Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Basic router configuration for NAT and QoS
There are a lot of discussions on how to setup the WAN router to allow internal hosts to access internet. Sometimes also question on how to use other public IP assigned by our ISP + some very basics QoS
I've decided to write a quick document with sample configurations:
Here a quick drawing to explain all configurations.
A. 1 is our WAN subnet. Let's says we get subnet 126.96.36.199/29 from our ISP.
That means, we have IPs from 188.8.131.52 to 184.108.40.206. Our ISP IP is 220.127.116.11 and our WAN router interface is 18.104.22.168. Others IP are free to be used for whatever we want.
Usually, our ISP is routing remaining IPs (from 22.214.171.124 to 126.96.36.199) to our WAN router interface 188.8.131.52.
IP 184.108.40.206 is a static NAT for our internal server which have IP 192.168.1.10. This static nat is used to forward all ports (TCP and UDP) to our internal server. That means if someone is trying to access the IP 220.127.116.11 using smtp, the smtp traffic will be forwarded to our 192.168.1.10 internal server. We can do nat by restricting port, but in this example it was just to show up how to use a public IP assigned by our ISP that isn't configured to any of your router interfaces.
B. 2 is our LAN subnet, Let's say we have 192.168.1.0/24 as internal subnet.
C. We have 3 types of traffic: (our WAN bandwidth is 20Mbps)
- All voice traffic is prioritized with a bandwidth of 5Mbps
- Traffic incoming to IP 18.104.22.168 has a bandwidth reserved of 5Mbps
- All default traffic as default (no prioritization of bandwidth reservation)
D. our wan interface is Gi0/0 and LAN is Gi0/1
Now let's show the config:
A. WAN config interface and default route
description ### WAN interface ###
ip address 22.214.171.124 255.255.255.248
ip route 0.0.0.0 0.0.0.0 126.96.36.199
B. LAN interface configuration
description ### LAN interface ###
ip address 192.168.1.1 255.255.255.0
C. NAT Configuration (dynamic NAT to allow all internal hosts to access internet)
ip access-list NAT extended ip permit 192.168.1.0 0.0.0.255 any
ip nat inside source list NAT interface Gi0/0 overload
ip nat inside
ip nat outside
C. NAT configuration (static NAT) for our email server
ip nat inside source static 192.168.1.10 188.8.131.52
D. QoS configuration
==> Classify voice RTP traffic
access-list 100 permit udp any any range 16384 32767
match access-group 100
==> Classify traffic incoming to our email server
access-list 110 permit ip any host 184.108.40.206
match access-group 110
==> Configuration of outbound policy-map (from internal to internet)
==> Configuration of outbound policy-map (from internet to internal)