01-20-2012 02:02 PM - edited 03-04-2019 02:58 PM
Hi,
The router that was used to connect to the internet over ISDN it is not possible, because we have now a Ethernet incoming signal from ISP.
So, anyone can tell if it possible use the Fast Ethernet 0 port in the Cisco ISR 1802 as WLAN instead of ISDN port?
The figure below show what we trying to do.
Thanks in advanced,
António
01-20-2012 02:08 PM
Yes, of course it is possible.
01-20-2012 02:20 PM
Hi,
I try to did a simple thing like a firewall between the 8 fast ethernet 1 to 8, and de fast Ethernet 0, but something it is wrong, because I cannot reach from inside of vlan 30 to outside through the fast Ethernet 0 (the internet), even with ping command
.
The configuration is the follow:
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname router-fw
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 debugging
!
clock summer-time WET recurring last Sun Mar 2:00 last Sun Oct 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
ip domain name xpto.pt
ip ips po max-events 100
login block-for 60 attempts 3 within 15
login on-failure
login on-success
no ftp-server write-enable
!
spanning-tree portfast bpduguard
archive
log config
logging enable
logging size 1000
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
description Rede Externa
ip address dhcp
no ip unreachables
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet2
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet3
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet4
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet5
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet6
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet7
description Acesso-Rede Interna
switchport access vlan 30
no ip address
!
interface FastEthernet8
description Trunk-Rede Interna
switchport mode trunk
no ip address
!
interface Vlan1
no ip address
!
interface Vlan30
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip route 192.168.30.0 255.255.255.0 Vlan30 permanent
!
!
no ip http server
no ip http secure-server
ip nat inside source list ACL_de_Rede_Interna interface FastEthernet0 overload
!
ip access-list extended ACL_de_Rede_Interna
permit icmp any any echo-reply
permit ip 192.168.30.0 0.0.0.255 any
permit ip 192.168.173.0 0.0.0.255 any
deny ip any any log
What is wrong?
Thanks,
António
01-20-2012 02:56 PM
Can you find some experienced or certified to configure your router?
For example a command like:
ip route 0.0.0.0 0.0.0.0 FastEthernet0
is a major mistake that a professional would have avoided.
01-20-2012 02:13 PM
António
According to the information in this link it should work ok to use a FastEthernet as the WAN connection while using other interfaces/ports for local connectivity:
HTH
Rick
01-20-2012 03:16 PM
António
You mention setting up a simple firewall. But all that I see is an access list controlling Address Translation. Perhaps you can clarify what you are trying to do.
My other question would be that if you can not access outside from the inside, can you access outside to the Internet from the router itself?
Perhaps you could post the output of show ip interface brief?
HTH
Rick
01-20-2012 04:06 PM
Hi Richard,
I am try to do a simple firewall, but want I real need is a firewall, IPS and VPN with this router.
But I started with one thing at the time. Firewall, IPS and next step will be the VPN.
My experience is with switching not with routers of this kind.
Thanks for any hell,
António
01-20-2012 04:19 PM
Hi,
I cannot go out from the router, as You can see, with a simple ping.
router-fw#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The show ip interfade brief is
router-fw#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM administratively down down
BRI0 unassigned YES NVRAM administratively down down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down
FastEthernet0 192.168.173.137 YES DHCP up up
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
FastEthernet4 unassigned YES unset up down
FastEthernet5 unassigned YES unset up down
FastEthernet6 unassigned YES unset up down
FastEthernet7 unassigned YES unset up down
FastEthernet8 unassigned YES unset up down
Vlan1 unassigned YES unset up down
Vlan30 192.168.30.254 YES NVRAM up up
Thanks,
01-20-2012 04:36 PM
Hi,
Now I removed the line ip route 0.0.0.0 0.0.0.0 FastEthernet0 and I’m reach the internet from the router. But, the laptop or srv it is not possible. Because the laptop cannot solve the name www.cisco.com<> to IP address.>
10x,
01-21-2012 06:44 AM
Hi guys,
After Paolo Bevilacqua sad “major mistake” when use ip route 0.0.0.0 0.0.0.0 FastEthernet0 I removed the line and them I removed ip route 192.168.30.0 255.255.255.0 Vlan30 permanent too. Now I can access to the Internet.
Then I try look for documents at the cisco and build a fews lines to the inspection.
Can anyone help me to find a good book to learn how to configure a firewall, active de IPS and configure the router to be a VPN?
Because some documents that are in the Internet don’t have the explanation why thing must doing this or that way
Thanks,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: