Cisco 1941 SEC-K9 with EHWIC-4ESG-P Configuration Questions
I recently purchased a 1941 with a EHWIC-4ESG-P. I've spent some time reviewing numerous docs and haven't found the answers to some of the questions I have in configuring this guy. Here is the topology I'm trying to support (IP's changed to protect the innocent):
WAN - 188.8.131.52/29 (G0/0, Dialer1 assigned from ISP (VDSL/PPPoE to modem with RFC 1483 bridging)
LAN - 10.0.0.0/24 (G0/0/0 / Vlan2)
DMZ - 10.0.1.0/24 (G0/0/1 / Vlan3 .. Externally facing web, mail and DNS servers)
LAN2 - 10.0.2.0/24 (G0/0/2 / Vlan4)
I've been able to successfully establish the PPPoE connection to my ISP, and NAT the LAN hosts to the outside world - this part works fine. What isn't working is pretty much everything else -- which brings me to this forum to ask a few questions so that I might better understand some of the concepts a bit better so I can move forward with this router migration.
I have the EHWIC interfaces assigned to the Vlans, and have assigned the Vlans static addresses as shown above.
My first question pertains to access-lists / ACLs on the 1941 with the EHWIC-4ESG-P etherwswitch module:
Q: Am I correct in assigning ACLs / access-groups on the Vlan interfaces, or is this suppose to be done soley on the router GigabitEthernet ports?
Q: Would a rule like this be correct for port forwarding WWW traffic to one of the DMZ hosts?
Q: Do I need any specific acccess-list rules in the access-group in/out for the Dialer1 interface to establish PPPoE/PPP to my ISP? The reason I ask this is because I can't maintain the conntection with any in or out access-groups assigned to it (I'm sure this is fail on my part, but nothing I've tried works other than removing the groups from the interface).
I would paste my sh run, but at this point I'm back to square one and just have the Vlan address assignments and a basic working ppp setup until I can get help. Also, CDW is being slow with my SMARTnet contract, so I'm ~7-10 days away from obtaining it
Any help and/or insight would be greatly appreciated!
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...