cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
736
Views
0
Helpful
9
Replies

using Fa0 on ISR 1802 as WLAN

ANTONIO DEUS
Level 1
Level 1

Hi,

The router that was used to connect to the internet over ISDN it is not possible, because we have now a Ethernet incoming signal from ISP.

So, anyone can tell if it possible use the Fast Ethernet 0 port in the Cisco ISR 1802 as WLAN instead of ISDN port?

The figure below show what we trying to do.

Esquema-Teste.jpg

Thanks in advanced,

António

9 Replies 9

paolo bevilacqua
Hall of Fame
Hall of Fame

Yes, of course it is possible.

Hi,

I try to did a simple thing like a firewall between the 8 fast ethernet 1 to 8, and de fast Ethernet 0, but something it is wrong, because I cannot reach from inside of vlan 30 to outside through the fast Ethernet 0 (the internet), even with ping command

.

The configuration is the follow:

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

service sequence-numbers

!

hostname router-fw

!

boot-start-marker

boot-end-marker

!

logging buffered 16384 debugging

!

clock summer-time WET recurring last Sun Mar 2:00 last Sun Oct 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

ip cef

!

!

ip domain name xpto.pt

ip ips po max-events 100

login block-for 60 attempts 3 within 15

login on-failure

login on-success

no ftp-server write-enable

!

spanning-tree portfast bpduguard

archive

log config

  logging enable

  logging size 1000

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface BRI0

no ip address

shutdown

!

interface FastEthernet0

description Rede Externa

ip address dhcp

no ip unreachables

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!

interface FastEthernet2

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!

interface FastEthernet3

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!

interface FastEthernet4

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!

interface FastEthernet5

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!        

interface FastEthernet6

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!

interface FastEthernet7

description Acesso-Rede Interna

switchport access vlan 30

no ip address

!

interface FastEthernet8

description Trunk-Rede Interna

switchport mode trunk

no ip address

!

interface Vlan1

no ip address

!

interface Vlan30

ip address 192.168.30.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!        

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0

ip route 192.168.30.0 255.255.255.0 Vlan30 permanent

!

!

no ip http server

no ip http secure-server

ip nat inside source list ACL_de_Rede_Interna interface FastEthernet0 overload

!

ip access-list extended ACL_de_Rede_Interna

permit icmp any any echo-reply

permit ip 192.168.30.0 0.0.0.255 any

permit ip 192.168.173.0 0.0.0.255 any

deny   ip any any log

What is wrong?

Thanks,

António

Can you find some experienced or certified to configure your router?

For example a command like:

ip route 0.0.0.0 0.0.0.0 FastEthernet0

is a major mistake that a professional would have avoided.

Richard Burts
Hall of Fame
Hall of Fame

António

According to the information in this link it should work ok to use a FastEthernet as the WAN connection while using other interfaces/ports for local connectivity:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps6184/product_data_sheet0900aecd8028a95f_ps5853_Products_Data_Sheet.html

HTH

Rick

HTH

Rick

António

You mention setting up a simple firewall. But all that I see is an access list controlling Address Translation. Perhaps you can clarify what you are trying to do.

My other question would be that if you can not access outside from the inside, can you access outside to the Internet from the router itself?

Perhaps you could post the output of show ip interface brief?

HTH

Rick

HTH

Rick

Hi Richard,

I am try to do a simple firewall, but want I real need is a firewall, IPS and VPN with this router.

But I started with one thing at the time. Firewall, IPS and next step will be the VPN.

My experience is with switching not with routers of this kind.

Thanks for any hell,

António

Hi,

I cannot go out from the router, as You can see, with a simple ping.

router-fw#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

The show ip interfade brief is

router-fw#sh ip interface brief

Interface IP-Address OK? Method Status Protocol

ATM0 unassigned YES NVRAM administratively down down

BRI0 unassigned YES NVRAM administratively down down

BRI0:1 unassigned YES unset administratively down down

BRI0:2 unassigned YES unset administratively down down

FastEthernet0 192.168.173.137 YES DHCP up up

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

FastEthernet4 unassigned YES unset up down

FastEthernet5 unassigned YES unset up down

FastEthernet6 unassigned YES unset up down

FastEthernet7 unassigned YES unset up down

FastEthernet8 unassigned YES unset up down

Vlan1 unassigned YES unset up down

Vlan30 192.168.30.254 YES NVRAM up up

Thanks,

Hi,

Now I removed the line ip route 0.0.0.0 0.0.0.0 FastEthernet0 and I’m reach the internet from the router. But, the laptop or srv it is not possible. Because the laptop cannot solve the name www.cisco.com<> to IP address.

10x,

Hi guys,

After Paolo Bevilacqua sad “major mistake” when use ip route 0.0.0.0 0.0.0.0 FastEthernet0 I removed the line and them I removed ip route 192.168.30.0 255.255.255.0 Vlan30 permanent too. Now I can access to the Internet.

Then I try look for documents at the cisco and build a fews lines to the inspection.

Can anyone help me to find a good book to learn how to configure a firewall, active de IPS and configure the router to be a VPN?

Because some documents that are in the Internet don’t have the explanation why thing must doing this or that way

Thanks,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco