cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
748
Views
0
Helpful
12
Replies

2811 with 4ESW - public IP on port e0/0/3

stoneystone
Level 1
Level 1

Does anyone have any information/advice on how to perform the following setup:

I have 2 networks running on the router:

fa0/0 has a 29 bit subnet with 6 usable public IP addresses - one being used by the router, and another being used by an internal device.

fa0/1 has a public IP that is subnetted with a 27 bit subnet.

I want to have a public IP address (in the same network as fa0/0) on fa0/0/3 - switch port.

I am running Version 12.4(3a).

Since this is one network, is it possible to setup the router to send all traffic to an ip address in that range?

Thanks for any advice or help.

1 Accepted Solution

Accepted Solutions

I would not use ACL for this, also considering that it's a FW you're connecting, should be able to look after himself.

Please remember to rate useful posts with the scrollbox below.

View solution in original post

12 Replies 12

paolo bevilacqua
Hall of Fame
Hall of Fame

Ys, the most common setup is that you give your device a private address, the set static NAT for an IP of your to got to it.

This gives to it "firewall protection.

If you want to have it public address and no NAT protection, either put a small switch, or move fa0/0 configiuration to vlan 1 then connect another port of the esw4 to isp router.

Paolo,

Thanks for you thoughts and input. Because of my current config, I didn't want to go with the vlan; I may eventually have to.

The router, fa0/0 and fa0/1, uses public IP addresses, and I don't want to disturb them.

Since the 4ESW is a layer 2 card, it doesn't let me give it an ip address, but I can put it on a vlan.

The static NAT may be a good solution, but I'm not exactly sure of the static config on the router. I'm more familar with e PIX/ASA, and It's not the same command(s).

I looked on Cisco's website but the static configs were a little unclear. Are routers basically the same? I have a block of public IP addresses and I can do a static NAT to an inside address? From the router?

Placing a switch in front of the router would give another point of failure, but may be the most simple and fast solution.

Once I get an interface passing traffic, I want to install a PIX firewall on it.

BTW, my software version: (C2800NM-ADVSECURITYK9-M), Version 12.4(3a).

Thanks a lot for your help.

ip nat source inside

That's it.

Apologies for the truly poor spelling of my first message - please ask for any clarification you may need.

No problem with the spelling; I didn't even notice. I really appreciate your help with this.

So, the static is close to the same as the firewall. After the static, are there access-lists that need to be added?

I would not use ACL for this, also considering that it's a FW you're connecting, should be able to look after himself.

Please remember to rate useful posts with the scrollbox below.

You have been more help than Cisco's TAC.

Well, I must be missing something. Here's the command I used:

ip nat inside source static

My IOS wouldn't let me use that exact command. I still can not pass traffic.

Can you check "show ip nat trnslation verbose" ?

Assuming you can ping the private address, the public is correctly routed by ISP, etc.

The 'ip nat translations verbose' comes up with nothing.

Because of the 4ESW card, does the fa0/0/2 interface need to be assigned to vlan1 - the default vlan?

I take that back. I think I have to get back to basics. I have a laptop connected to the switch port. I replaced the straight cable with a cross-over, and I get this, for the 'ip nat trans verb':

---

RT01#sh ip nat trans verb

Pro Inside global Inside local Outside local Outside global

--- xxx.xxx.xxx.190 192.168.123.1 --- ---

create 00:04:02, use 00:04:02 timeout:0,

flags:

static, use_count: 0, entry-id: 5, lc_entries: 0

I take it the 4ESW isn't auto-sensing.

Strange, for connecting a laptop to ESW ports, a straight cable should work, but not a crossed one.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: