffic from VLAN 100 and VLAN 100 enters the 6500.
Let me know if you get the idea and if I'm understand it correctly.
Federico.
10-16-2010 12:29 PM
Thats the wonderfull idea...it can b very useful to implement in this scenario.
But prior to that i have a question ? How is it possible that i can provide dhcp ip to vlan 100 and 101
Let's see..
VLANs 100 and 101 have their default gateway as the 6500 correct? Yes correct
Here is my ADSL config on router without dhcp.
no service pad service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname! enable secret username password no aaa new-model ip subnet-zero no ip source-route no ip domain lookup ! ! no ftp-server write-enable ! interface vlan1 description ip address <192.168.0.1> <255.255.255.0> ip nat inside ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer0 description ip address negotiated ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache dialer pool 1 dialer-group 1 ppp chap hostname ppp chap password ! ip nat inside source list 100 interface Dialer0 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server no ip http secure-server ! dialer-list 1 protocol ip permit access-list 1 permit access-list 100 permit ip <192.168.0.0> <0.0.0.255> any ! line con 0 password no modem enable stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class 1 in exec-timeout 0 0 password login ! scheduler max-task-time 5000 !
What would you suggest in that case ?
10-16-2010 01:31 PM
You can provide DHCP from the 877 to those two VLANs, if you instruct the 6500 to allow DHCP request to pass through.
i.e.
The interface facing VLAN100 and VLAN101 (on the 6500), you can use the ''ip helper-address x.x.x.x'' command to allow DHCP request to reach the 877, so the 877 will assign IPs to those VLANs.
I will suggest that you test that it work with static IPs and then would just be a matter of making DHCP work.
Federico.
10-16-2010 11:31 PM
Here is my summary of configuration before applying.Please have a look.
Router Config.
--------------------------------------
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname
!
enable secret
username
no aaa new-model
ip subnet-zero
no ip source-route
no ip domain lookup
!
!
no ftp-server write-enable
!
interface vlan1
description
ip address <192.168.0.1> <255.255.255.0>
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
description
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp chap hostname
ppp chap password
!
ip nat inside source list 100 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
access-list 1 permit
access-list 100 permit ip <192.168.0.0> <0.0.0.255> any
!
line con 0
password
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 0 0
password
login
!
scheduler max-task-time 5000
Switch Configuration.
------------------------------------------------
interface vlan 100
ip address 10.1.100.1 255.255.255.0
no shut
route-map ADSL permit 10
match ip address 100
set ip next-hop 192.168.0.1
ip access-list extended 100
permit ip VLAN 100 any
permit ip VLAN 101 any
Worktation in Vlan 100 IP configuration
IP: 10.1.100.2
SM: 255.255.255.0
GW: 10.1.100.1
DNS: 10.1.100.3 (Here i dont want to provide our DNS server IP, it should be router IP. Is is possible)
Worksation in Vlan 101 IP config
IP: 10.1.101.2
SM: 255.255.255.0
GW: 10.101.1
DNS: 10.1.101.3
10-17-2010 02:38 PM
VLAN 100 -- 10.1.100.0 /24
VLAN 101 -- 10.1.101.0/24
This is not a major "show stopper" but what IOS are you running. The c870 running version 12.4 will support only two (2) VLANs with VLAN 1 being one of them.
HOWEVER, if you downgrade to version 12.3 the c870 can support up to ten (10) VLANs.
10-17-2010 11:40 PM
Hi Leo,
here i dont have an issue with no. of vlans of router.
I have the vlans on switch 6500. I have just an isssue that how can i provide internet to the vlan 100 and 101 through ADSL router.
Thanks
10-18-2010 06:18 AM
Hi Experts,
I have half of the solution, but just need to clarify something.
Here,it is what i have configuredI.
In this i am confused the NAT for vlan 100 and 101
ADSL Router
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname
!
enable secret
username
no aaa new-model
ip subnet-zero
no ip source-route
no ip domain lookup
!
!
no ftp-server write-enable
!
ip dhcp pool VLAN100
network 10.1.100.0 255.255.255.0
default-router 10.1.100.1
!
ip dhcp pool VLAN101
network 10.1.101.0 255.255.255.0
default-router 10.1.101.1
interface vlan1
description
ip address 192.168.10.1 255.255.255.0
ip address 10.1.100.2 255.255.255.0 secondary
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
description
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp chap hostname
ppp chap password
!
ip nat inside source list 100 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
access-list 1 permit
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
!
line con 0
password
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 0 0
password
login
!
scheduler max-task-time 5000
CISCO SWITCH 6500
int vlan 100
ip address 10.1.100.x 255.255.255.0
ip address 192.168.10.x 255.255.255.0 secondary
ip helper-address 192.168.10.x
int vlan 101
ip address 10.1.101.x 255.255.255.0
ip helper-address 192.168.10.x
Access-list 100 deny ip 10.1.100.0 0.0.0.255 10.0.0.0 0.255.255.255
Access-list 100 deny ip 10.1.101.0 0.0.0.255 10.0.0.0 0.255.255.255
Access-list 100 permit ip 100.1.100.0 0.0.0.255 any
Access-list 100 permit ip 100.1.101.0 0.0.0.255 any
Access-list 101 permit ip 10.1.100.0 0.0.0.255 any
Access-list 101 permit ip 10.1.101.0 0.0.0.255 any
Router-map Set-Default-GW permit 5
Match ip address 100
set ip default next-hop 192.168.10.x
int vlan 100
ip policy Set-Default-GW
ip access-group 101 out
int vlan 101
ip policy Set-Default-GW
10-18-2010 01:10 PM
It looks like your ADSL router is already partially configured with:
Inside:
interface vlan1
description
ip address 192.168.10.1 255.255.255.0
ip address 10.1.100.2 255.255.255.0 secondary
ip nat inside
Outside:
interface Dialer0
description
ip address negotiated
ip nat outside
Now what you need to do is find out what your public ip address(es) is, configure a global nat statement and insert after static:
conf t
ip nat outside source static
Look here;
http://www.cisco.com/en/US/customer/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1079180
You can do one-one nat or setup an access-list that would specify a range and what to nat.
--Mike
10-18-2010 01:21 PM
Hi Mike,
Thank you for your reply.
I would be very thankful if you can give some command help. Because I have less idea about NATing.
My existing nat is for routers subnet 192.168.10.0 /24.
And even i would like to let you know i cannot open you given link. After redirecting it gives Forbidden file or application.
Samir
10-18-2010 01:55 PM
Hi Samir,
Did your service provider give you a public ip address or public range?
--Mike
10-18-2010 11:45 PM
Hi Mike,
No I don't have individual public IP from the ISP. But I am gettting a negotiated IP address on Interface ATM0 from the ISP on ADSL connection.
10-19-2010 11:28 PM
Hi Community,
I got it working by some tweaks.
Thanks to people who replied to this thread.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide