- Gold, 750 points or more
Cisco Designated VIP,
2017 LAN, WAN
There are a lot of discussions on how to setup the WAN router to allow internal hosts to access internet. Sometimes also question on how to use other public IP assigned by our ISP + some very basics QoS
I've decided to write a quick document with sample configurations:
Here a quick drawing to explain all configurations.
Let's assume some points:
A. 1 is our WAN subnet. Let's says we get subnet 220.127.116.11/29 from our ISP.
That means, we have IPs from 18.104.22.168 to 22.214.171.124. Our ISP IP is 126.96.36.199 and our WAN router interface is 188.8.131.52. Others IP are free to be used for whatever we want.
Usually, our ISP is routing remaining IPs (from 184.108.40.206 to 220.127.116.11) to our WAN router interface 18.104.22.168.
IP 22.214.171.124 is a static NAT for our internal server which have IP 192.168.1.10. This static nat is used to forward all ports (TCP and UDP) to our internal server. That means if someone is trying to access the IP 126.96.36.199 using smtp, the smtp traffic will be forwarded to our 192.168.1.10 internal server. We can do nat by restricting port, but in this example it was just to show up how to use a public IP assigned by our ISP that isn't configured to any of your router interfaces.
B. 2 is our LAN subnet, Let's say we have 192.168.1.0/24 as internal subnet.
C. We have 3 types of traffic: (our WAN bandwidth is 20Mbps)
- All voice traffic is prioritized with a bandwidth of 5Mbps
- Traffic incoming to IP 188.8.131.52 has a bandwidth reserved of 5Mbps
- All default traffic as default (no prioritization of bandwidth reservation)
D. our wan interface is Gi0/0 and LAN is Gi0/1
Now let's show the config:
A. WAN config interface and default route
description ### WAN interface ###
ip address 184.108.40.206 255.255.255.248
ip route 0.0.0.0 0.0.0.0 220.127.116.11
B. LAN interface configuration
description ### LAN interface ###
ip address 192.168.1.1 255.255.255.0
C. NAT Configuration (dynamic NAT to allow all internal hosts to access internet)
ip access-list NAT extended ip permit 192.168.1.0 0.0.0.255 any
ip nat inside source list NAT interface Gi0/0 overload
ip nat inside
ip nat outside
C. NAT configuration (static NAT) for our email server
ip nat inside source static 192.168.1.10 18.104.22.168
D. QoS configuration
==> Classify voice RTP traffic
access-list 100 permit udp any any range 16384 32767
match access-group 100
==> Classify traffic incoming to our email server
access-list 110 permit ip any host 22.214.171.124
match access-group 110
==> Configuration of outbound policy-map (from internal to internet)
==> Configuration of outbound policy-map (from internet to internal)
==> Apply policy-map to our WAN interface
service-policy output PMAP-OUT
service-policy input PMAP-IN
For you sure :-) , if you never done any QoS configuration, you'll ask the difference between bandwidth and priority. Here a Cisco documentation that's explaining all these stuffs: http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-pac...
Thanks so much for reading me
PS: Please don't forget to rate if this answered your question