Newbie conceptual routing questions (871W)

I recently got a Cisco 871W.

I tried the (awful) web based java-slowed interface to no avail.

I have a switch with VLAN10 as my intranet, and 20 for other uses.

I defined fa0 on the 871W as a trunk to the switch, with dot11q protocol, and enabled the vtp stuff.

So, I have a few questions:

-----------------------

I've defined the Dialer 1 interface which points to a dialer pool 1 and dialer-group 1

I've defined fa3 as: interface FastEthernet3 description PPPoE to modem pppoe enable pppoe-client dial-pool-number 1

I also defined a VLAN10 interface on the router with IP address 10.0.0.2 I can telnet to the router from a machine on vlan 10, and from the router, I can telnet to within my intranet.

Do I need to enter some commands to tell the router to "route" between packets coming frm VLAN10 to the Dialer ?

or does the catch-all command at the top level:

ip route 0.0.0.0 0.0.0.0 dialer 1

do the trick, routing any/all IP packets coming through the trunk line to the Dialer 1 interface ?

---------------------

Does this router "nail up" the PPPoE link by default ? I'd seen the "dial-on-demand" qualifier to the pppoe-client dial-pool-number command, but not see any text describing whether the router will re-establsh a PPPoE session as soon as it is lost when you don't specify dial-on-demand.

(This lan contains some servers, so I need a "nailed up" connection since the ISP can't establisgh sessions with me when it has an incoming connection to my mail/web/etc servers.)

----------------------

If I need to map ports to a host (for instance, incoming calls to port

80 goes to 10.0.0.11 but calls to 25 go to 10.0.0.12)

What commands/concepts need I look into ?

-----------------------

Thanks in advance for responses.

Reply to
JF Mezei
Loading thread data ...

Your setup isn't very clear. You have a dial-up modem connected to this setup? How is it connected to the 871? Also, posting the full config would make it much easier to figure out what is wrong.

Reply to
Thrill5

WAN port is I think usually Ethernet 4, but it appears that this is not being used. Of course with adv IP services you can use any port as the WAN port but there is no reason to make life tougher than needed.

I have a working config quite like this burried somewhere. Come back with some more details as Thrill5 suggests and someone will likely assist further.

Reply to
bod43

Someone told me that on the 871W, only fa4 had the "router" ability. DoN't quite understand it, but moving my WAN port to fa4 did get te dialer to connect to the ISP (PPPoE on ADSL, separate modem).

Since this router came without documentation (and the few pages that did come with it were littered with URLs that don't work), I am at a loss trying to understand what the hardware expects and/or is capable of.

For instance, why must one build a bridge between a radio interface and the vlan interface when the radio interface is alreadyu defined inside that VLAN ?

And in terms of logging, I know of IP NAT LOG TRANSACTIONS but this is way too verbose as it also includes all outbound connections as well as the opening and closing of TCP sessions.

For instance, I don't want to log accesses to port 80, but I do wish to log anyting for telnet/ssh/smtp etc. Where do I look ? Is this an access-list thing ?

Reply to
JF Mezei

formatting link
makes a point of providing all Command Reference Guides and all Configuration Guides available to everyone. Much other material too. What is it that you can't locate?

Well that truely is a mystery. Just go with the flow. Sorry, there are very few Cisco mysteries, but for me that is one of them.

As ThrillS has suggested, please post the entire config and some explanation of your intentions.

Reply to
bod43

Command reference doesn't tell you how to incorporate a dot11radio interface into a lan. You need to figure out through examples on the net that the last argument of the encryption command is the vlan number (the web based SDM setup puts the word "native" in there).

I have not seen a document which describes the device's internal architecture (for instance, only fa4 is connected to the routing chip) and how you should plan to set it up.

I got the wireless to work with a basic password, but I can't use the router's ADSL connection, I need to still use the old router as the gateway/default route on the wireless laptop.

I was able to get the router to act as a router on my lan, but radio interface wouldn't work. When I added the bridge group back in, it fixed the wi-fi, gut broke the routing. But the MAC address of the wireless laptiop shows in in the VLAN10 interface when I do a "show mac". Shouldn't it show up as a dot11radio0.10 interface ?

At this point, posting the config is pointless because it changes a lot as a do trial and error stuff. There is a lot I need to learn to equate the functionality of my 11 year old netgear 314. (zyxel firmware).

Reply to
JF Mezei

Yes, putting 'log' on the end of an ACL entry [ACE] will cause it to generate a log even when something matches that entry.

Reply to
alexd

I finally got both the wireless and router portions working on my 871W. "dialer-group" in the dialer interface was the guilty party that prevented the router from being ... a router....

Now, I need to focus on NAT and logging.

I want to have a "default NAT" so that a call coming in to any unspecified port goes to a specific IP on my LAN. But other ports will be directed to other hosts. (and I will have ACLs to block ports such as any/all microsoft related ports).

Are IP NAT commands checked in the order they are entered in the config file ?

in other words, can I have a series of port specific NAT commands to direct ports, followed by a last "catch all" entry that sends other calls to a catch-all host ?

Is there a way to specify a port range in a IP NAT command ? (eg: incoming calls to ports 6000 to 6100 go to 10.0.0.20 )

For the access-list portion, is it correct to state that if I have

access-list 101 permit tcp any any eq 80 access-list 101 permit tcp any any log

Then all calls coming in to the port 80 web server will not generate any logging activity, while calls coming in to any other ports will ?

Does the "log" qualifier generate packets only when the flow is established between 2 hosts, or will it populate the syslog with a million log entries, one for each packet ?

The reason I want to go this way is that the IP NAT log translations command generates way too much output and I want better control over the amount that is logged.

Reply to
JF Mezei

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.