want to configure public I.P on wan of cisco 871.On lan also public

Unanswered Question
Jun 1st, 2008

i have 871 router.I want to configure public I.P on wan (fe 4).On lan side (fe0-fe3 which is vlan 1)I want public I.P also.How can I get it?In other words the users will connect to lan and will use public I.ps for internet.how to configure router on wan and vlan 1? how to do routing?I am new.i need all configuration.Subnet of public I.P given to me by my ISP is 255.255.255.248.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.3 (4 ratings)
Loading.
scottmac Sun, 06/01/2008 - 18:26

It's the same, regardless of whether you use public or private addresses.

The same rule applies though: They must be in different networks / subnetworks for the router to work (same networks / subnetworks would use it in bridge mode, which has many drawbacks over a WAN)

You just need to get addresses from different blocks, or subnet a single block.

Good Luck

Scott

foxbatreco Sun, 06/01/2008 - 19:57

Scott..i fully agree with u ..but can u get a bit deeper as to wat drawbacks will same networks have over WAN.

I am tryin to figure tis out..

Thanks in advance!!!

foxbatreco Sun, 06/01/2008 - 19:53

If i understood correctly..u need to use public ip on both external/internal interfaces of ur router.correct if this is not the case.

Now basically this type of set is used when u have a layered approach to provide access, cud be as a security measure as well.Ok now how to go abt it!

Get 2 ranges of IP's in different subnets.let's say ..u use 192.168.50.4/30 on ur fe4 interface which will connect to wan clouds.

on the Fe0-3, if u need all different sets ,ask for 3 set of /30 Ip stack from ur provider.

ALternately u can use another /29 stack on the Fe0 interface and assign it to different device maybe a firewall attached to this interface.remaining ip's u can use for internal NAT or static translations.

As ur isp has given u /29 block it cant be used to assign to different interfaces. it can only be collectively used for nat, static translation et al.

Pls rate the post!!!

Pls rate the post if this helps!!!

contact_abdul Mon, 06/02/2008 - 02:19

thnx all brothers for replying me in just span of 12 hours!.wooo thats wonderful help.

let me be more clear in my question.consider me at zero level cisco guy.so i need real config so that i can simply configure my 871 router.

question again: from ISP side I got /29 public I.ps.The first I.P which i will use for cisco router on wan interface(fe4) will be 161.This 161 will be gateway I.P for PCs which connect to LAN.Ok?

The last I.P which i can use is 166.

Now I want to connect my laptop to lan of router (vlan1 which is fe0 to fe3).I want public I.p on laptop to browse internet.so i can use any of these I.Ps 162,163,164,165,166 for internet.I am not bothered about security at all.how can I configure the router so that i can use only Public I.ps for browsing??

patrickvanham Mon, 06/02/2008 - 02:29

Isn't your ISP going to use one of the addresses

of the /29 on their end? This usually the case, and usually the first IP address in the range. If not, will you be using a static route to the ISP address?

Normally a PC will have the gateway on the inside interface, not the outside interface. Another issue, security related, is to have a public IP on the LAN side. Additionally a LAN is commonly configured with one subnet per vlan, do you have one or more vlans? Or is the inside interface meant to go to a DMZ?

contact_abdul Mon, 06/02/2008 - 02:35

yes Isp will use one of the address.Lets consider 160.So 160 will be the gateway for my cisco 871 router.ok? 161 will be assigned to 871. and users will connect to 4 port switch (fe 0 to fe4).this 4 port switch is lan side .its called vlan 1.ok?.now please tell whole configuration.

patrickvanham Mon, 06/02/2008 - 05:07

x.x.x.160 is the network address and cannot be assigned, so the ISP will likely use x.x.x.161

the whole config is a lot, but are you absolutely sure you want a public IP on the internal inteface. Have you considered the security implications of assigning the LAN a public IP? Will the clients also be in that IP pool? If so you can use a loopback and unnumbered interfaces towards both ISP and LAN.

Is there any traffic you want blocked besides the obvious ones of blocking outside (and possibly limiting inside) access to the router?

contact_abdul Mon, 06/02/2008 - 05:53

Dear foxbatreco

My scnerio is very simple.The isp gave me following Public I.P X.X.81.161 and last I.P X.X.81.166. Subnet mask 255.255.255.248. Now I want on my pc to use these public I.ps for iternet.That means I will assign my cisco 871 router wan interface I.P X.X.81.161 and subnet 255.255.255.248. The I.P 160 will be gateway of my cisco router ip route 0.0.0.0. 0.0.0.0 X.X.81.160 . The users will connect to 4 port switch of this router which is LAN side. The users pc gateway will be X.X.81.161 (cisco wan interface) . and user pc subnet 255.255.255.248. How can i configure my cisco router to achieve mu need? simple question.I am not bothered about security issues at all.i want to use following I.ps on my Pc for internet X.X.81.162 to X.X.81.166 ok?

patrickvanham Mon, 06/02/2008 - 07:31

If your ISP gave you x.x.x.160 /29 neither you nor the ISP can use x.x.x.160 as that is the network address! The first usable address is x.x.x.161, which is likely to be usd by the ISP. Meaning that IP address will be your next hop from the Cisco, and the first address you can use is x.x.x.162, if you set it up as unnumbered on both the outside and inside you still have x.x.x.163 to x.x.x.166 for the clients.

Pravin Phadte Mon, 06/02/2008 - 08:03

Try this config. The command should work for the router. If not let me know.

Ip classeless

interface WAN

Description To ISP

ip address X.X.81.161 255.255.255.248

ip route 0.0.0.0. 0.0.0.0 interface WAN

no ip dhcp use vrf connected

ip dhcp excluded-address X.X.81.161 X.X.81.161

!

ip dhcp pool TEST-LUCK

import all

network X.X.81.161 255.255.255.248

default-router X.X.81.161

dns-server X.X.X.X X.X.X.X

domain-name TEST-LUCK.COM

lease 0 1

You may need to get the dns server name and domain name provided by the isp.

I have this config but not with the single ip address range. I feel this should work.

Hope it helps. Let me know if i can help more on this.

contact_abdul Mon, 06/02/2008 - 13:04

dear pravinxyz,

thnx.I needed this configuration.while others were giving ways to solve but none gave me (except u) what i really wanted.Still I thank others too who replied to me.i am gr8ful to all brothers.thnx for ur detailed reply.now i will write my configuration on the basis of your idea:

Ip classeless

interface WAN (fastEthernet 4)

Description To ISP

ip address X.X.81.161 255.255.255.248

ip route 0.0.0.0. 0.0.0.0 FastEthernet 4

no ip dhcp use vrf connected

ip dhcp excluded-address X.X.81.161 X.X.81.161

!

ip dhcp pool TEST-LUCK

import all

network X.X.81.161 255.255.255.248

default-router X.X.81.161

dns-server X.X.X.X X.X.X.X

domain-name TEST-LUCK.COM

lease 0 1

Question: On my 871 router I have vlan 1 interface.This is I guess lan side which is fastethernet 0 to fe 3 (4 port switch).

WHAT SHOULD I DO AT VLAN 1 INTERFACE? I MEAN CONFIGURATION? PLEASE REPLY

Pravin Phadte Tue, 06/03/2008 - 02:33

Hi Abdul,

Its good to that this is what you were looking for.

Let me make your points clear.

1. Fa0 --> ISP end

2. Fa1 to Fa3 ---> PC

3. Vlan1 ----> ????

As you said you want to connected the pc to the routers FA ports that the reason why i provided with the dhcp config.

In this case Vlan 1 can be shut down.

Cisco provides with these routers to configure as a switch also. 1800 serials also has the same feture.

Use on VLAN1.

In future if you purchace more ip address. you have 20 more users and you need to add a switch to this router thats when you can use the vlan 1 with a proper design.

example would be you crete a new DHCP pool. Create a subinterface on the router. And this will help you with intervlan routing also.

So as per your reuirment you need at this point of time you need to shut it down.

Hope this is helpful. Let me know if you have any more questions.

contact_abdul Tue, 06/03/2008 - 02:50

Dear pravinxyz,

u did not get me clear.Cisco 871 router is having actually only two fastethernet. ok?

one is on wan side and other is on lan side.

LAN is having 4 port switch (fe 0,fe1,fe2,fe3). These 4 ports are grouped as Vlan 1........ok? so i have now two interfaces actually . Fe4 and Vlan 1.

wan side i got u. what about vlan 1 (what ever i do on vlan 1 the same will be reflected on all 4 ports switch which is integarted with the router.

Physically the router has 4+1= 5 RJ-45 ports. wan is fe 4. switch is fe 0 to fe 3.

now plz proceed.what i do on vlan 1 ?

thnx for ur reply.

01.wan is fastEthernet 4

Pravin Phadte Tue, 06/03/2008 - 02:58

Hi Abdul,

I got You.

Vlan is virtual port. Shut it down.

You need to concentrate on the phisical ports.

FE4 goes to WAN

FE0 to FE3 Goes to LAN.

No need to worry about the vlan. Do a shutdown on this port.

Config t

Vlan 1

shut

Thats all Abdul.

Let me know how it goes.

contact_abdul Sat, 06/07/2008 - 08:54

hi all,Its working now.

here is brief config.thnx all.

slic#show ip int br

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up up

FastEthernet1 unassigned YES unset up down

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

FastEthernet4 172.30.5.26 YES NVRAM up up

Vlan1 X.X.72.33 YES NVRAM up up

slic#show run

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 172.30.5.26 255.255.255.252

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address X.X.72.33 255.255.255.240

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.30.5.25

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

no cdp run

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

transport input telnet ssh

!

scheduler max-task-time 5000

end

slic#

Actions

This Discussion