Announcement

Collapse
No announcement yet.

Cisco 877 behind adsl-router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 877 behind adsl-router

    Hello,

    I'm having a Alcatel Speedtocuh which is provided by our ISP. The IP-numbers is 192.168.254.1 and DHCP is disabled by the ISP.

    I want to connect my Cisco 877 to this router and use my cisco as an router for the internal network.

    The ISP is set that all ports are forwarded to IP 192.168.254.2, so my Cisco must have this IP-address.

    How do i set an FastEthernet0 interface to connect to the ISP-modem?

    Below you will find my configuration. I'll hop someone can help me with this problem.


    Code:
     
    Building configuration...
    Current configuration : 4175 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname cisco877
    !
    boot-start-marker
    boot-end-marker
    !
    logging message-counter syslog
    logging buffered 51200
    logging console critical
    enable secret 5 $1$Zw/5$a5r6xtBQsVR40v27N1uBP/
    !
    no aaa new-model
    clock timezone PCTime -8
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    !
    crypto pki trustpoint TP-self-signed-2535400162
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-2535400162
     revocation-check none
     rsakeypair TP-self-signed-2535400162
    !
    !
    crypto pki certificate chain TP-self-signed-2535400162
     certificate self-signed 01
      30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
      69666963 6174652D 32353335 34303031 3632301E 170D3032 30333031 30303133 
      33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35333534 
      30303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
      8100DF7C 6A798BD1 CBC85030 5932EF76 5BD8F854 A227ACFE BA27F5D4 FABD7336 
      7BDBD52D 60AB26D5 BAB4E5CB DDD81C7F AA145FD1 F6E5D76B 57C43B3E 4A6160DF 
      E71D6EAE AFAAD933 1F5E7073 654BC9FB 0F5D55F5 5EB88BFD A73D12E2 4E4EC369 
      A6AFC55E D80E611E 78F2F201 26E53B90 E5C9AF75 8630A3A3 9D5424F2 26DD8FFE 
      5E6B0203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 
      551D1104 0E300C82 0A555253 49393052 54522E30 1F060355 1D230418 30168014 
      4B9B9F77 812300EB 4A57682E FA8B3906 EF68139B 301D0603 551D0E04 1604144B 
      9B9F7781 2300EB4A 57682EFA 8B3906EF 68139B30 0D06092A 864886F7 0D010104 
      05000381 81003002 AD380ED7 46E79FD5 4BE38820 827453A4 94FEDF40 3D39D664 
      2EBEFC90 55ECBF6D BC6A8158 FF9BDA69 0C553D50 08A75F24 87A67A82 8F52C846 
      E3B2B451 2B0CE940 B5CB5C49 FA85DAA6 769155CE BB814984 0C27D414 36AA1CCF 
      A738FDA1 71100188 7B97EA4F E07BD35E 183E1C62 659286CF E8695FCD 7C797858 
      55898CFF 79C2
       quit
    dot11 syslog
    no ip source-route
    no ip dhcp use vrf connected
    !
    ip dhcp pool sdm-pool1
       import all
       network 192.168.0.0 255.255.255.0
       default-router 192.168.0.1 
       dns-server 192.168.254.1 
    !
    !
    ip cef
    no ip bootp server
    !
    !
    !
    !
    username admin privilege 15 secret 5 $1$j4JQ$3Dm.WJbnkheQ4mzngeFbu/
    ! 
    !
    !
    archive
     log config
      hidekeys
    !
    !
    ip tcp synwait-time 10
    no ip ftp passive
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    !
    interface ATM0
     no ip address
     shutdown
     no atm ilmi-keepalive
    !
    interface FastEthernet0
     description WAN_Link
     switchport access vlan 10
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
     no ip address
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip flow ingress
     shutdown
     speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
     station-role root
    !
    interface Vlan1
     description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
     ip address 192.168.0.1 255.255.255.0
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip flow ingress
     ip nat inside
     ip virtual-reassembly
    !
    interface Vlan10
     ip address 192.168.254.2 255.255.255.0
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.254.1
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    ip nat inside source list 101 interface FastEthernet0 overload
    !
    logging trap debugging
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    no cdp run
    !
    !
    !
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!
    ^C
    !
    line con 0
     login local
     no modem enable
     transport output telnet
    line aux 0
     login local
     transport output telnet
    line vty 0 4
     privilege level 15
     login local
     transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end

  • #2
    Re: Cisco 877 behind adsl-router

    Hi toostje_85,

    Are you wanting to set the IP addres '192.168.254.2' to your Cisco FastEthernet 0/0?

    Also it sounds like you may want set up a route on your cisco to point to '192.168.254.1' - does this sound like what you're trying to achieve?

    Regards,

    JAD

    Comment


    • #3
      Re: Cisco 877 behind adsl-router

      Originally posted by jad View Post
      Hi toostje_85,

      Are you wanting to set the IP addres '192.168.254.2' to your Cisco FastEthernet 0/0?

      Also it sounds like you may want set up a route on your cisco to point to '192.168.254.1' - does this sound like what you're trying to achieve?

      Regards,

      JAD
      Yes, but that is not possbile because it is an L2 interface.

      The ISP-modem has ip 192.168.254.1 and is setting up an internetconnection.

      So I want to setup the FastEthernet0 to connect to the ISP-modem. Pc's and computers must connect to the cisco.

      Comment


      • #4
        Re: Cisco 877 behind adsl-router

        Does someone has a solution for this problem?

        Comment


        • #5
          Re: Cisco 877 behind adsl-router

          The 877 is an layer 2 switch with PPoE (ADSL over ISDN or POTS I believe) capabilities, which cannot be configured with an IP address on the FE ports.
          You might replace it with an other device.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Cisco 877 behind adsl-router

            can you add a vlan interface,m and assign it to a port?
            I'm fairly sure that's how we had things done in an old job...

            we used the ADSL modem, then pput FE0 into vlan1, and made it a .254 and then pointed everything to it as a gateway..

            (my networking sucks!)
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Cisco 877 behind adsl-router

              if you to get internet you mast A valid address
              ip nat inside source list 101 interface FastEthernet0 overload

              Comment


              • #8
                Re: Cisco 877 behind adsl-router

                Basically it's a routing issue. If the 877 doesn't support L3 inter VLAN routing, there is an option to use the external router as the router on a stick system.

                For that the other router should also have a route to the 192.168.0.x/24 subnet, forwarded to the 192.168.254.2.
                This because when the ISP router receives a packet with source IP from the 192.168.0.x/24 subnet and the ISP device has no knowledge of it, it will forward it on it's gateway.
                Unless the traffic will be NAT-ted...
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Cisco 877 behind adsl-router

                  Hi Guys,

                  Problem is still not solved. So i've bought an Cisco Contract to help me with this problem.

                  When the problem is solved it will post it here to keep you informed.

                  Many thanks for your support.

                  Best regards,

                  Joost Lauwen

                  Comment


                  • #10
                    Re: Cisco 877 behind adsl-router

                    The 877 has an ADSL/Pots wan interface, so you dont even need the providers modem if its a DSL connection.
                    Last edited by auglan; 21st December 2011, 20:29. Reason: Added to post
                    CCNA, CCNA-Security, CCNP
                    CCIE Security (In Progress)

                    Comment


                    • #11
                      Re: Cisco 877 behind adsl-router

                      Hi, we regularly do this with providers routers.

                      the first thing to remeber is that you will neet to nat twice once on the ISP`s router and once on the cisco to have traffic flow into servers etc

                      ok on the vlan 10 interface you will need to specify ip nat outside, the overlaod statement will need to point to interface vlan 10, and you will need to set a default route to the ip address of the ISP router, example below:

                      interface Vlan10
                      ip address 192.168.254.2 255.255.255.0
                      no ip redirects
                      no ip unreachables
                      no ip proxy-arp
                      ip nat outside
                      ip virtual-reassembly

                      ip nat inside source list 101 interface vlan 10 overload

                      ip route 0.0.0.0 0.0.0.0 192.168.254.1

                      that should get you going

                      Comment


                      • #12
                        Re: Cisco 877 behind adsl-router

                        Everything is working perfect now, with some help of the Cisco support.

                        I have another problem with an cisco modem.

                        I want to change the network subnet from 10.10.10.* to 172.16.11.*

                        How can I do that, i've tried it myself but after chaching the network addresses i've lost the connection to the modem.

                        Here is the running config


                        Code:
                         
                        Building configuration...
                         
                        Current configuration : 6792 bytes
                        !
                        ! Last configuration change at 13:59:24 Berlin Wed Jan 12 2011 by admin
                        ! NVRAM config last updated at 12:54:18 Berlin Fri Nov 5 2010 by admin
                        !
                        version 15.1
                        no service pad
                        service timestamps debug datetime msec
                        service timestamps log datetime msec
                        no service password-encryption
                        !
                        hostname cisco887
                        !
                        boot-start-marker
                        boot-end-marker
                        !
                        logging buffered 51200 warnings
                        !
                        aaa new-model
                        !
                        !
                        aaa authentication login default local
                        aaa authentication ppp default local
                        !
                        !
                        !
                        !
                        !
                        aaa session-id common
                        memory-size iomem 10
                        clock timezone Berlin 1
                        clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
                        !
                        crypto pki trustpoint TP-self-signed-2779101597
                         enrollment selfsigned
                         subject-name cn=IOS-Self-Signed-Certificate-2779101597
                         revocation-check none
                         rsakeypair TP-self-signed-2779101597
                        !
                        !
                        crypto pki certificate chain TP-self-signed-2779101597
                         certificate self-signed 01
                          3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
                          31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
                          69666963 6174652D 32373739 31303135 3937301E 170D3130 31303238 30393237 
                          33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
                          4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37373931 
                          30313539 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
                          8100F079 A328CC51 E653F49F D4F0FB5D 106DBAFB BD94071B A409E307 2B390F3B 
                          E9AFF292 1CF509EA 92A73A7F 91E2D3E0 C8F84B9A E81EBA02 46AF1A10 95BAC02C 
                          4431A354 31F46A14 E3F883F6 E92BB904 34F63CE0 E0D4E756 1C02CC35 D149DDF3 
                          AB1D4377 0E98D519 4875F15A 51041E15 B613DF14 63264A01 F0E358EB 4CAE0440 
                          B15D0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 
                          551D1104 1B301982 17636973 636F3838 372E782D 65636F73 6F6C6172 2E636F6D 
                          301F0603 551D2304 18301680 1433C31C DDBE1711 0312D923 F5B36E84 99E4F4F7 
                          E9301D06 03551D0E 04160414 33C31CDD BE171103 12D923F5 B36E8499 E4F4F7E9 
                          300D0609 2A864886 F70D0101 04050003 8181008B F2C0EC72 3F4EE944 E2876406 
                          FE474FE5 5CC88F99 067A108B 6AE4F9EC A56125A3 D6928995 7DDAE8FF 1065105A 
                          70867752 F96F3EDF 69609CBF 9F34AAFA 82A8CB39 28363248 B2B7CB1C 69C82F7C 
                          AFDD2EC3 6D44B2FB ED8E2241 2E4EE110 EDCC26A4 3E377079 C50B38CF 736CCB22 
                          4ABE217F 7F1496E3 E2539789 34FC55EC 3A3860
                           quit
                        ip source-route
                        !
                        !
                        ip dhcp excluded-address 10.0.0.1 10.10.10.0
                        ip dhcp excluded-address 10.10.10.7 10.255.255.254
                        !
                        ip dhcp pool ccp-pool
                           import all
                           network 10.0.0.0 255.0.0.0
                           default-router 10.10.10.1 
                           dns-server 10.10.10.1 194.109.6.66 
                           lease infinite
                        !
                        !
                        no ip cef
                        ip domain name diechemco.nl
                        ip name-server 194.109.6.66
                        no ipv6 cef
                        !
                        !
                        !
                        template adsl
                        !
                        !
                        username admin privilege 15 secret 5 ***
                        !
                        !
                        !
                        !
                        ! 
                        !
                        !
                        !
                        !
                        !
                        !
                        interface BRI0
                         no ip address
                         encapsulation hdlc
                         shutdown
                         isdn termination multidrop
                        !
                        interface ATM0
                         no ip address
                         load-interval 30
                         no atm ilmi-keepalive
                         dsl enable-training-log 
                         hold-queue 200 in
                         pvc 8/48 
                          encapsulation aal5mux ppp dialer
                          dialer pool-member 1
                         !
                        !
                        interface FastEthernet0
                        !
                        interface FastEthernet1
                        !
                        interface FastEthernet2
                        !
                        interface FastEthernet3
                        !
                        interface Vlan1
                         description MyLAN
                         ip address 10.10.10.1 255.0.0.0
                         ip nat inside
                         ip nat enable
                         ip virtual-reassembly
                         ip tcp adjust-mss 1452
                        !
                        interface Dialer0
                         ip address negotiated
                         ip access-group 120 in
                         ip access-group 121 out
                         no ip unreachables
                         ip nat outside
                         ip virtual-reassembly
                         encapsulation ppp
                         dialer pool 1
                         dialer idle-timeout 0
                         dialer-group 1
                         ppp pap sent-username *** password 0 ***
                         no cdp enable
                        !
                        ip forward-protocol nd
                        ip http server
                        ip http access-class 23
                        ip http authentication local
                        ip http secure-server
                        ip http timeout-policy idle 60 life 86400 requests 10000
                        !
                        ip nat inside source list 102 interface Dialer0 overload
                        ip nat inside source static tcp 10.10.10.20 3389 interface Dialer0 3389
                        ip route 0.0.0.0 0.0.0.0 Dialer0
                        !
                        logging trap warnings
                        access-list 23 permit 10.10.10.0 0.0.0.7
                        access-list 102 remark Define NAT internal ranges 
                        access-list 102 remark CCP_ACL Category=18 
                        access-list 102 permit ip any any
                        access-list 121 remark Allow all outbound IP
                        access-list 121 permit ip any any
                        dialer-list 1 protocol ip permit
                        no cdp run
                         
                        !
                        !
                        !
                        !
                        !
                        !
                        control-plane
                        !
                        banner exec ^CC
                        % Password expiration warning.
                        !
                        line con 0
                         no modem enable
                        line aux 0
                        line vty 0 4
                         access-class 23 in
                         privilege level 15
                         transport input telnet ssh
                        !
                        ntp update-calendar
                        ntp server 129.6.15.28 prefer source Dialer0
                        end

                        Comment

                        Working...
                        X