Cisco 1712 internal Interface PLZ HELP!!! Going insane soon

[NiclasEliassen]

Hi I have been asked to set up a site to site vpn tunnel between 2 cisco routers.
My side of the tunnel have a cisco 1712 router.
The router have 1 Fast Ethernet(Fa0) port and a 4 port Fast Ethernet switch (Fa1-Fa4).

I have set a public ip on the Fa0 port and I can ping stuff on the internet from the router...so far so good. When I try to set an ip for the internal network on one of the fa1-fa4 ports in the swich i get the following error : % IP addresses may not be configured on L2 links.
Hmm .. ok it seems that I cant set a ip to a specific port in the switch. How will I configure this router to have an ip for the internal lan. I tried to set a ip to the default vlan1 wich had fa1-fa4 linked to it. That dident help either.

Can someone please explain to a cisco newbie what im missing

Internal network --------- cisco1712 -------- internet
172.16.100.0/24
GW 172.16.100.254(cisco1712 internal)


Backside of the router looks like this
Switch SingleEthport consol+ Isdn Bri Power
Fa1-Fa4 Fa0 AUX Port


The router should also default have somekind of sdm sevice that i could use to configure it from a webbrowser... but it dont seem to exist .... i followed a troubleshooting guide and i should see that the sdm.tar module would be loaded in the flash if i did a show flash command but it didnt show any sdm.tar .... anyone knows how i can install these sdm thing ?

Here is the current running config

RR01#sh run
Building configuration...

Current configuration : 1141 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RR01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$sL.M$WefQqINSrHy.mzw7HzUbB1
enable password XXXXXXX
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
ip cef
ip ids po max-events 100
no ftp-server write-enable
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
description Connected to Internet
ip address 193.xxx.xxx.xxx 255.255.255.240
speed auto
half-duplex
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface Vlan1
description Connected to Internal (FaEth1-4)
ip address 172.16.100.254 255.255.255.0
!
ip default-gateway 193.xxx.xxx.xxx
ip classless
ip route 0.0.0.0 0.0.0.0 193.xxx.xxx.xxx
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password xxxxxxx
login
!
end

RR01#

Here is some vlan info

RR01#sh vlan-switch brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1, Fa2, Fa3, Fa4
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

RR01#sh vlan-switch id 1

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1, Fa2, Fa3, Fa4

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
RR01#

RR01#sh vers
Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(7)XR3, RELEASE SOFTWARE (fc2)
Synched to technology version 12.3(7.11)T1
Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Sat 25-Sep-04 16:02 by ealyon

ROM: System Bootstrap, Version 12.2(7r)XM4, RELEASE SOFTWARE (fc1)
ROM: Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(7)XR3, RELEASE SOFTWARE (fc2)

RR01 uptime is 1 hour, 21 minutes
System returned to ROM by reload
System image file is "flash:c1700-k9o3sy7-mz.123-7.XR3.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1712 (MPC862P) processor (revision 0x101) with 86244K/12060K bytes of memory.
Processor board ID FOC08331T0C (2515700571), with hardware revision 0000
MPC862P processor: part number 7, mask 0
1 Ethernet interface
5 FastEthernet interfaces
1 ISDN Basic Rate interface
1 Virtual Private Network (VPN) Module
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

RR01#sh flash

System flash directory:
File Length Name/status
1 12894116 c1700-k9o3sy7-mz.123-7.XR3.bin
[12894180 bytes used, 20398104 available, 33292284 total]
32768K bytes of processor board System flash (Read/Write)

----------------------------------------------------------

Also this router should have some firewall capabilities if anyone have a few good liks how i will secure my router please share em with me

niclas.eliassen@home.se

 

[wybnormal]

You need to add the ports 1-4 to the VLAN you created or in this case, VLAN1 (default). I think you can use the range command on this router. You also need to tell the ports that they will be a switch. Some of this is defaulted but since you have been trying to fix something, I thought it best to go from step 1.. no insult intended

interface range fa0/1 - 4 ;note the space then - then space
switchport mode access ; enables layer two on port
no shut ; brings up the ports

To add a VLAN use the vlan database

vlan database
vlan 100
exit

To configure the SVI, you have to put the port(s) into the VLAN first:

interface vlan 100
ip address <ipaddress>

show interface vlan 100 ; this will verify its working

To download the SDM to the router, you will use TFTP and you can read the details here:

http://www.cisco.com/en/US/products...stallation_guide09186a00802d2875.html#wp65470

To get SDM up and working,

#ip http server ; enables HTTP server

#ip http secure-server ; enables the SSL server

#ip http authentication local ; enables local athentication

#username <newusername> privilege 15 password 0 <password>

THis should get it up and working.


Get all the details here:

http://www.cisco.com/en/US/products/hw/routers/ps221/prod_configuration_basics09186a00801a055a.html

SDM :

http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm

MikeS


Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[NiclasEliassen]

Wow that was a fast reply on other forums I might have to wait weeks before anyone answers .... im impressed


Ok i have done the configuration changes you suggested but I still cant ping the internal interface from the router.

Note : I dont have any devices connected to the switch fa1-fa4 right now .... but i guess that i should be able to ping it from inside the cli interface anyway or do I need to uplink/connect it to my regular switch to get some kind of up status for the switch ports/vlan100 ?

RR01#ping 172.16.100.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)


RR01#sh interface vlan100
Vlan100 is up, line protocol is down
Hardware is EtherSVI, address is 0011.bb13.1420 (bia 0011.bb13.1420)
Description: Connected to Internal (FaEth1-4)
Internet address is 172.16.100.254/24
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
RR01#



To download sdm i apperatly needs a password.... maybee i get one if i register the router ?

RR01#sh run
Building configuration...

Current configuration : 1358 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RR01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$sL.M$WefQqINSrHy.mzw7HzUbB1
enable password xxxxxxxxxxxx
!
username root privilege 15 password 0 xxxxxxxxxx
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
ip cef
ip ids po max-events 100
no ftp-server write-enable
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
description Connected to Internet
ip address 193.xxx.xxx.xxx 255.255.255.240
speed auto
half-duplex
!
interface FastEthernet1
switchport access vlan 100
no ip address
!
interface FastEthernet2
switchport access vlan 100
no ip address
!
interface FastEthernet3
switchport access vlan 100
no ip address
!
interface FastEthernet4
switchport access vlan 100
no ip address
!
interface Vlan100
description Connected to Internal (FaEth1-4)
ip address 172.16.100.254 255.255.255.0
!
interface Vlan1
no ip address
!
ip default-gateway 193.xxx.xxx.xxx
ip classless
ip route 0.0.0.0 0.0.0.0 193.xxx.xxx.xxx
ip http server
ip http authentication local
ip http secure-server
!
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxx
login
!
end

RR01#

/Niclas Eliassen

 

[NiclasEliassen]

Ok Got it working

Thanks for your help

/Niclas Eliassen

 

[wybnormal]

Good news

MikeS

Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu