Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CISCO 2921

Can I connect a CISCO 2921 Router to a Wan through one of the gig ports or I need an EHWIC to do this?

18 REPLIES

You can definitely use one of

You can definitely use one of the GigabitEthernet ports. Using one for WAN and the others for LAN/DMZ functionality is a fairly standard configuration for those routers.

New Member

Thank you. I cannot get it to

Thank you. I cannot get it to work. Do you have any configuration example for the WAN side, that you would like to share? Thank you

Hi Tristan,If you can, please

Hi Tristan,

If you can, please describe the issue with some more details.

Regards,

Aref

New Member

We just bought two CISCO 2921

We just bought two CISCO 2921 for my workplace. I am trying to learn how to set them up. We have been using Netgear for years. Our network has grown and Netgears are not enough anymore.

So I have a lab where I have a Netgear FVX538 connected to the Internet. Netgear LAN configuration is 172.18.0.1 255.255.255.0

I connected the CISCO to one of the LAN ports in the NETGEAR through gig 0/0. See configuration below.

I have connected a LAPTOP to gig 0/1, but it does not get to connect to the Internet. Another laptop, which is connected directly to NETGEAR cannot ping the CISCO Router

Using 2272 out of 262136 bytes

! Last configuration change at 19:30:41 PCT Sun Nov 2 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname CISCO-2921-Router-Elementary

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 25

clock timezone PCT -8 0

!

ip cef

!

no ip dhcp conflict logging

ip dhcp excluded-address 172.18.1.1 172.18.1.99

ip dhcp excluded-address 172.18.2.1 172.18.2.99

ip dhcp excluded-address 172.18.3.1 172.18.3.99

!

ip dhcp pool 0

 network 172.18.2.0 255.255.255.0

 domain-name elsolacademy.net

 dns-server 172.18.0.228

 default-router 172.18.1.1

 lease 30

!

!

!

no ip domain lookup

ip host Netgear-FVX538 172.18.0.1

ip name-server 172.18.0.228

ip name-server 209.18.47.61

ip name-server 209.18.47.62

no ipv6 cef

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-969957288

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-969957288

 revocation-check none

 rsakeypair TP-self-signed-969957288

!

crypto pki certificate chain TP-self-signed-969957288

 certificate self-signed 01 nvram:IOS-Self-Sig#3.cer

license udi pid CISCO2921/K9 sn FGL175310DP

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 description Internet

 ip address 172.18.1.1 255.255.255.0

 ip helper-address 172.18.0.1

 ip helper-address 24.199.49.77

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 172.18.2.1 255.255.255.0

 duplex auto

 speed auto

!

interface GigabitEthernet0/2

 ip address 172.18.3.1 255.255.255.0

 duplex auto

 speed auto

!

router rip

 network 172.18.0.0

!

ip default-gateway 172.18.0.1

ip forward-protocol nd

!

no ip http server

ip http secure-server

!

ip route 172.18.1.0 255.255.255.0 172.18.0.1

ip route 172.18.2.0 255.255.255.0 GigabitEthernet0/0

ip route 172.18.3.0 255.255.255.0 GigabitEthernet0/0

!

control-plane

!

line con 0

 exec-timeout 0 0

 logging synchronous

line aux 0

 password brilla2012

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 password brilla2012

 login

 transport input all

!

scheduler allocate 20000 1000

!

end

 

There are many different ways

There are many different ways it could be configured depending on the ISP and te technology being used. Do you have any details on what kind of WAN connection you're using?

New Member

We just bought two CISCO 2921

We just bought two CISCO 2921 for my workplace. I am trying to learn how to set them up. We have been using Netgear for years. Our network has grown and Netgears are not enough anymore.

So I have a lab where I have a Netgear FVX538 connected to the Internet. Netgear LAN configuration is 172.18.0.1 255.255.255.0

I connected the CISCO to one of the LAN ports in the NETGEAR through gig 0/0. See configuration below.

I have connected a LAPTOP to gig 0/1, but it does not get to connect to the Internet. Another laptop, which is connected directly to NETGEAR cannot ping the CISCO Router

Using 2272 out of 262136 bytes

! Last configuration change at 19:30:41 PCT Sun Nov 2 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname CISCO-2921-Router-Elementary

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 25

clock timezone PCT -8 0

!

ip cef

!

no ip dhcp conflict logging

ip dhcp excluded-address 172.18.1.1 172.18.1.99

ip dhcp excluded-address 172.18.2.1 172.18.2.99

ip dhcp excluded-address 172.18.3.1 172.18.3.99

!

ip dhcp pool 0

 network 172.18.2.0 255.255.255.0

 domain-name elsolacademy.net

 dns-server 172.18.0.228

 default-router 172.18.1.1

 lease 30

!

!

!

no ip domain lookup

ip host Netgear-FVX538 172.18.0.1

ip name-server 172.18.0.228

ip name-server 209.18.47.61

ip name-server 209.18.47.62

no ipv6 cef

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-969957288

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-969957288

 revocation-check none

 rsakeypair TP-self-signed-969957288

!

crypto pki certificate chain TP-self-signed-969957288

 certificate self-signed 01 nvram:IOS-Self-Sig#3.cer

license udi pid CISCO2921/K9 sn FGL175310DP

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 description Internet

 ip address 172.18.1.1 255.255.255.0

 ip helper-address 172.18.0.1

 ip helper-address 24.199.49.77

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 172.18.2.1 255.255.255.0

 duplex auto

 speed auto

!

interface GigabitEthernet0/2

 ip address 172.18.3.1 255.255.255.0

 duplex auto

 speed auto

!

router rip

 network 172.18.0.0

!

ip default-gateway 172.18.0.1

ip forward-protocol nd

!

no ip http server

ip http secure-server

!

ip route 172.18.1.0 255.255.255.0 172.18.0.1

ip route 172.18.2.0 255.255.255.0 GigabitEthernet0/0

ip route 172.18.3.0 255.255.255.0 GigabitEthernet0/0

!

control-plane

!

line con 0

 exec-timeout 0 0

 logging synchronous

line aux 0

 password brilla2012

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 password brilla2012

 login

 transport input all

!

scheduler allocate 20000 1000

!

end

Hi,Interface GigabitEthernet0

Hi,

Interface GigabitEthernet0/0 is setup with ip address 172.18.1.1 255.255.255.0, and Netgear has ip address 172.18.0.1 255.255.255.0, they are on different networks, you should correct the ip addresses, in addition the static routes are not appropriate, since those networks 172.18.1.0, 172.18.2.0 and 172.18.3.0 are connected to the Cisco router itself, you don't need them, also you should setup a default static route towards your gateway, it should be the Netgear ip address 172.18.0.1, finally you should ensure that the Netgear router knows how to get back to networks 172.18.2.0 and 172.18.3.0.

Regards,

Aref
 

New Member

First of all, thank you very

First of all, thank you very much.

Let me see if I understood your answer.

1- Change the gig 0/0 address to 172.18.0.50 255.255.255.0. ?

2- IP routes should be ip route 172.18.2.0 255.255.255.0 172.18.0.1

Is that correct?

You are welcome Tristan

You are welcome Tristan.

Correct, g0/0 should be on the same subnet of the Negear, instead the default route should be towards any, example "ip route 0.0.0.0 0.0.0.0 172.18.0.1", and as mentioned before, Negear has to know how to get back to networks 172.18.2.x and 172.18.3.x., another solution would be to apply natting on the Cisco router so the Netgear would see all those networks as 172.18.0.x.

Please let me know if you still unclear.

Regards,

Aref

New Member

Hi,Thank youI have made some

Hi,

Thank you

I have made some progress, but now I cannot route from the vlans.

See attached config

Now the router is directly connected to the Internet, through gig 0/1

gig 0/0 is the internal network

 

Hi Tristan,That because the

Hi Tristan,

That because the subinterfaces are not able to inter-route with the same physical interface where they are configured. Please try to do these modifications:

interface GigabitEthernet0/0
 no ip address
 no ip nat inside
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 (assuming the native vlan on the trunk is vlan 1)
 ip address  172.16.0.1 255.255.255.0
 ip nat inside

Now on all other subinterfaces you should apply "ip nat inside", example:
interface GigabitEthernet0/0.15
 ip nat inside
!
interface GigabitEthernet0/0.101
 ip nat inside

and so on.

This static route is not needed and is not correct, because with that you are saying to route the traffic towards the network 172.16.0.0/16 out of g0/1 interface. It would not hurt in your case because the router would prefer the connected routes overy the static one, but please remove it:

no ip route 172.16.0.0 255.255.255.0 GigabitEthernet0/1

Regards,

Aref

New Member

Thank you very much

Thank you very much

You are very welcome.Please

You are very welcome.

Please let me know if it did work properly.

Regards,

Aref

New Member

How can I define the Native

How can I define the Native Vlan or any other vlan in more than one interface? is that possible?

Native vlan is configured on

Native vlan is configured on the trunk connection (so on interfaces of both ends that are on the trunk), for example if you want to change the native vlan form default 1 to 4, you would do so:

Router f0/0 ==== TRUNK ==== Switch f0/5

On Router:

int f0/0.4
 encapsulation dot1Q 4 native

On Switch:

int f0/5
  switchport trunk native vlan 4

Regards,

Aref
 

New Member

Thank you very much.Let me

Thank you very much.

Let me know if this is correct. I highly appreciate your help.

Switch-A

Vlan 101

Vlan 1 native

Switch connect to router on gig 0/0

interface gig 0/0.1

encapsulation dot1q 1 native

ip address 172.16.0.1 255.255.255.0

ip nat inside

interface gig 0/0.101

encapsulation gig 0/0.101

encapsulation dot1q 101

ip address 172.16.101.1 255.255.255.0

ip nat inside

 

Switch-B

Vlan 15

Vlan 1 native

Switch connect to router on gig 0/2

interface gig 0/2.1

encapsulation dot1q 1 native

ip address 172.16.1.1 255.255.255.0

ip nat inside

interface gig 0/2.15

encapsulation gig 0/0.15

encapsulation dot1q 15

ip address 172.16.15.1 255.255.255.0

ip nat inside

 

 

Do g0/0.1 and g0/2.1 belong

Do g0/0.1 and g0/2.1 belong to the same vlan?, if not you should correct the encapsulation configuration on them.

If you can please post your toplogy with all subnet ip addresses and vlans information.

Regards,

Aref

New Member

Well, let me try to explain

a

352
Views
0
Helpful
18
Replies