Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2811 with 4ESW - public IP on port e0/0/3

Does anyone have any information/advice on how to perform the following setup:

I have 2 networks running on the router:

fa0/0 has a 29 bit subnet with 6 usable public IP addresses - one being used by the router, and another being used by an internal device.

fa0/1 has a public IP that is subnetted with a 27 bit subnet.

I want to have a public IP address (in the same network as fa0/0) on fa0/0/3 - switch port.

I am running Version 12.4(3a).

Since this is one network, is it possible to setup the router to send all traffic to an ip address in that range?

Thanks for any advice or help.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

I would not use ACL for this, also considering that it's a FW you're connecting, should be able to look after himself.

Please remember to rate useful posts with the scrollbox below.

12 REPLIES
Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

Ys, the most common setup is that you give your device a private address, the set static NAT for an IP of your to got to it.

This gives to it "firewall protection.

If you want to have it public address and no NAT protection, either put a small switch, or move fa0/0 configiuration to vlan 1 then connect another port of the esw4 to isp router.

New Member

Re: 2811 with 4ESW - public IP on port e0/0/3

Paolo,

Thanks for you thoughts and input. Because of my current config, I didn't want to go with the vlan; I may eventually have to.

The router, fa0/0 and fa0/1, uses public IP addresses, and I don't want to disturb them.

Since the 4ESW is a layer 2 card, it doesn't let me give it an ip address, but I can put it on a vlan.

The static NAT may be a good solution, but I'm not exactly sure of the static config on the router. I'm more familar with e PIX/ASA, and It's not the same command(s).

I looked on Cisco's website but the static configs were a little unclear. Are routers basically the same? I have a block of public IP addresses and I can do a static NAT to an inside address? From the router?

Placing a switch in front of the router would give another point of failure, but may be the most simple and fast solution.

Once I get an interface passing traffic, I want to install a PIX firewall on it.

BTW, my software version: (C2800NM-ADVSECURITYK9-M), Version 12.4(3a).

Thanks a lot for your help.

Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

ip nat source inside

That's it.

Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

Apologies for the truly poor spelling of my first message - please ask for any clarification you may need.

New Member

Re: 2811 with 4ESW - public IP on port e0/0/3

No problem with the spelling; I didn't even notice. I really appreciate your help with this.

So, the static is close to the same as the firewall. After the static, are there access-lists that need to be added?

Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

I would not use ACL for this, also considering that it's a FW you're connecting, should be able to look after himself.

Please remember to rate useful posts with the scrollbox below.

New Member

Re: 2811 with 4ESW - public IP on port e0/0/3

You have been more help than Cisco's TAC.

New Member

Re: 2811 with 4ESW - public IP on port e0/0/3

Well, I must be missing something. Here's the command I used:

ip nat inside source static

My IOS wouldn't let me use that exact command. I still can not pass traffic.

Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

Can you check "show ip nat trnslation verbose" ?

Assuming you can ping the private address, the public is correctly routed by ISP, etc.

New Member

Re: 2811 with 4ESW - public IP on port e0/0/3

The 'ip nat translations verbose' comes up with nothing.

Because of the 4ESW card, does the fa0/0/2 interface need to be assigned to vlan1 - the default vlan?

New Member

Re: 2811 with 4ESW - public IP on port e0/0/3

I take that back. I think I have to get back to basics. I have a laptop connected to the switch port. I replaced the straight cable with a cross-over, and I get this, for the 'ip nat trans verb':

---

RT01#sh ip nat trans verb

Pro Inside global Inside local Outside local Outside global

--- xxx.xxx.xxx.190 192.168.123.1 --- ---

create 00:04:02, use 00:04:02 timeout:0,

flags:

static, use_count: 0, entry-id: 5, lc_entries: 0

I take it the 4ESW isn't auto-sensing.

Hall of Fame Super Gold

Re: 2811 with 4ESW - public IP on port e0/0/3

Strange, for connecting a laptop to ESW ports, a straight cable should work, but not a crossed one.

151
Views
0
Helpful
12
Replies