Announcement

Collapse
No announcement yet.

Cisco 877W Switchport as WAN interface

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 877W Switchport as WAN interface

    Hello
    Can anyone help me figure this out, I have 877W router and I need it to work with cable internet.
    As 877W has only one, DSL routable port, I'm trying to achieve this by VLAN and BVI interfaces. My configuration below is working but it's working for a little time. Then it hangs up and I need to give "shut" and "no shut" commands to the BVI interface to reestablish internet connection.
    Code:
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    service sequence-numbers
    !
    hostname 877W
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 4096
    enable secret ....
    !
    no aaa new-model
    !
    dot11 ssid 877W
       vlan 3
       authentication open 
       authentication key-management wpa
       wpa-psk ascii 0 ....
    !
    dot11 ssid 877WMobile
       vlan 4
       authentication open 
       guest-mode
    !
    no ip source-route
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.254
    ip dhcp excluded-address 192.168.2.1
    ip dhcp excluded-address 192.168.2.50 192.168.2.254
    ip dhcp excluded-address 192.168.1.2
    !
    ip dhcp pool LAN
       import all
       network 192.168.2.0 255.255.255.0
       dns-server 213.157.196.131 213.157.196.132 
       default-router 192.168.2.1 
    !
    ip dhcp pool SecuredRadio
       import all
       network 192.168.3.0 255.255.255.0
       dns-server 213.157.196.131 213.157.196.132 
       default-router 192.168.3.1 
       lease infinite
    !
    ip dhcp pool UnsecuredRadio
       import all
       network 192.168.4.0 255.255.255.0
       dns-server 213.157.196.131 213.157.196.132 
       default-router 192.168.4.1 
       lease 5
    !
    !
    ip name-server 213.157.196.131
    !
    multilink bundle-name authenticated
    !
    crypto pki trustpoint TP-self-signed-545744410
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-545744410
     revocation-check none
     rsakeypair TP-self-signed-545744410
    !
    !
    crypto pki certificate chain TP-self-signed-545744410
     certificate self-signed 01
    ....
      quit
    !
    !
    username .... privilege 15 password 0 ....
    !
    !
    class-map type inspect match-all WAN_IN
     match access-group name WAN_IN
    class-map type inspect match-any mail
     match protocol pop3
     match protocol smtp extended
    class-map type inspect match-all MAIL
     match access-group name VLANS_OUT
     match class-map mail
    class-map type inspect match-all ROUTER_IN
     match access-group name ROUTER_IN
    class-map type inspect match-all VLANS_OUT
     match access-group name VLANS_OUT
    !
    !
    policy-map type inspect Internet_Access
     class type inspect MAIL
      inspect
     class type inspect VLANS_OUT
      inspect
     class class-default
      drop log
    policy-map type inspect Inside_Access
     class type inspect WAN_IN
      inspect
     class class-default
      drop log
    policy-map type inspect Router_Access
     class type inspect ROUTER_IN
      pass
     class class-default
      drop log
    !
    zone security OUTSIDE
    zone security INSIDE
    zone-pair security INSIDE_to_OUTSIDE source INSIDE destination OUTSIDE
     service-policy type inspect Internet_Access
    zone-pair security OUTSIDE_to_INSIDE source OUTSIDE destination INSIDE
     service-policy type inspect Inside_Access
    zone-pair security OUTSIDE_to_SELF source OUTSIDE destination self
     service-policy type inspect Router_Access
    ! 
    !
    bridge irb
    !
    !
    !
    interface ATM0
     no ip address
     shutdown
     no atm ilmi-keepalive
     dsl operating-mode auto 
    !
    interface FastEthernet0
    !
    interface FastEthernet1
     switchport access vlan 2
    !
    interface FastEthernet2
     switchport access vlan 2
    !
    interface FastEthernet3
     switchport access vlan 2
    !
    interface Dot11Radio0
     description Radio Interface
     no ip address
     no ip redirects
     ip virtual-reassembly
     ip route-cache flow
     no dot11 extension aironet
     !
     encryption vlan 3 mode ciphers tkip 
     !
     ssid 877W
     !
     ssid 877WMobile
     !
     speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
     station-role root
    !
    interface Dot11Radio0.1
     description Secured Radio Access Point
     encapsulation dot1Q 3
     ip address 192.168.3.1 255.255.255.0
     no ip redirects
     ip nat inside
     ip virtual-reassembly
     zone-member security INSIDE
     no cdp enable
    !
    interface Dot11Radio0.2
     description Unsecured Radio Access Point
     encapsulation dot1Q 4 native
     ip address 192.168.4.1 255.255.255.0
     no ip redirects
     ip nat inside
     ip virtual-reassembly
     zone-member security INSIDE
     no cdp enable
    !
    interface Vlan1
     no ip address
     bridge-group 1
    !
    interface Vlan2
     ip address 192.168.2.1 255.255.255.0
     no ip redirects
     ip nat inside
     ip virtual-reassembly
     zone-member security INSIDE
     ip route-cache flow
    !
    interface Vlan3
     no ip address
    !
    interface Vlan4
     no ip address
    !
    interface BVI1
     mac-address 0002.3f1f.ba65
     ip address dhcp
     no ip redirects
     ip nat outside
     ip virtual-reassembly
     zone-member security OUTSIDE
     ip route-cache flow
    !
    ip route 0.0.0.0 0.0.0.0 BVI1 95.104.105.1 permanent
    !
    !
    ip http server
    ip http port 8080
    ip http authentication local
    ip http secure-server
    ip dns server
    ip nat pool NX 192.168.3.2 192.168.3.2 netmask 255.255.255.0 type rotary
    ip nat inside source list VLANS_OUT interface BVI1 overload
    ip nat inside destination list RNAT-LAN pool NX
    !
    ip access-list extended NAT
     permit ip 192.168.0.0 0.0.255.255 any
    ip access-list extended RNAT-LAN
     permit tcp any any eq 3389
     permit tcp any any eq www
    ip access-list extended ROUTER_IN
     permit ip any any
    ip access-list extended VLANS_OUT
     permit ip any any
    ip access-list extended WAN_IN
     permit ip any any
    !
    logging trap critical
    logging source-interface Vlan1
    logging 192.168.2.1
    no cdp run
    !
    !
    !
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    line con 0
     no modem enable
    line aux 0
    line vty 0 4
     password ....
     login
    !
    no scheduler max-task-time
    end
    After hanging up WAN interface, I can still telnet to the router, but can't ping anything except of it's own, outside IP address.
    Maybe something wrong with route?
    Code:
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route
    Gateway of last resort is 95.104.105.1 to network 0.0.0.0
         213.157.196.0/32 is subnetted, 1 subnets
    S       213.157.196.27 [254/0] via 95.104.105.1, BVI1
    C    192.168.4.0/24 is directly connected, Dot11Radio0.2
         95.0.0.0/24 is subnetted, 1 subnets
    C       95.104.105.0 is directly connected, BVI1
    C    192.168.2.0/24 is directly connected, Vlan2
    C    192.168.3.0/24 is directly connected, Dot11Radio0.1
    S*   0.0.0.0/0 [1/0] via 95.104.105.1, BVI1
    Please help
    Last edited by zx128k; 10th October 2010, 15:32.
Working...
X