configuring cisco 1700 for 2 subnetworks.

Hi all,
I would like to set up a Network with 1 Cisco 1700 Router, and 2
switches.

I would like to connect each switch to one out of the 4 Ports
available on the Cisco Router. (Should I start with Port 4?)

each Switch will handle a different network, eg.:
Sw1: 192.168.1.0 /24
Sw2: 192.168.2.0 /24

Hosts from 192.168.2.0 will not be able to see (directly, unless
requests arrive from 192.168.1.0) hosts in 192.168.1.0, but the
otherway is fine.

The IP addresses will be given by the DHCP of the Router.
Seems simple, right?

I've read tons of posts here and looked almost everywhere on the
Internet, and what I was able to understand is that I need to
configure VLANS on subinterfaces.

Now here is what I was able to sample from each article I read:

vlan database
vlan 1 name vlan1
vlan 2 name Vlan2
exit
!
configure terminal
!
!Excluding IPs for static configuration
ip dhcp excluded-address 192.196.1.100 192.196.1.120 !! Static IPs for
Workstations LAN
ip dhcp excluded-address 192.196.2.100 192.196.2.120 !! Static IPs for
Video LAN
!
ip dhcp pool Pool0
import all
network 192.168.0.0 /16
dns-server 194.90.1.5 212.143.212.143
!
ip dhcp pool Pool1
network 192.168.1.0 /24
default-router 192.168.1.1
lease 30
!
ip dhcp pool Pool2
network 172.16.2.0 /24
default-router 192.168.2.1
lease 30
!
interface vlan 1
description VLAN for Workstations LAN
ip address 192.168.1.1 255.255.255.0
ip default-gateway 192.168.1.1
no shutdown
!
interface vlan 2
description VLAN for Video LAN
ip address 192.168.2.1 255.255.255.0
ip default-gateway 192.168.2.1
no shutdown
!
interface fastethernet0
no ip address
no shutdown
!
interface fastethernet1
description Switch Port 1 connected to Workstations LAN
switchport mode access
switchport access vlan 1
spanning-tree portfast
!
interface fastethernet2
description Switch Port 2 connected to Video LAN
switchport mode access
switchport access vlan 2
spanning-tree portfast
!
access-list 101 permit ip any any
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 !!
denies packets from Video LAN to Workstations LAN
access-list 102 permit ip any any
!
interface fastethernet0.1
description Subinterface for Workstations LAN
encapsulation dot1q 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 out
!
interface fastethernet0.2
description Subinterface for Video LAN
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102 out
!

Please let me know if this is correct, or should I set up Trunk
anywhere... (so far this looks good to me).
and please, if its not all good, Post a command fix also.

Thanks,

Eyal Safran.

 

First you should use the IOS feature search tool to see if your router
and/or the IOS image you're running on it supports 802.1q trunking. If
it does then you are correct that you will create subinterfaces of the
physical FE or EN port on the router.

Here's a reference I've used for doing this on a 2600 Series. It should
be the same for a 1700 if it supports 1q trunking.
http://cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a00800949fd.shtml

 

I guess this setup procedure is good when you have physicly 1 Router and 2
Switches.
But what if you have just 1 Router, and the Switch is built-in in the
Router, uing the WIC-4ESW card which gives you 4 switch ports?
Can the router acctually provide a different subnet ip to each switch port
and its attached devices, using the Routers DHCP?

Eyal Safran.