Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

c831 config

Hi,

<br />

<br />I config the cisco 831 (E x 2, FE x 4) and I do not know the DMZ setting to be correct or not.

<br />

<br />1. ISP give me /29 IP block (e.g. 201.1.1.1 - 201.1.1.7)

<br />2. I assign 201.1.1.2 to be Web server, 201.1.1.3 to be mail server

<br />3. the connection is PPPoE.

<br />4. Internal IP address is 192.168.20.0/24

<br />

<br />There are 4 FE ports. I connect

<br />

<br />Port 1 (FE) mail server

<br />port 2 (FE) web server

<br />port 3 (FE) spare

<br />port 4 (FE) Internal segment

<br />

<br />

<br />However, the internal PC cannot access Internet. how to enable the NAT on the box? any setting incorrect or missing?

<br />

<br />rdgs

<br />

<br />

<br />below is router config:

<br />

<br />

<br />Config

<br />!

<br />hostname GZ_office

<br />!

<br />interface ethernet0

<br />ip address 201.1.1.1 255.255.255.248

<br />!

<br />interface Ethernet1

<br /> no ip address

<br /> no ip unreachables

<br /> duplex auto

<br /> pppoe enable group global

<br /> pppoe-client dial-pool-number 1

<br />!

<br />!

<br />!

<br />!

<br />!

<br />interface FastEthernet1

<br /> description to mail server

<br />!

<br />interface FastEthernet2

<br /> description to web server

<br />!

<br />interface FastEthernet3

<br /> description spare

<br />!

<br />interface FastEthernet4

<br /> description to internal segment 192.168.20.0/24

<br />!

<br />interface Dialer1

<br /> ip address negotiated

<br /> ip mtu 1492

<br /> encapsulation ppp

<br /> ip tcp adjust-mss 1452

<br /> no ip mroute-cache

<br /> dialer idle-timeout 0

<br /> dialer hold-queue 100

<br /> dialer persistent

<br /> no cdp enable

<br /> ppp authentication pap chap callin

<br /> ppp pap sent-username xxxxxxx@yyyyyyyyy password 7 123456789

<br />!

<br />!

<br />!

<br />ip route 0.0.0.0 0.0.0.0 Dialer1

<br />!

<br />

<br />

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: c831 config

Hi,

FE1 and FE2 are controlled by the configuration of Eth 0.

7 REPLIES
Hall of Fame Super Gold

Re: c831 config

Hi, see for example:

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/pppoenat.html

Note with recent IOS don't need the "pppoe enable group" as well none of the vpdn stuff.

Then if you want to make special use of ethernet 2 as dmz (2nd internal lan segment) here's how:

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xr/dmz_port.html

New Member

Re: c831 config

Hi,

I should change followings:

1. setup VLAN1

interface vlan 1

ip address 192.168.20.1 255.255.255.0

ip nat inside

2. move the internal segment to E1 (192.168.20.0/24)

3. re-config FE4

interface FastEthernet 4

no ip address

ip nat outside

pppoe enable group global

pppoe-client dial-pool-number 1

4. conf the NAT

ip nat inside source list 1 interface dialer 0 overload

access-list 1 permit 192.168.20.0 0.0.0.255

5. keep the mail/web servers to FE1 and FE2

any missing?

rdgs

Hall of Fame Super Gold

Re: c831 config

Hmm no. On your router model, the wan port is eth 1 and gets pppoe , the internal segment is ethernet 0, and there is no vlan.

Then an additional internal subnet can be attached on FA4 and is software configured as Eth 2.

New Member

Re: c831 config

Hi,

the changing should be

1. setup VLAN1

interface vlan 1

ip address 192.168.20.1 255.255.255.0

ip nat inside

2. move the internal segment to E2 (192.168.20.0/24)

3. conf the NAT

ip nat inside source list 1 interface dialer 0 overload

access-list 1 permit 192.168.20.0 0.0.0.255

4. keep the mail/web servers to FE1 and FE2

any missing?

rdgs

Hall of Fame Super Gold

Re: c831 config

As mentioned above, the 831 doesn't have VLAN, and you configure the internal segment under Eth 0.

New Member

Re: c831 config

Hi,

the changing is

the changing should be

1. connect internal segment to E0

interface e0

ip address 192.168.20.1 255.255.255.0

ip nat inside

2. conf the NAT

ip nat inside source list 1 interface dialer 0 overload

access-list 1 permit 192.168.20.0 0.0.0.255

3. keep the mail/web servers to FE1 and FE2

any missing? BTW, how the router know the dmz in FE1 and FE2?

rdgs

Hall of Fame Super Gold

Re: c831 config

Hi,

FE1 and FE2 are controlled by the configuration of Eth 0.

170
Views
0
Helpful
7
Replies