Basic router configuration for NAT and QoS


Sun, 02/19/2017 - 09:35
Feb 19th, 2017
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2017 LAN, WAN

Hi everyone,

There are a lot of discussions on how to setup the WAN router to allow internal hosts to access internet. Sometimes also question on how to use other public IP assigned by our ISP + some very basics QoS

I've decided to write a quick document with sample configurations:

Here a quick drawing to explain all configurations.

Basic Design

Let's assume some points:

A.  1 is our WAN subnet. Let's says we get subnet from our ISP.

That means, we have IPs from to Our ISP IP is and our WAN router interface is Others IP are free to be used for whatever we want. 

Usually, our ISP is routing remaining IPs (from to to our WAN router interface

IP is a static NAT for our internal server which have IP This static nat is used to forward all ports (TCP and UDP) to our internal server. That means if someone is trying to access the IP using smtp, the smtp traffic will be forwarded to our internal server. We can do nat by restricting port, but in this example it was just to show up how to use a public IP assigned by our ISP that isn't configured to any of your router interfaces.

B.  2 is our LAN subnet, Let's say we have as internal subnet.

C.  We have 3 types of traffic: (our WAN bandwidth is 20Mbps)

 - All voice traffic is prioritized with a bandwidth of 5Mbps

 - Traffic incoming to IP has a bandwidth reserved of 5Mbps

 - All default traffic as default (no prioritization of bandwidth reservation)

D. our wan interface is Gi0/0 and LAN is Gi0/1

Now let's show the config:

A. WAN config interface and default route

interface Gi0/0

 description ### WAN interface ###

 ip address

 bandwidth 20000


ip route

B. LAN interface configuration

interface Gi0/1

 description ### LAN interface ###

 ip address

C. NAT Configuration (dynamic NAT to allow all internal hosts to access internet)

ip access-list NAT extended ip permit any


ip nat inside source list NAT interface Gi0/0 overload


interface Gi0/1

 ip nat inside


interface Gi0/0

 ip nat outside

C. NAT configuration (static NAT) for our email server

ip nat inside source static

D. QoS configuration

==> Classify voice RTP traffic

access-list 100 permit udp any any range 16384 32767

class-map voip 

  match access-group 100

==> Classify traffic incoming to our email server

access-list 110 permit ip any host

class-map email

  match access-group 110

==> Configuration of outbound policy-map (from internal to internet)

policy-map PMAP-OUT

  class voip

     priority 5000

  class class-default

==> Configuration of outbound policy-map (from internet to internal)

policy-map PMAP-IN

  class email

     bandwidth 5000

  class class-default

==> Apply policy-map to our WAN interface

interface Gi0/0

 service-policy output PMAP-OUT

 service-policy input PMAP-IN

For you sure :-) , if you never done any QoS configuration, you'll ask the difference between bandwidth and priority. Here a Cisco documentation that's explaining all these stuffs:

Thanks so much for reading me

PS: Please don't forget to rate if this answered your question



This Document

Related Content