Solved: Re: CISCO 1841 + HWIC-4ESW

Didier1966 · ‎11-18-2010

Hello,

I have just purchased a 4 port SWITCH (HWIC-4ESW) for my CISCO 1841.

Can it be that both products are completely isolated from each other ?

I mean by this :

My INTERNET comme in F0/0 and on F0/1 I have DHCP and INTERNET to the connected computer.

To be able to use the switch ,I can use it has default , but then I need to put a WIRE from F0/0 to F0/0/0 and then I have INTERNET on ALL 3 PORTS.

IS IT TRUE THAT I CAN NOT DO A INTERNAL CONNECTION WITH IOS ?

I mean by this:

Do I have to connect a cable from F0/0 to F0/0/0 ?!? this can not be true !!!

I have try with VLANS , due to that this SWITCH is ONLY LAYER 2, but no success

Do some of you have some hints ?

Thank you in advance for your GREAT HELP

Best Regards,

Didier

Jon Marshall · ‎11-20-2010

Didier

You don't use subinterfaces for this HWIC because there is no direct connection between fa0/1 and the HWIC. You must use L3 vlan interfaces

remove this from your config -

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.1.1 255.255.255.0

no cdp enable

and add this -

int vlan 10

ip address 192.168.1.1 255.255.255.0

ip nat inside

no shut

you can also change your NAT config because you only need one acl ie.

remove this config -

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 100 interface FastEthernet0/1 overload

!

access-list 1 permit 192.168.100.0 0.0.0.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

and add this -

ip nat inside source list 101 interface fa0/0 overload

and just use acl 101 for both networks, obviously changing acl 1 to permit 192.168.100.0.0.0.255 any

Jon

View solution in original post

Jon Marshall · ‎11-18-2010

Didier

Not to my knowledge ie. you should be able to use vlans without connecting from fa0/0 to the HWIC.

Can you perhaps post config with vlans on it that wasn't working ?

Jon

Didier1966 · ‎11-20-2010

Hello,

Sorry for my late reply

I did a little bit more research , but it seams that I am not the only one struggling with this.

Here bellow you have my complete IOS configuration that work well for F0/0 (INTERNET) to F0/1(LAN)

But even when I make a VLAN 10 in F0/1 and in F0/0/0 , no communication

ANY HELP IS WELCOME.

THIS IS NOT FOR BUSINESS USE !!!

I WOULD LIKE TO PASS MY CCNA NEXT YEAR , I STILL HAVE A LOT TO LEARN

! Last configuration change at 13:26:51 gmt+1 Sat Nov 20 2010 by admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROUTER1841

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable password 7 05080F1C2243

!

aaa new-model

!

aaa authentication banner

THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES

!

aaa session-id common

clock timezone gmt+1 1

clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00

dot11 syslog

no ip source-route

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.100.1 192.168.100.99

ip dhcp excluded-address 192.168.1.1 192.168.1.2

!

ip dhcp pool internal

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

dns-server 8.8.8.8

lease 5

!

ip dhcp pool vlan10

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

no ip bootp server

ip domain name dri.be

ip ddns update method DynDNS

HTTP

add http://dri66xxxxxx@@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=

interval maximum 1 0 0 0

interval minimum 1 0 0 0

!

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-2996752687

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2996752687

revocation-check none

rsakeypair TP-self-signed-2996752687

!

username Admin privilege 15 secret 5 $1$azertyqwerty

archive

log config

hidekeys

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh port 8096 rotary 1

ip ssh version 2

!

interface FastEthernet0/0

description DMZ

ip ddns update hostname cisco1841.dyndns.info

ip ddns update DynDNS

ip address dhcp

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description INTERNAL$ETH-LAN$

ip address 192.168.100.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.1.1 255.255.255.0

no cdp enable

!

interface FastEthernet0/0/0

switchport access vlan 10

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip dns server

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 100 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.100.10 80 81.164.200.35 8095 extendable

!

access-list 1 permit 192.168.100.0 0.0.0.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

no cdp run

!

control-plane

!

banner exec

WELCOME YOU ARE NOW LOGED IN

banner login

WARNING !!!

IF YOU ARE NOT :

Didier Ribbens

Please Leave NOW !!!

YOUR IP and MAC address will be LOGGED !!!

!

line con 0

speed 115200

line aux 0

line vty 0 4

access-class 5 in

privilege level 15

rotary 1

transport input telnet ssh

line vty 5 15

access-class 5 in

rotary 1

!

scheduler allocate 20000 1000

ntp clock-period 17178638

ntp server 66.27.60.10

end

Jon Marshall · ‎11-20-2010

Didier

You don't use subinterfaces for this HWIC because there is no direct connection between fa0/1 and the HWIC. You must use L3 vlan interfaces

remove this from your config -

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.1.1 255.255.255.0

no cdp enable

and add this -

int vlan 10

ip address 192.168.1.1 255.255.255.0

ip nat inside

no shut

you can also change your NAT config because you only need one acl ie.

remove this config -

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 100 interface FastEthernet0/1 overload

!

access-list 1 permit 192.168.100.0 0.0.0.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

and add this -

ip nat inside source list 101 interface fa0/0 overload

and just use acl 101 for both networks, obviously changing acl 1 to permit 192.168.100.0.0.0.255 any

Jon

Didier1966 · ‎11-20-2010

Hi Jon,

Thank You for your great help , IT WORKS

Your help was really useful.

When I did the changes you recommended me , I was able to receive some DHCP addresses , this was not possible before.

With a few changes I was able to have INTERNET on my HWIC-4ESW F0/0/0

I was not able to make it work ACCESS-LIST 101 , I will read more about this , why it did not work , it work well with ACCESS-LIST 1.

Here bellow the complete script , maybe it can help some of you also :

THANK YOU JON

Best Regards,

Didier

!

! Last configuration change at 21:46:56 gmt+1 Sat Nov 20 2010 by admin

! NVRAM config last updated at 22:05:04 gmt+1 Sat Nov 20 2010 by admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROUTER1841

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable password 7 xxxxxxxxxxx

!

aaa new-model

!

aaa authentication banner

THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES

!

aaa session-id common

clock timezone gmt+1 1

clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00

dot11 syslog

no ip source-route

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.100.1 192.168.100.99

ip dhcp excluded-address 192.168.10.1

!

ip dhcp pool internal

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

dns-server 8.8.8.8

lease 5

!

ip dhcp pool vlan10

import all

network 192.168.10.0 255.255.255.0

dns-server 8.8.8.8

default-router 192.168.10.1

lease 5

!

no ip bootp server

ip domain name dri.be

ip ddns update method DynDNS

HTTP

add http://dri66:xxxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=xxxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=

interval maximum 1 0 0 0

interval minimum 1 0 0 0

!

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-2996752687

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2996752687

revocation-check none

rsakeypair TP-self-signed-2996752687

!

username didier privilege 15 password 7 1xxxxxxxxxxxx

username Admin privilege 15 secret 5 $1xxxxxxxxxxxxx1KsgPrDe90

username Homer privilege 15 password 7 xxxxxxxxxxxxxxxxxx