cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1541
Views
3
Helpful
2
Replies

Setting new 2901 router in network

I am new to cisco router config, we have network with cisco 2950 switch and ASA5510 firewall,

Current config:

internet -----> ASA 5510 ------> 2950 switch ------- user pc

Intended config:

inetrnet ------> ASA 5510 -------> 2901 router ----------> 2950 switch ---------> user pc

we are doing content filtring in ASA and we have DMZ in ASA zone. wanted to keep this setting and install router,

i have not power up router it is still in box, 

our IP schema:  WAN: 168.x.x.x/30

LAN: 172.21.x.x/16, DMZ: 192.168.x.x/24 wanted to add voice : 172.17.x.x/24

problem was prevous admin has installed flat network so it has no vlan at all in system, now we are trying to install voice, so i need to setup almost evrything without zero downtime. so i am only adding vlan for voice, but vlan server needed to access some LAN side server also, to resolve this routing problem wanted to install this router. can some one help to configure it. thanks.

2 Replies 2

acampbell
VIP Alumni
VIP Alumni

Mukesh,

Something along these lines should help you to get started:-

!
hostname your2901
!
int g0/0
description *** ASA DMZ ***
ip address 192.168.x.y 255.255.255.0
no shut
!
!
int g0/1
description *** YOUR LAN TRNUK TO 2950 SWITCH ***
no shut
!
int g0/1.1
description *** YOUR DATA VLAN ***
encapsulation dot1Q 1
ip address 172.16.x.y 255.255.0.0
no shut
!
!
int g0/1.100
description *** YOUR VOICE VLAN ***
encapsulation dot1Q 100
ip address 172.17.x.y 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.a.b ( ASA DMZ IP ADDRESS)
!

On the 2950 switch you will need to add a vlan for voice
and configure an interface to connect with the 2901 router.

!
vlan 100
name VOICE
!
int fas 0/24
descrition *** TRUNK TO 2901 ROUTER ***
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed vlan 1,100
no shut
!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

this is what I have on router, do think i need to delete anything from here?

hostname R1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
!
ip domain name gsfc.org
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
username cisco privilege 15 secret 4 MXhgYCAfhe9zJC.zc7uDDlUP4jHx7QJ7yXm3x3nRlzw
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username   privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

one issue, cause i have ASA firewall, do i need to change anything on it? so far i know i have to move my gateway address to router lan interface, do i need to change any ASA rules/reverse routing?

      

while we are installing voice, i wanted to make it ready for wireless also, and i need to setup wireless for guest and local users, what i plan to do is setup guest to have wireless ,but no access to LAN and local user user can have both access, so to achive that do i need to setup vlan for guest and pass it from router to ASA, if yes how can i pass vlan from router to ASA.

i know this might be silly questions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: