Cisco 857w - Difficult NAT/IP Situation

Unanswered Question
Aug 16th, 2010
User Badges:

Good afternoon, all.  I have been successfully using an 857W router in Pure RFC1483 Bridge Mode for some months.  I would really like to be able to get more of the functions of this router working, so I can get my "money's worth" and eliminate a few other pieces of equipment in the process.  I have been unsuccessful getting anything else to work.  Here is my ISP situation (addresses altered, of course): I have 8 non-contiguous IP addresses as part of a /24 block


11.22.33.99

11.22.33.166 through 11.22.33.172

Gateway = 11.22.33.1


If possible, I would like to hold 11.22.33.99 at the router and use it to NAT for DHCP (on the WLAN as well).  Then, I would like to have the rest of the block (11.22.33.166 through 11.22.33.172) bridged to the LAN ports for use in other parts of my network.  Is this possible to achieve?


Second, I would like to be able to use this router as an IPv6 tunnel endpoint, and DHCPv6 service.  I've read that it is not possible on this router, and I've also read that it is possible with the right IOS load, but I am not sure.  Comments?


I can provide config listings as necessary, though right now I have nothing set except a simple pure bridge configuration.  Thanks for your assistance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sugarpaddy Tue, 08/24/2010 - 00:32
User Badges:

Hi

What you need to do is setup a DMZ zone for all your other devices which you should be able to do through your router on SDM or through the routers web interface on the firewall configuration page.For internet usage you can use one IP address for your NAT.I have a similiar device at home 877w which i use as my home router.  I'm not sure about the IPv6 stuff sorry.


Martin

Phillip Pacier Mon, 11/01/2010 - 19:59
User Badges:

Forget the IPv6 stuff.  I'm aware now that the 857w is incorrectly advertised as supporting IPv6.


I think in order to accomplish my routing scheme, I need to employ IRB (Integrated Routing and Bridging) in some fashion, but I have followed several posts and I am not able to create a successful configuration.  The problem seems to be that certain commands I find in postings are not the same for my router, and I end up having to fend for myself anyway.  Here is what I have working so far, in pure RFC-1483 bridging mode, with DHCP working as well:


Router#show run
Building configuration...

Current configuration : 1442 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
clock timezone PST -8
clock summer-time PDT recurring
no ip routing
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.16.1 192.168.16.200
ip dhcp excluded-address 192.168.16.241 192.168.16.255
!
ip dhcp pool MyPool
   network 192.168.16.0 255.255.255.0
   dns-server 192.168.16.100
   default-router 192.168.16.100
!
!
no ip cef
!
!
!
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 0/35
  encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
ip virtual-reassembly
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.16.1 255.255.255.0
ip virtual-reassembly
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end


Again, I'm trying to have my public IP address of 11.22.33.99 end at the router, and be used by the DHCP server as its routing.  Then, I would like the rest of my public IP pool, which is 11.22.33.166-11.22.33.172 to be passed on to the FastEthernet bridge to be used directly with other machines.  Probably a crazy way of doing things, but I can't find a better solution to have all of my machines see each other on the LAN and have certain machines use certain public IP addresses.  I'm open to suggestion - thanks for any help!


Phil

Phillip Pacier Sun, 11/14/2010 - 22:06
User Badges:

OK I am getting close.  I think what I really am looking for is NAT.  I need to do a combination of static and dynamic NAT to accomplish my goal here.  What I cannot figure out is where to apply certain settings.  BVI1 should be the internal NAT, correct?  That seems fine, but what IP address do I assign for ATM0, which would be the outside nat?  Or do I have it all wrong?


Example static NATs:

ip nat inside source static 192.168.16.100 11.22.33.166
ip nat inside source static 192.168.16.101 11.22.33.167
ip nat inside source static 192.168.16.102 11.22.33.168


Dynamic NAT needs to route 11.22.33.99 WAN IP to every other address in the 192.168.16.0/24 block.  Posted below is my current working configuration, with pure RFC-1483 bridging and DHCP handled by the router.  Thanks for your help!


Router#show run
Building configuration...

Current configuration : 1442 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
clock timezone PST -8
clock summer-time PDT recurring
no ip routing
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.16.1 192.168.16.200
ip dhcp excluded-address 192.168.16.241 192.168.16.255
!
ip dhcp pool DHCPPOOL
   network 192.168.16.0 255.255.255.0
   dns-server 192.168.16.100
   default-router 192.168.16.100
!
!
no ip cef
!
!
!
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 0/35
  encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
ip virtual-reassembly
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.16.1 255.255.255.0
ip virtual-reassembly
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

Actions

This Discussion