- Gold, 750 points or more
Cisco Designated VIP,
2017 LAN, WAN
There are a lot of discussions on how to setup the WAN router to allow internal hosts to access internet. Sometimes also question on how to use other public IP assigned by our ISP + some very basics QoS
I've decided to write a quick document with sample configurations:
Here a quick drawing to explain all configurations.
Let's assume some points:
A. 1 is our WAN subnet. Let's says we get subnet 184.108.40.206/29 from our ISP.
That means, we have IPs from 220.127.116.11 to 18.104.22.168. Our ISP IP is 22.214.171.124 and our WAN router interface is 126.96.36.199. Others IP are free to be used for whatever we want.
Usually, our ISP is routing remaining IPs (from 188.8.131.52 to 184.108.40.206) to our WAN router interface 220.127.116.11.
IP 18.104.22.168 is a static NAT for our internal server which have IP 192.168.1.10. This static nat is used to forward all ports (TCP and UDP) to our internal server. That means if someone is trying to access the IP 22.214.171.124 using smtp, the smtp traffic will be forwarded to our 192.168.1.10 internal server. We can do nat by restricting port, but in this example it was just to show up how to use a public IP assigned by our ISP that isn't configured to any of your router interfaces.
B. 2 is our LAN subnet, Let's say we have 192.168.1.0/24 as internal subnet.
C. We have 3 types of traffic: (our WAN bandwidth is 20Mbps)
- All voice traffic is prioritized with a bandwidth of 5Mbps
- Traffic incoming to IP 126.96.36.199 has a bandwidth reserved of 5Mbps
- All default traffic as default (no prioritization of bandwidth reservation)
D. our wan interface is Gi0/0 and LAN is Gi0/1
Now let's show the config:
A. WAN config interface and default route
description ### WAN interface ###
ip address 188.8.131.52 255.255.255.248
ip route 0.0.0.0 0.0.0.0 184.108.40.206
B. LAN interface configuration
description ### LAN interface ###
ip address 192.168.1.1 255.255.255.0
C. NAT Configuration (dynamic NAT to allow all internal hosts to access internet)
ip access-list NAT extended ip permit 192.168.1.0 0.0.0.255 any
ip nat inside source list NAT interface Gi0/0 overload
ip nat inside
ip nat outside
C. NAT configuration (static NAT) for our email server
ip nat inside source static 192.168.1.10 220.127.116.11
D. QoS configuration
==> Classify voice RTP traffic
access-list 100 permit udp any any range 16384 32767
match access-group 100
==> Classify traffic incoming to our email server
access-list 110 permit ip any host 18.104.22.168
match access-group 110
==> Configuration of outbound policy-map (from internal to internet)
==> Configuration of outbound policy-map (from internet to internal)
==> Apply policy-map to our WAN interface
service-policy output PMAP-OUT
service-policy input PMAP-IN
For you sure :-) , if you never done any QoS configuration, you'll ask the difference between bandwidth and priority. Here a Cisco documentation that's explaining all these stuffs: http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-pac...
Thanks so much for reading me
PS: Please don't forget to rate if this answered your question