11-18-2010 10:39 AM - edited 03-04-2019 10:30 AM
Hello,
I have just purchased a 4 port SWITCH (HWIC-4ESW) for my CISCO 1841.
Can it be that both products are completely isolated from each other ?
I mean by this :
My INTERNET comme in F0/0 and on F0/1 I have DHCP and INTERNET to the connected computer.
To be able to use the switch ,I can use it has default , but then I need to put a WIRE from F0/0 to F0/0/0 and then I have INTERNET on ALL 3 PORTS.
IS IT TRUE THAT I CAN NOT DO A INTERNAL CONNECTION WITH IOS ?
I mean by this:
Do I have to connect a cable from F0/0 to F0/0/0 ?!? this can not be true !!!
I have try with VLANS , due to that this SWITCH is ONLY LAYER 2, but no success
Do some of you have some hints ?
Thank you in advance for your GREAT HELP
Best Regards,
Didier
Solved! Go to Solution.
11-20-2010 06:39 AM
Didier
You don't use subinterfaces for this HWIC because there is no direct connection between fa0/1 and the HWIC. You must use L3 vlan interfaces
remove this from your config -
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
no cdp enable
and add this -
int vlan 10
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut
you can also change your NAT config because you only need one acl ie.
remove this config -
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
and add this -
ip nat inside source list 101 interface fa0/0 overload
and just use acl 101 for both networks, obviously changing acl 1 to permit 192.168.100.0.0.0.255 any
Jon
11-18-2010 03:16 PM
Didier
Not to my knowledge ie. you should be able to use vlans without connecting from fa0/0 to the HWIC.
Can you perhaps post config with vlans on it that wasn't working ?
Jon
11-20-2010 04:46 AM
Hello,
Sorry for my late reply
I did a little bit more research , but it seams that I am not the only one struggling with this.
Here bellow you have my complete IOS configuration that work well for F0/0 (INTERNET) to F0/1(LAN)
But even when I make a VLAN 10 in F0/1 and in F0/0/0 , no communication
ANY HELP IS WELCOME.
THIS IS NOT FOR BUSINESS USE !!!
I WOULD LIKE TO PASS MY CCNA NEXT YEAR , I STILL HAVE A LOT TO LEARN
! Last configuration change at 13:26:51 gmt+1 Sat Nov 20 2010 by admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password 7 05080F1C2243
!
aaa new-model
!
!
aaa authentication banner
THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES
!
!
aaa session-id common
clock timezone gmt+1 1
clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.99
ip dhcp excluded-address 192.168.1.1 192.168.1.2
!
ip dhcp pool internal
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8
lease 5
!
ip dhcp pool vlan10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
no ip bootp server
ip domain name dri.be
ip ddns update method DynDNS
HTTP
add http://dri66xxxxxx@@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=
interval maximum 1 0 0 0
interval minimum 1 0 0 0
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2996752687
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2996752687
revocation-check none
rsakeypair TP-self-signed-2996752687
!
!
!
username Admin privilege 15 secret 5 $1$azertyqwerty
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 8096 rotary 1
ip ssh version 2
!
!
!
interface FastEthernet0/0
description DMZ
ip ddns update hostname cisco1841.dyndns.info
ip ddns update DynDNS
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description INTERNAL$ETH-LAN$
ip address 192.168.100.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/0/0
switchport access vlan 10
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.100.10 80 81.164.200.35 8095 extendable
!
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
!
control-plane
!
!
banner exec
WELCOME YOU ARE NOW LOGED IN
banner login
WARNING !!!
IF YOU ARE NOT :
Didier Ribbens
Please Leave NOW !!!
YOUR IP and MAC address will be LOGGED !!!
!
line con 0
speed 115200
line aux 0
line vty 0 4
access-class 5 in
privilege level 15
rotary 1
transport input telnet ssh
line vty 5 15
access-class 5 in
rotary 1
!
scheduler allocate 20000 1000
ntp clock-period 17178638
ntp server 66.27.60.10
end
11-20-2010 06:39 AM
Didier
You don't use subinterfaces for this HWIC because there is no direct connection between fa0/1 and the HWIC. You must use L3 vlan interfaces
remove this from your config -
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
no cdp enable
and add this -
int vlan 10
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut
you can also change your NAT config because you only need one acl ie.
remove this config -
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
and add this -
ip nat inside source list 101 interface fa0/0 overload
and just use acl 101 for both networks, obviously changing acl 1 to permit 192.168.100.0.0.0.255 any
Jon
11-20-2010 01:29 PM
Hi Jon,
Thank You for your great help , IT WORKS
Your help was really useful.
When I did the changes you recommended me , I was able to receive some DHCP addresses , this was not possible before.
With a few changes I was able to have INTERNET on my HWIC-4ESW F0/0/0
I was not able to make it work ACCESS-LIST 101 , I will read more about this , why it did not work , it work well with ACCESS-LIST 1.
Here bellow the complete script , maybe it can help some of you also :
THANK YOU JON
Best Regards,
Didier
!
! Last configuration change at 21:46:56 gmt+1 Sat Nov 20 2010 by admin
! NVRAM config last updated at 22:05:04 gmt+1 Sat Nov 20 2010 by admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password 7 xxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication banner
THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES
!
!
aaa session-id common
clock timezone gmt+1 1
clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.99
ip dhcp excluded-address 192.168.10.1
!
ip dhcp pool internal
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8
lease 5
!
ip dhcp pool vlan10
import all
network 192.168.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.10.1
lease 5
!
!
no ip bootp server
ip domain name dri.be
ip ddns update method DynDNS
HTTP
add http://dri66:xxxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=xxxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=
interval maximum 1 0 0 0
interval minimum 1 0 0 0
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2996752687
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2996752687
revocation-check none
rsakeypair TP-self-signed-2996752687
!
!
!
!
username didier privilege 15 password 7 1xxxxxxxxxxxx
username Admin privilege 15 secret 5 $1xxxxxxxxxxxxx1KsgPrDe90
username Homer privilege 15 password 7 xxxxxxxxxxxxxxxxxx
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 8096 rotary 1
ip ssh version 2
!
!
!
interface FastEthernet0/0
description DMZ
ip ddns update hostname cisco1841.dyndns.info
ip ddns update DynDNS
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description INTERNAL$ETH-LAN$
ip address 192.168.100.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
switchport access vlan 10
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.100.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
!
banner exec
WELCOME YOU ARE NOW LOGED IN
banner login
WARNING !!!
IF YOU ARE NOT :
Didier Ribbens
Please Leave NOW !!!
YOUR IP and MAC address will be LOGGED !!!
!
line con 0
speed 115200
line aux 0
line vty 0 4
access-class 5 in
privilege level 15
rotary 1
transport input telnet ssh
line vty 5 15
access-class 5 in
rotary 1
!
scheduler allocate 20000 1000
ntp clock-period 17178496
ntp server 66.27.60.10
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide