Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2321
Views
0
Helpful
2
Replies

Using multiple IP addresses on a PPPoE dialer interface

Gerald Vogt
Level 3
Level 3

‎02-04-2009 09:49 PM - edited ‎03-04-2019 01:06 AM

We connect our Cisco 1812 with PPPoE to our ISP. We have a /29 subnet of public IP addresses. The ISP basically forwards all 6 addresses of the subnet through the PPPoE connection. The dialer interface is currently configured with one of these public IP addresses. Our LAN is a private IP address subnet and the router does NAT between the public IP address and the LAN.

Now we would like to make some use of those other IP addresses and set up an FTP server which is accessible through one of the other public IP addresses. The server should be in some DMZ outside the normal LAN. Only FTP should be accessible from the internet while the LAN should have full access to all services on the server.

However, I am not sure what the best way would be to go about this. I guess, it should be possible to setup a separate VLAN and do static NAT between one of the other public IP addresses and a DMZ IP address.

But I was wondering if it was possible to even assign a public IP address directly to the server and use some transparent firewalling to filter the traffic from the internet. The FTP server would be connected to one of the LAN ports of the 1812 and bridges the traffic from the internet to the FTP server, filtering everything except FTP if access it from the internet. Is this feasible?

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-05-2009 08:51 AM

Hello Gerald,

you probably could try to combine IRB (integrated routing and bridging) with the dialer.

the vlan SVI and the dialer interface would be configured with

int vlan 10

no ip address

bridge-group 1

int dialer1

no ip address

bridge-group 1

bridge 1 protocol ieee

bridge 1 route ip

int bvi1

! here the public ip address before on dialer

int fas0/x

switchport

switchport mode access

switchport access vlan 10

desc switch port for FTP server

you need to update the default route using the BVI as outgoing interface

in this way you don't need NAT.

Hope to help

Giuseppe

0 Helpful

Gerald Vogt
Level 3
Level 3
In response to Giuseppe Larosa

‎02-15-2009 03:21 AM

Thx, Giuseppe.

I have tried what you have suggested but it did not work. Nothing went through.

I eventually managed to get it working with ip unnumbered.

Basic setup:

int Vlan2

ip address (public ip address & mask)

int dialer 0

ip unnumbered Vlan2

Then dialer0 "borrows" the IP address of Vlan2 and I can use other public IP addresses on devices in vlan2.

I also had to modify the "ip nat inside" to overload with the IP address of Vlan2 instead of Dialer0. Anything else (default route, crypto maps, gre tunnels, filters/firewall, etc.) could remain on Dialer0 as it used to.

Filtering to the other public IP addresses is possible on the dialer 0 interface as well.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card