Re: ADSL service for 2 Vlans

samirshaikh52 · ‎10-16-2010

Recently I had purchased a cisco ADSL 877 Router. This will be dedicated for only two vlans on Multilayer

This router is connected to Cisco 6500 Switcport ( configured with multiple vlans) in VLAN 100.

I had configured a dhcp pool on a cisco router. The dhcp pool has network 192.168.10.0/24

Now I had here 2 vlans which should get internet access from this router

VLAN 100 -- 10.1.100.0 /24

VLAN 101 -- 10.1.101.0/24

This vlans will be my dhcp clients.

How is it possible ?

Please help me to setup this.

Federico Coto Fajardo · ‎10-16-2010

Hi,

I don't see the problem if you configure routing correctly.

Can you post a drawing of what you want to do?

Federico.

samirshaikh52 · ‎10-16-2010

Hi Federico,

Thank you for your reply. Please see the attached snap.

It shows my scope of design.

I would be grateful of yours, if you can help me out of this scenario.

Federico Coto Fajardo · ‎10-16-2010

Let's see..

VLANs 100 and 101 have their default gateway as the 6500 correct?

The connection between the 6500 and the 877 is L2.

So, what you need is the 6500 to send the traffic to the 877 when it's coming

from VLAN 100 and 101 and when going to the internet?

A route-map can do that.

route-map ADSL permit 10

match ip address 100

set ip next-hop x.x.x.x

ip access-list extended 100

permit ip VLAN 100 any

permit ip VLAN 101 any

x.x.x.x --> is the IP of the 877

The route-map will be applied on the L3 interface where the traffic from VLAN 100 and VLAN 100 enters the 6500.

Let me know if you get the idea and if I'm understand it correctly.

Federico.

samirshaikh52 · ‎10-16-2010

Thats the wonderfull idea...it can b very useful to implement in this scenario.

But prior to that i have a question ? How is it possible that i can provide dhcp ip to vlan 100 and 101

Let's see..

VLANs 100 and 101 have their default gateway as the 6500 correct? Yes correct

Here is my ADSL config on router without dhcp.

no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 
!
enable secret 
username  password 
no aaa new-model
ip subnet-zero
no ip source-route
no ip domain lookup
!
!
no ftp-server write-enable
!
interface vlan1
 description 
 ip address <192.168.0.1> <255.255.255.0>
 ip nat inside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 description 
 ip address negotiated
 ip nat outside
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 ppp chap hostname 
 ppp chap password 
!
ip nat inside source list 100 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
access-list 1 permit  
access-list 100 permit ip <192.168.0.0> <0.0.0.255> any
!
line con 0
 password 
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 0 0
 password 
 login
!
scheduler max-task-time 5000
!

What would you suggest in that case ?

Federico Coto Fajardo · ‎10-16-2010

You can provide DHCP from the 877 to those two VLANs, if you instruct the 6500 to allow DHCP request to pass through.

i.e.

The interface facing VLAN100 and VLAN101 (on the 6500), you can use the ''ip helper-address x.x.x.x'' command to allow DHCP request to reach the 877, so the 877 will assign IPs to those VLANs.

I will suggest that you test that it work with static IPs and then would just be a matter of making DHCP work.

Federico.

samirshaikh52 · ‎10-16-2010

Here is my summary of configuration before applying.Please have a look.

Router Config.

--------------------------------------

no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname
!
enable secret
username password
no aaa new-model
ip subnet-zero
no ip source-route
no ip domain lookup
!
!
no ftp-server write-enable
!
interface vlan1
description
ip address <192.168.0.1> <255.255.255.0>
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
description
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp chap hostname
ppp chap password
!
ip nat inside source list 100 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
access-list 1 permit
access-list 100 permit ip <192.168.0.0> <0.0.0.255> any
!
line con 0
password
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 0 0
password
login
!
scheduler max-task-time 5000

Switch Configuration.

------------------------------------------------

interface vlan 100

ip address 10.1.100.1 255.255.255.0

no shut

route-map ADSL permit 10

match ip address 100

set ip next-hop 192.168.0.1

ip access-list extended 100

permit ip VLAN 100 any

permit ip VLAN 101 any

Worktation in Vlan 100 IP configuration

IP: 10.1.100.2

SM: 255.255.255.0

GW: 10.1.100.1

DNS: 10.1.100.3 (Here i dont want to provide our DNS server IP, it should be router IP. Is is possible)

Worksation in Vlan 101 IP config

IP: 10.1.101.2

SM: 255.255.255.0

GW: 10.101.1

DNS: 10.1.101.3

Leo Laohoo · ‎10-17-2010

VLAN 100 -- 10.1.100.0 /24
VLAN 101 -- 10.1.101.0/24

This is not a major "show stopper" but what IOS are you running. The c870 running version 12.4 will support only two (2) VLANs with VLAN 1 being one of them.

HOWEVER, if you downgrade to version 12.3 the c870 can support up to ten (10) VLANs.

samirshaikh52 · ‎10-17-2010

Hi Leo,

here i dont have an issue with no. of vlans of router.

I have the vlans on switch 6500. I have just an isssue that how can i provide internet to the vlan 100 and 101 through ADSL router.

Thanks

samirshaikh52 · ‎10-18-2010

Hi Experts,

I have half of the solution, but just need to clarify something.

Here,it is what i have configuredI.

In this i am confused the NAT for vlan 100 and 101

ADSL Router

no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname
!
enable secret
username password
no aaa new-model
ip subnet-zero
no ip source-route
no ip domain lookup
!
!
no ftp-server write-enable
!

ip dhcp pool VLAN100
network 10.1.100.0 255.255.255.0
default-router 10.1.100.1

!
ip dhcp pool VLAN101
network 10.1.101.0 255.255.255.0
default-router 10.1.101.1

interface vlan1
description
ip address 192.168.10.1 255.255.255.0

ip address 10.1.100.2 255.255.255.0 secondary
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
description
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp chap hostname
ppp chap password
!
ip nat inside source list 100 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
access-list 1 permit
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
!
line con 0
password
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 0 0
password
login
!
scheduler max-task-time 5000

CISCO SWITCH 6500

int vlan 100
ip address 10.1.100.x 255.255.255.0
ip address 192.168.10.x 255.255.255.0 secondary
ip helper-address 192.168.10.x

int vlan 101
ip address 10.1.101.x 255.255.255.0
ip helper-address 192.168.10.x

Access-list 100 deny ip 10.1.100.0 0.0.0.255 10.0.0.0 0.255.255.255
Access-list 100 deny ip 10.1.101.0 0.0.0.255 10.0.0.0 0.255.255.255
Access-list 100 permit ip 100.1.100.0 0.0.0.255 any
Access-list 100 permit ip 100.1.101.0 0.0.0.255 any

Access-list 101 permit ip 10.1.100.0 0.0.0.255 any
Access-list 101 permit ip 10.1.101.0 0.0.0.255 any

Router-map Set-Default-GW permit 5
Match ip address 100
set ip default next-hop 192.168.10.x

int vlan 100
ip policy Set-Default-GW
ip access-group 101 out
int vlan 101
ip policy Set-Default-GW

jonesm111 · ‎10-18-2010

It looks like your ADSL router is already partially configured with:

Inside:

interface vlan1
description
ip address 192.168.10.1 255.255.255.0

ip address 10.1.100.2 255.255.255.0 secondary

ip nat inside

Outside:

interface Dialer0
description
ip address negotiated
ip nat outside

Now what you need to do is find out what your public ip address(es) is, configure a global nat statement and insert after static:

conf t

ip nat outside source static 

Look here;
http://www.cisco.com/en/US/customer/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1079180

You can do one-one nat or setup an access-list that would specify a range and what to nat.

--Mike

samirshaikh52 · ‎10-18-2010

Hi Mike,

Thank you for your reply.

I would be very thankful if you can give some command help. Because I have less idea about NATing.

My existing nat is for routers subnet 192.168.10.0 /24.

And even i would like to let you know i cannot open you given link. After redirecting it gives Forbidden file or application.

Samir

jonesm111 · ‎10-18-2010

Hi Samir,

Did your service provider give you a public ip address or public range?

--Mike

samirshaikh52 · ‎10-18-2010

Hi Mike,

No I don't have individual public IP from the ISP. But I am gettting a negotiated IP address on Interface ATM0 from the ISP on ADSL connection.

samirshaikh52 · ‎10-19-2010

Hi Community,

I got it working by some tweaks.

Thanks to people who replied to this thread.