cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
767
Views
0
Helpful
3
Replies

How to configure static IPs from ISP

ram13cisco
Level 1
Level 1

My ISP has provided me with a /24 block of static IP addresses. Can someone please point me in the right direction for configuring my network to use these public addresses. I would like machines on the LAN to be assigned an address from the block and allow connections from the internet to be routed to the particular machine that has been configured with public ip address.

Any help would be appreciated. Thank you.

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Richard

The way that this is frequently handled is to put the public addresses into a block on the edge device (firewall or router) and to do address translation. End stations (both PCs and servers) on the inside network are translated to these public addresses as they go to the Internet. The servers that need to be accessible from the Internet would have static translations configured and the other stations would be translated dynamically.

HTH

Rick

HTH

Rick

Thank you for your quick response Rick. Our block is /24 and we would like to add some clients in the building and operate as a mini ISP for some of the offices. How would this change the configuration you described above?

Richard

Hi,

As Rick mentioned, public ip addresses is usually put in the edge device (firewall or router).

Between you and your ISP, there should be a smaller subnet to use for your edge device, /30 or /29 perhaps and this /24 is routed from your ISP to your edge device.

Now, between your edge device and your clients, what is the network architecture? Is it L2 or L3? If it's only L2, then you will be doing the NAT to your edge device - you can still perform subnetting so that you can QoS your client bandwidth use using the subnet assigned to them. If it's a L3, then you have to assign subnets per client edge device and perform the necessary routing of subnet assigned to your client to their edge device - they may be managing their edge device.

To make it simple, you can setup the architecture between your edge device and your client and create a policy which is permitted and which not.

Regards,

Dandy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco