Salve a tutti,
questo è il mio primo messaggio.
Ho correttamente configurato un Cisco 803 per l'accesso a internet (a 64k), anche se è stata una cosa penosa non l'avere più il pulsante "connect/disconnect" come si aveva in FastStep con il 761. Ho dovuto fare un gran giro per dirgli di connettersi/disconnettersi quando voglio io.
Ora il problema:
la mia rete è così configurata:
Internet
|
|
Cisco 803
|
|
Linksys Cisco WRT54GS
|
|
PC
e vorrei far si che l'803 vada in modalità bridge per permettermi di configurare tutte le opzioni (forward,firewall,QoS,ecc...) UNA volta sola sul WRT54GS, e non duplicare tutto da una parte e dall'altra come stò facendo ora (IP pubblico<-- 803 --> 192.168.0.1, 192.168.0.2<-- WRT54GS -->192.168.1.1). Qualcuno ha qualche aiuto da darmi? Per far si che il WRT54GS prenda l'ip pubblico sulla sua interfaccia WAN (collegata al 803), dopo aver settato l'803 in modalità bridge, devo anche settargli il DHCP server e la parte client sul WRT54GS o non c'entra niente?
L'803 sarà ancora raggiungibile via web/telnet? Con quale ip?
Grazie a tutti per l'attenzione
Cisco 803 bridge mode
Moderatore: Federico.Lagni
-
mip
- Cisco enlightened user
- Messaggi: 149
- Iscritto il: mer 23 nov , 2005 5:10 pm
- Località: Rovigo
In un forum avevo trovato questo:
"Why not disable nat on your router, and just let it become a basic bridging device?Just let the netger do nat/firewall.
803->Netgear->Lan
Between the 803 & NEtgear have a different subnet to your lan.Just have to correctly setup static routes on the 803."
che è più o meno quello che voglio fare io.
La soluzione che è stata data (senza esempi di configurazione) è:
"On your ethernet interface, take out the ip nat outside statement
Change the ethernet ip address to the private subnet between it and the Netgear router. Something like 192.168.254.1/30 (the netgear can be 192.168.254.2/30)
on your dialer interface take out the ip nat inside statement.
take out your ip nat inside source list xxx (or route-map) pending what you are using.
Once you have done that then it's a matter of getting your routing correct.
Setup a static route to route all your LAN packets to 192.168.254.2 (IP of netgear)
and a default gateway to your dialer interface.
IN THEORY the router shouldn't have to nat as it acts as a router between two subnets. So it should route the NAT'd packets to the internet."
Ora, io sono arrivato fino alla riga "Once you have done that then it's a matter of getting your routing correct"
ma non sono in grado di settare le route
Ecco la mia configurazione:
MipLandISDNRouter#show running-config
Building configuration...
Current configuration : 3555 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname MipLandISDNRouter
!
enable secret 5 xxxxxxxxxxxxxxx
!
!
!
!
!
!
dial-peer voice 1 pots
no forward-to-unused-port
no call-waiting
ring 0
port 1
destination-pattern xxxxxxxxxxxxx
!
pots country IT
ip subnet-zero
!
ip name-server 194.185.88.12
ip name-server 194.185.88.5
no ip finger
ip telnet source-interface Ethernet0
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.0.1 255.255.255.252
ip access-group 121 in
bridge-group 1
!
interface BRI0
description connected to Internet
no ip address
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type basic-net3
isdn voice-priority xxxxxxxxxx in conditional
isdn voice-priority xxxxxxxxxx out conditional
isdn incoming-voice modem
no cdp enable
!
interface Dialer1
description connected to Internet
ip address negotiated
ip access-group 121 in
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 2147483
dialer string 0426651600
dialer hold-queue 10
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxx
ppp chap password 7 xxxxxxxxx
ppp pap sent-username xxxxxxxx password 7 xxxxxxxxxxx
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
ip http server
ip http port 81
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.3
access-list 10 permit 192.168.1.3
access-list 18 permit 192.168.0.0 0.0.0.3
access-list 100 permit ip any host 194.185.88.13
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip list 100
snmp-server community public RO
snmp-server location xxxxxxxxx
snmp-server contact xxxxxxxxx
snmp-server chassis-id xxxxxxxxx
bridge 1 protocol ieee
!
line con 0
access-class 10 in
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxx
login
transport input none
stopbits 1
line vty 0 1
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxx
login
line vty 2 4
exec-timeout 0 0
login
!
end
....nessuno?
....aiuti?
Grazie
Mirco
"Why not disable nat on your router, and just let it become a basic bridging device?Just let the netger do nat/firewall.
803->Netgear->Lan
Between the 803 & NEtgear have a different subnet to your lan.Just have to correctly setup static routes on the 803."
che è più o meno quello che voglio fare io.
La soluzione che è stata data (senza esempi di configurazione) è:
"On your ethernet interface, take out the ip nat outside statement
Change the ethernet ip address to the private subnet between it and the Netgear router. Something like 192.168.254.1/30 (the netgear can be 192.168.254.2/30)
on your dialer interface take out the ip nat inside statement.
take out your ip nat inside source list xxx (or route-map) pending what you are using.
Once you have done that then it's a matter of getting your routing correct.
Setup a static route to route all your LAN packets to 192.168.254.2 (IP of netgear)
and a default gateway to your dialer interface.
IN THEORY the router shouldn't have to nat as it acts as a router between two subnets. So it should route the NAT'd packets to the internet."
Ora, io sono arrivato fino alla riga "Once you have done that then it's a matter of getting your routing correct"
ma non sono in grado di settare le route
Ecco la mia configurazione:
MipLandISDNRouter#show running-config
Building configuration...
Current configuration : 3555 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname MipLandISDNRouter
!
enable secret 5 xxxxxxxxxxxxxxx
!
!
!
!
!
!
dial-peer voice 1 pots
no forward-to-unused-port
no call-waiting
ring 0
port 1
destination-pattern xxxxxxxxxxxxx
!
pots country IT
ip subnet-zero
!
ip name-server 194.185.88.12
ip name-server 194.185.88.5
no ip finger
ip telnet source-interface Ethernet0
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.0.1 255.255.255.252
ip access-group 121 in
bridge-group 1
!
interface BRI0
description connected to Internet
no ip address
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type basic-net3
isdn voice-priority xxxxxxxxxx in conditional
isdn voice-priority xxxxxxxxxx out conditional
isdn incoming-voice modem
no cdp enable
!
interface Dialer1
description connected to Internet
ip address negotiated
ip access-group 121 in
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 2147483
dialer string 0426651600
dialer hold-queue 10
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxx
ppp chap password 7 xxxxxxxxx
ppp pap sent-username xxxxxxxx password 7 xxxxxxxxxxx
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
ip http server
ip http port 81
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.3
access-list 10 permit 192.168.1.3
access-list 18 permit 192.168.0.0 0.0.0.3
access-list 100 permit ip any host 194.185.88.13
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip list 100
snmp-server community public RO
snmp-server location xxxxxxxxx
snmp-server contact xxxxxxxxx
snmp-server chassis-id xxxxxxxxx
bridge 1 protocol ieee
!
line con 0
access-class 10 in
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxx
login
transport input none
stopbits 1
line vty 0 1
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxx
login
line vty 2 4
exec-timeout 0 0
login
!
end
....nessuno?
....aiuti?
Grazie
Mirco
