cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1284
Views
0
Helpful
16
Replies

on WAN interface /29

Joli Martinez
Level 1
Level 1

I have a small 871 router and my ISP is giving me a /29 but I only have one WAN interface.  What would be the easiest solution to split that /29 using the 871 which has some QoS setting on their.

The 871 has 1WAN and 4 LAN ports.  I would like ports 1-3 on the LAN side to be public IP's and port 4 to be a LAN IP.  And then all internet comes in through port 5.

I will have two VLAN's one for the Private IP which should route through the 871 and the public's which should also route through the 871.

thanks,

16 Replies 16

Hello,

1- The private LAN on port 4 also has access to Internet or just has access to ports 1-3 ?

2- Only 3 hosts are connected to ports 1-3 or more by a switch?

Masoud

all ports will have access to the internet

871 has 4 ports + WAN lets call WAN port 5

Ports 1-3 will be public (the ones assigned by my ISP).  NO firewall or anything just straight public to the internet

Port 4 will be my Private 192.168.x.0/24 space.  It will require internet access as well through any of the public IP's (I can take care of this through the nat overload).

Port 5 is the incomming connection to my ISP. (NOT sure how to set him up, but he is the only physical connection to my ISP).

Do you have any hosts connected to port 1-3. I mean are you going to set public IPs directly on hosts connected to ports 1-3? How many if you have hosts with public IP?

Masoud

YES I will be connecting 3 hosts directly to ports 1-3.  I have a /29 so 5 usable IP's

Suppose you have

int VLAN 1    [ for port1-3]

100.100.100.1  255.255.255.248   [public IP]

int vlan 2  [ port 4]

ip address 192.168.1.1 255.255.255.0   [private IP]

Ip nat inside

Ask your ISP to put a private IP on their side. For example, 10.1.1.1

interface [port 5]

des ISP

ip address 10.1.1.2  255.255.255.252

ip nat outside

 

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip nat pool my-public 100.100.100.5  100.100.100.5  prefix-length 29
ip nat inside source list 10 pool my-public overload
access-list 10 permit 192.168.1.0 0.0.0.255

Host 1 : 100.100.100.2

Host 2 : 100.100.100.3

Host 3 : 100.100.100.4

NAT IP  100.100.100.5

Hope it helps,

Masoud

My provider will only give me 5 public IP's they will not give me privates.  I could put a switch in front of it, but I phones that will be connected behind the 871 so I need to route everything behind the 871 to have my QoS to work.

What are my options?

Most of service providers give /30 IP for the link. Ask them to make sure.

If you put a switch in front  of it, you can connect your hosts and port 5 directly to the switch and set a public IP on port5. NAT configuration will be the same as my my previous comment.

Masoud

I called them and the will not change it.  They want to charge me extra to do this.  Their equipment has a 4 port switch which I can use, but again I will be plugging in some phone into this network and I need to make sure the QoS policy is enabled.  

This is what I can not change.  My ISP will give me 5 public IP not privates or a /30.  I need to somehow route everything behind my 871.   I will use some of the publics on the 871 as well as a 192 private network.

How can I make this work given the scenerio?

There is no other way I can think of.

Does your QOS work with static NAT?

Assign private IPs to those 3 hosts and do static NAT on you router.

You have not responded to my post suggesting that you leave the ISP provided addresses as a single /29 and then do static NAT for the three devices that you would like to have public addresses. Is there some reason why you believe that this would not work?

HTH

Rick

HTH

Rick

Hello Richard,

The OP probably decided to use static NAT.

https://supportforums.cisco.com/discussion/12727936/allow-all-ports-one-internal-host

Masoud

Masoud

I am glad that you have identified that the same poster has another post about an 871 router and perhaps it is the same situation showing up in a new post. And if he has decided to do static NAT then it is the solution that I had suggested.

But this new post is pretty specific about it being a connection for SIP and it asks about traffic for 2 ports where this discussion is about 3 ports having Public IP and does not mention SIP.

So I guess that we need the original poster to clarify whether both posts are about  the same issue or whether it is two issues.

HTH

Rick 

HTH

Rick

Since this discussion was not completed,  I preferred not to follow the new post by OP.

Res

Masoud

Masoud

I certainly understand not wanting to follow a post which appears to duplicate a discussion that is still not completed. We will need to have the original poster clarify whether both posts are about the same issue of whether the second post is really a new issue (that might appear to be similar).

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: