Multiple IP Addresses

Answered Question
Jul 6th, 2008
User Badges:

Hi, I hope this is the right board, but the WAN topic didn't really fit either :)


We were assigned a range of IPs from our ISP. To be exact, there are 8 IPs, where 1 is the network address, 1 is the gateway and one is the broadcast address. That basically makes 5 useable addresses.


Now my question. How do I configure one physical interface with multiple IP addresses?

I tried assigning the addresses to subinterfaces of that physical interface but I received the message that the line has to be configured as a trunk line. Now, is that line a trunk line by default? Since the other end of the cable is plugged into a port of the ISPs device (4 DSL cables end there as well). Until now we have only been using just one address (and the gateway) but we would like a server in our network to have a IP address of its own.


Thanks for any responses.


I am using a Cisco 1811 running IOS 10.4

Correct Answer by Jon Marshall about 8 years 11 months ago

Thomas


The router knows which interface because of the "ip nat inside" and "ip nat outside" statements in your configuration. So on your outside interface


int fa0/1

ip address 194.33.74.2 255.255.255.248

ip nat outside


As i say 194.33.74.3 must be routed back to the outside interface (fa0/1) of your router when traffic returns from the Internet but that is what the ISP does. They allocate you a /29 subnet and make sure that any traffic for IP addresses in that subnet are routed to your router.


Edit - just to clarify. The router knows which interface to send the packets out of due to it's routing table. So it consults it's routing table to find out how to get to the destination address and then when it routes it out of the fa0/1 interface it then gets natted because of the "ip nat outside" statement.


Apologies for any confusion.


Jon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.4 (5 ratings)
Loading.
n.nandrekar Sun, 07/06/2008 - 07:12
User Badges:
  • Silver, 250 points or more

hi!!!

To use the ip address for a Server, you will have to assign a local private ip to the server and configure static NAT to map the server ip to one of the public IPs that you have received. There is no point in configuring the IPs on the link connected to the isp using sub-interfaces.

Vlan encapsulation has to be added always when giving an ip to sub-interface as the vlan tag on the data helps to identify the subinterface which should process that data ( as all data is received on the same physical interface). also this has to be configured on the remote side (isp) too which wont be possible... a nd wont make sense in your scenario.


Regards,

Niranjan

(please rate if helpful)

thomaslinder Sun, 07/06/2008 - 07:51
User Badges:

Hi n.nandrekar


Let me thank you for your reply. I'd like to clear the topic at little :)


So basically you are saying that I needn't configure any IP on the Fa0 (but I could configure one if I wanted)?


Do I get this right?: Traffic originating from the Internet towards any of my IP addresses will arrive at the Fa0 interface, no matter what IP I configure on that interface.


What about outgoing traffic? Which IP Address will be assigned on the outside NAT interface?


Thank you for clarification

Jon Marshall Sun, 07/06/2008 - 08:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thomas


If you want to have a server inside your network to use one of the public IP addresses then you can use NAT. As an example


Server1 (192.168.5.11) -> (192.168.5.1 - fa0/0) R1 (195.77.10.2 - fa0/1) -> (195.77.10.1) ISP_R1


So Server1 has private address of 192.168.5.11. R1 is your router with a private address on the inside interface and a public IP address on the outside interface.


The public IP address range is


195.77.10.0 255.255.255.248


1 & 2 have been used and .7 is the broadcast address. So lets use .3


On your router - R1


ip nat inside source static 192.168.5.11 195.77.10.3


int fa0/0

ip nat inside


int fa0/1

ip nat outside


Then when someone wants to connect to the server from outside they connect to 195.77.10.3.


Any traffic originating from the server will be seen as 195.77.10.3 on the outside.


Jon


thomaslinder Sun, 07/06/2008 - 08:45
User Badges:

Hi Jon


At first, thank you for your response.

Concerning NAT I am quite certain I have understood the principle. My question was more pointed into the direction if I had to configure an IP Address on the interface or if I did not.


Just an example. I configure PAT on Fa0 and I have a bunch of private IPs on Fa2. So I configure NAT (PAT) using the overload switch. Now if traffic was to be sent from one of my internal clients to some extern host, what IP Address would that packet have in the header if I didn't configure a IP address on the interface? Is this possible at all?


And another theoretical question: What if I had two internal VLANs which both had their own IP Range (say one is 192.168.0.0/24 and the other is 192.168.1.0/24). Could I configure NAT in a way that traffic originating from 192.168.1.0 would show up as external IP Adress 194.33.74.2 and traffic originating from 192.168.0.0 would show up as external IP Address 194.33.74.3?


Could this be done using subinterfaces or would I have to use a second physical port on my router/switch? How would I configure something like that? How would the interface know which IP to use?



n.nandrekar Sun, 07/06/2008 - 09:43
User Badges:
  • Silver, 250 points or more

hi Thomas!

First of all, you do have to configure an ip on the link connected to to the isp as per the connectivity details provided.

You can use different access-lists and pools to configure different internal subnets to use different ip addresses.

As for your original problem, if you want the internal server to be reachable from outside (internet), then you cant use PAT, You will have to use static nat for that 1 address and the entire public ip is dedicated to the server.


Regards,

Niranjan

Jon Marshall Sun, 07/06/2008 - 11:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thomas


Few things to cover here.


If you want your internal LAN clients on private IP addresses to be able to communicate with servers/hosts on the Internet then yes your outside interface on your router needs an IP address and this IP address needs to be a publically routable address.


As Niranjan says if you want external hosts to be able to initiate a connection to your internal server you cannot use PAT for that server, you need to use one of your spare public IP addresses (or port forward but we'll ignore that for the moment).


Now the address you present the server as does not have to be allocated to any interface but that address must be routed from the Internet to the outside interface of your router, which it will because your ISP will be taking care of this.


To configure separate public IP's depending on the local subnet


access-list 101 permit ip 192.168.0.0 0.0.0.255 any


access-list 102 permit ip 192.168.1.0 0.0.0.255 any


ip nat pool inet_add1 194.33.74.2 194.33.74.2 netmask 255.255.255.248


ip nat pool inet_add2 194.33.74.3 194.33.74.3 netmask 255.255.255.248


ip nat inside source list 101 pool inet_add2 overload


ip nat inside source list 102 pool inet_add1 overload


Jon

thomaslinder Sun, 07/06/2008 - 11:44
User Badges:

Thank you Jon, I guess that answers most of my questions. Only one thing is left open.


Regarding the two ip nat pool lines you posted.


I see you create two pools where each basically contains a single IP address. Now how will the router know over which interface it will send the packet? Although I have configured the .2 public address, I do not have specified a configuration entry for the .3 public address in the interface configuration.


Will it look at the netmask (/29) and say: Oh, well, the .3 belongs to the same subnet as .2 does, so I am sending it via that interface as well? Or is there some other mechanism in place?


I am aware of the fact, that by using the accesslist you specify which hosts should have which outside ip address, I am only wondering how the router will know which interface basically has the .3 IP (since only the .2 is configured on the interface).


Thank you for your time.

Correct Answer
Jon Marshall Sun, 07/06/2008 - 11:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thomas


The router knows which interface because of the "ip nat inside" and "ip nat outside" statements in your configuration. So on your outside interface


int fa0/1

ip address 194.33.74.2 255.255.255.248

ip nat outside


As i say 194.33.74.3 must be routed back to the outside interface (fa0/1) of your router when traffic returns from the Internet but that is what the ISP does. They allocate you a /29 subnet and make sure that any traffic for IP addresses in that subnet are routed to your router.


Edit - just to clarify. The router knows which interface to send the packets out of due to it's routing table. So it consults it's routing table to find out how to get to the destination address and then when it routes it out of the fa0/1 interface it then gets natted because of the "ip nat outside" statement.


Apologies for any confusion.


Jon


thomaslinder Sun, 07/06/2008 - 12:01
User Badges:

Thank you Jon, that was all I wanted to hear (and now it really makes sense to me) :)

n.nandrekar Sun, 07/06/2008 - 11:55
User Badges:
  • Silver, 250 points or more

Hi Thomas,

The decision of sending a packet out of a perticular interface depends on the routing tables and routing information in the router. The Natting just changes the Source-IP address on the packets. It does NOT identify the outgoing interface. That is totally done by the routing table.

You might have a defau;lt route pointing out of the interface connected to ISP or you might have BGP peering with the ISP which will route the packets out of the interface.

hope I answered your question. (NAT has nothing to do with the outgoing interface except that "IP NAT outside" tells the router to perform NATTING -change source ip- when any packets are going out of that interface.)


Regards,

Niranjan

(please rate the posts if they helped)

Jon Marshall Sun, 07/06/2008 - 11:56
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thanks Niranjan, i just edited my post to include that info about the routing table but it's good we are both making the same point :-)


Jon

n.nandrekar Sun, 07/06/2008 - 12:00
User Badges:
  • Silver, 250 points or more

Yeah! Our responses kindda overlapped :)...


cheers!!!

thomaslinder Sun, 07/06/2008 - 12:02
User Badges:

Hi Niranjan

Thank you for your reply, I think I got the point. Now that makes perfectly sense :)

Actions

This Discussion