Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ehternet Routing: on 831 Router

Status
Not open for further replies.

krsnavan

IS-IT--Management
May 21, 2008
20
AE
Need to configure Cisco 831 Router to do Ethernet Routing !10.125.0.0, 255.255.240.0 is one Range. Gateway is 10.125.0.3/ otjher range is 10.135.1.0,255.255.255.0 , Gateway 10.135.1.1. I eanbled ip routing.Is that enough for both network to be communicated. provided i have to mention the gateway address of the outgoing interfaces of the router in the devices in that network.
 
Need more info.

Is the 831 those gateways?
If not, what device(s) are they?
If so, then you're done, except for adding a default gateway for internet.

MCSE CCNA CCDA
 
Yes, that is enough.
I think he is suggesting e0=10.125.0.0/20 and e1=10.135.1.0/24. Since they are directly connected, no further configuration is needed. If you are having problems, post a sh run.

Burt
 
I given below the configuration.!

This router has in-built Switch too.Document says we can use Ethernet2 for DMZ as well.And i plan to apply ACL between two networks allowing certain ports such as 80,21,25,icmp,143.Plz .check the Access lists are correct.i m goin to apply ACL 101 to E0 inward and 102 to E1 Inward.
I need to communicate devices in both subnets.


Current Configuration : 1850 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RO73
!
boor-start-marker
boot-end-marker
!
enable secret
enable password
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
interface Ethernet0
ip address 10.125.0.3 255.255.240.0

!
interface Ethernet1
ip address 10.135.1.1 255.255.255.0
duplex auto
!
interface Ethernet2
ip address 192.168.3.1 255.255.255.0
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
no http server
no ip http secure server
!
!
access-list 101 permit icmp 10.125.0.0 0.0.15.255 any
access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq smtp
access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq ftp
access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq www
access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq 143
access-list 101 permit tcp 10.125.0.0 0.0.15.255 any eq telnet
access-list 102 permit icmp 10.135.1.0 0.0.0.255 any
access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq smtp
access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq ftp
access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq www
access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq 143
!
control-plane.
!
line console 0

!
scheduler max-task-time 5000
end.



 
ACL 101 will allow anyone on the 10.125.0.0/20 network icmp AND telnet traffic to anywhere, smtp traffic to only the 10.135.1.0/24 network, ftp traffic to only the 10.135.1.0/24 network, web traffic to only the 10.135.1.0/24 network, and IMAP traffic to only the 10.135.1.0/24 network. Everything else will be denied.
ACL 102 will allow anyone on the 10.135.1.0/24 network ICMP traffic to anywhere, SMTP traffic to only the 10.125.0.0/20 network, FTP traffic to only the 10.125.0.0/20 network, web traffic to only the 10.125.0.0/20 network, and IMAP traffic to only the 10.125.0.0/20 network. No telnet will be allowed from anyone on the 10.135.1.0/24 network. Everything else will be denied.
All three subnets, including the DMZ, will be able to communicate with eachother, because all networks are directly connected. But that is the only communication allowed because
A. You have no static routes anywhere else
B. You have no default route
C. You have no routing protocol
D. ACL 101 will allow only the traffic to the other directly connected network specified
E. ACL 102 will allow only the traffic to the other directly connected network specified
If all of this and only this is what you want to accomplish, then it will work. However, if you plan on going beyond the directly connected networks, including for internet access (assuming there are no web servers on either of the directly connected networks), then you will need static routes/routing protocol, a default route,m and NAT statements (IP NAT inside) on all interfaces, assuming another router or firewall is doing the inside to outside NAT.

Burt
 
Hi Techies !
I appled ACL as mentioned early.

I need to check what ports are passed thro'the router!Any tools i can run n check the open ports?

I run "telnet 10.125.0.10 25" to my SMTP server from 10.135.1.10, but cannot get any reply!

How to solve the issue.Any other ports to be opened?

regds.

Vanna
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top