Hello,
I am trying to configure an 891W router for practicing for ICND 1. Can you please advice on the configuration, greatly appreciate it, thanks.
On the 891W router, the switchport port security command dosent work, instead I used switchport protected, guess that command does port security for the 891W.
I cannot assign an IP addresses to ports. How do I assign an ip address for a trunk port on the 891W(int fa1).
Does VLAN 1 require an IP address?
If I make VLAN 2 as the native VLAN, do I have to assign an IP address to it?
I creatd a couple of VLANs, and plan to use VLAN 3 for network switch management.
Do I have to create a loopback address for each VLAN?
I am a little mixed up with the DHCP pool creation. Do I have to create a pool for each VLAN?
Can you please take a look at the configuration script and correct it for me, greatly appreciate it, thanks.
I had gotten the following error:
ip address 192.168.1.2 255.255.255.224
% 192.168.1.0 overlaps with secondary address on Loopback0
ip address 192.168.5.2 255.255.255.0
% 192.168.5.0 overlaps with secondary address on Loopback0
*****************************************************************
*****************************************************************
config t
alias exec save copy running-config startup-config
int range fa0 - 7
speed 100
duplex full
switchport mode access
switchport protected
shutdown
exit
*****************************************************************
hostname R891W
no enable password
enable secret testlab
username XXX privilege 15 password testlab1
service password-encryption
no ip domain lookup
ip domain name XXX
vtp domain XXX
vtp mode transparent
ntp server 64.113.32.5
no ip http server
ip name 4.2.2.2 4.2.2.3 8.8.8.8
ip route 0.0.0.0 0.0.0.0 fa8 dhcp
ip routing
default-information originate
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 0
network 192.168.7.0 0.0.0.255 area 0
network 192.168.8.0 0.0.0.255 area 0
passive-interface default
no passive-interface fa0
no passive-interface fa1
no passive-interface fa2
exit
*****************************************************************
crypto key generate rsa general-keys modulus 2048
*****************************************************************
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 3
*****************************************************************
line con 0
no exec-timeout
logging synchronous
enable secret testlab
line con 0
login local
exit
line vty 0 4
logging synchronous
no exec-timeout
username tech
line vty 0 4
password testlab
login local
transport input telnet ssh
exit
line aux 0
logging synchronous
exec-timeout 0 0
password aux
login
login local
exit
Banner motd +
******************************
Unauthorized Access Prohibited
******************************
+
*****************************************************************
service dhcp
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.4.1
ip dhcp excluded-address 192.168.5.1
ip dhcp excluded-address 192.168.6.1
ip dhcp excluded-address 192.168.7.1
ip dhcp excluded-address 192.168.8.1
ip dhcp pool DHCP-POOL
network 192.168.1.0 255.255.255.0
network 192.168.2.0 255.255.255.0 secondary
network 192.168.3.0 255.255.255.0 secondary
network 192.168.4.0 255.255.255.0 secondary
network 192.168.5.0 255.255.255.0 secondary
network 192.168.6.0 255.255.255.0 secondary
network 192.168.7.0 255.255.255.0 secondary
network 192.168.8.0 255.255.255.0 secondary
exit
!
dns-server 4.2.2.2 4.2.2.3 8.8.8.8
default-router 192.168.1.1
domain-name XXX
lease 7
exit
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255 secondary
ip address 192.168.2.1 255.255.255.255 secondary
ip address 192.168.3.1 255.255.255.255 secondary
ip address 192.168.4.1 255.255.255.255 secondary
ip address 192.168.5.1 255.255.255.255 secondary
ip address 192.168.6.1 255.255.255.255 secondary
ip address 192.168.7.1 255.255.255.255 secondary
ip address 192.168.8.1 255.255.255.255 secondary
exit
interface vlan 1
ip nat inside
exit
vlan 2
name NATIVE
int vlan 2
ip nat inside
no shut
exit
vlan 3
name SWITCH_MANAGEMENT
int vlan 3
ip address 192.168.1.2 255.255.255.224
ip nat inside
no shut
exit
Vlan 10
name PRIVATE-WIFI-VLAN
interface Vlan 10
description PRIVATE-WIFI-VLAN
ip address 192.168.5.2 255.255.255.0
ip nat inside
exit
vlan 11
name GUEST-WIFI-VLAN
interface Vlan 11
description GUEST WIFI VLAN
ip address 192.168.6.2 255.255.255.0
ip nat inside
exit
Vlan 12
name VOIP-VLAN
interface Vlan 12
description VOIP-VLAN
ip address 192.168.7.2 255.255.255.0
ip nat inside
exit
Vlan 14
name FINANCE-VLAN
interface Vlan 14
description FINANCE-VLAN
ip address 192.168.1.65 255.255.255.240
ip nat inside
exit
Vlan 17
name I.T.VLAN
interface Vlan 17
description I.T. VLAN
ip address 192.168.1.129 255.255.255.240
ip nat inside
exit
*****************************************************************
int loopback0
ip address 192.168.1.1 255.255.255.224
ip nat inside
no shut
exit
int fa0
description TRUNK LINK TO ASA5520 FA1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan all
shut
exit
int fa1
description Trunk LINK TO S3560 FA1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan all
no shut
exit
int fa2
description TRUNK LINK TO S3750 FA2
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan all
no shut
exit
int fa3
description VOIP VLAN Port
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 12
shut
exit
int range fa4 - 5
description FINANCE VLAN Port
switchport mode access
switchport access vlan 14
no shut
exit
int range fa6 - 7
description I.T. VLAN Port
switchport mode access
switchport access vlan 17
no shut
exit
*****************************************************************
ip access-list standard INSIDE_NAT_ADDRESSES
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
permit 192.168.4.0 0.0.0.255
permit 192.168.5.0 0.0.0.255
permit 192.168.6.0 0.0.0.255
permit 192.168.7.0 0.0.0.255
permit 192.168.8.0 0.0.0.255
exit
*****************************************************************
int fa8
ip address dhcp
ip nat outside
ip nat enable
no shut
ip nat inside source list INSIDE_NAT_ADDRESSES int fa8 overload
exit
*****************************************************************