Re: Help required with Lan Routing for BTNet 10MB Lease Line

davids355 · ‎03-07-2012

Hi everyone,

First of all I apologise if I have posted in the wrong section, I am quite new to this area of IT and Cisco in general, so was not sure where to post.

Basically I have a BTNet 10MB lease line installed on site, it has been presented via FSP150CP (BTs Fibre modem I beleive).

I have been advised by BT that I need a Cisco Router to bring the WAN connection into our local network, and on reading up I understand that I may also need a Firewall so as our LAN is not directly internet facing.

In addition, we have a block of 254 public IP addresses - In reality I would prefer to simply use Port forwarding but there may be a few circumstances where I need to assign public IPs to devices on our LAN.

I am proficient in IT and SME network infrastructure, but this scenario is at the far reach of my knowledge.

I hope someone can give me a few pointers as to what hardware I will need and also the logistics of networking this system.

Thanks in advance.

DuncanM2008 · ‎03-07-2012

Hi David,

With a BTNet product I would expect BT to be installing a managed Cisco router that will be connected to the ADVA FSP150CP unit.

BTNet products are 98% of the time a managed service unless you specify wires only which normally means operating a BGP peering with BT.

Basically you should be expecting an engineer + Cisco router at some point, what have BT actually told you?

Once the Router is commisioned then you're correct you'll need to source a firewall and have that configured.

Thanks,

davids355 · ‎03-07-2012

Hi Duncan, thanks for your quick response.

In this case we (our client) went for the unmanaged option with BT, and thus we do not have a Cisco Router, but just the BT Fibre termination and the presentation of a LAN port.

DuncanM2008 · ‎03-07-2012

Hi David,

Ok there's always a first for everything, what have they given you in terms of circuit information?

I.e. IP's , link addressing, authentication, upstream router information, default routing or BGP?

In terms of hardware choices there's probably several options available that will suffice probably one of the ISR G2's will do, have you ordered 10Mb on a 100Mb bearer i.e. do you have options availble to add bandwidth going forward?

Thanks,

davids355 · ‎03-07-2012

Hi Duncan,

Yes we are using a 10MB on a 100MB bearer.

Re configuration, we have a welcome pack but the only real info given is that we have a 100MB port to connect to, its atandard routing I beleive, and we have BTNet access router address, and a block of 254 usable addresses.

In reality we wont need the public IPs we will probably work mostly with port mappings as our setup is very small.

DuncanM2008 · ‎03-07-2012

In that case you need to determine your router IP, it's most likely going to be the same as the BT access router address +1.

For example if it was .253 you should be .254 although I would clarify that with BT.

The link to the access router is normally a /30 giving you two useable addresses one for the BT router and one for yours.

Your IP will be configured on whichever interface you connect to the ADVA (BT facing interface), then your 254 IP block will be configured on a 2nd router interface taking one IP to represent the router in this subnet. Once you have that you configure your firewalls WAN / Outside interface with another IP from the subnet and set its default gateway to be your Cisco router.

You'll also need a default / wildcard static route on your cisco router pointing at the outgoing BT interface or the address of the BT access router.

How's that sound so far? Any questions?

Cheers,

Dunc

Sent from Cisco Technical Support iPhone App

davids355 · ‎03-07-2012

Yes that does make sense.

So I need two routers and I firewall? Is there not a single device that could do the job? This is really a small setup - We only have 40 devices max on the LAN, and we're actually migrating from a standard adsl broadband!

darren.g · ‎03-07-2012

david silvester wrote:

Yes that does make sense.

So I need two routers and I firewall? Is there not a single device that could do the job? This is really a small setup - We only have 40 devices max on the LAN, and we're actually migrating from a standard adsl broadband!

David.

You could pretty easily do this with an ASA5510 (or maybe even a 5505, depending on how much scalability you want in your network). The 5505 gives you 8 switchable ports, and will handle up to 150 Mb/s of firewall throughput - even allowing for full duplex, your 10 meg link is only going to need 20 Mb/s of that.

Using a firewall as your "core" router is not exactly ideal, but it will work, provided you only need static routing (or OSPF at worst, although I'm not sure if the 5505 actually supports OSPF), but it's a pretty decent learning curve if you've never configured one of them before. But it will save you in the number fo devices you need to purchase if that's the important bit.

Really recommend you find a local consultant who can help you out, though. Scoping and configuring something like the via internet forums will usually get you what you pay for, because the whole picture is not visible in a discussion forum. :-)

Cheers.

davids355 · ‎03-08-2012

^^ Thanks very much for your help guys. The smaller units you have suggested seem like a good option.