| [HELP] Should be simple to config?! I'm already going to apologize for what I'm about to ask.
I just bought a Cisco 2811 for use at my office. Our WAN is consistent of a static private IP address from our next door neighbor. (We're a non-profit and they share their fiber link with us.)
Am I correct to think that I can use the 2 built in FE ports on the 2811? (Fast Ethernet 0/0 and Fast Ethernet 0/1) Or do I need to install a Fast Ethernet HWIC card to route WAN to LAN?
IE I want to bring my WAN into 0/0 and Route traffic from my LAN on Fast Ethernet 0/1. I had it all setup earlier and I just seem to be missing something. A coworker made the comment that we would have to use a HWIC to do this and frankly I'm not spending $330 to find out he's wrong.
Sample
Fast Ethernet 0/0 IP 192.168.10.250/24
Fast Ethernet 0/1 IP 10.0.0.1/24
with NAT and all that fun stuff.
Thanks |
|
|
|
Bink
join:2006-05-14
Denver, CO
kudos:4 | If the connection is provided to you via an Ethernet connection, the built-in Ethernet connections will work fine—no WICs needed. That said, try to get a static PUBLIC IP from your neighbor—multiple NATs are “the suck.” |
|
| Yeah they are not willing to give us a public IP. I really thought I could use the two on board FE's. I'll upload my current config and see what you have to say. |
|
| reply to alphaotoko9
Current configuration : 1316 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CCPTRC-R1
!
boot-start-marker
boot-end-marker
!
enable secret **************
enable password ************
!
no aaa new-model
!
resource policy
!
no network-clock-participate wic 0
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.9
ip dhcp excluded-address 10.0.0.161 10.255.255.254
!
ip dhcp pool LAN
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1
dns-server 208.67.222.222
lease 0 1
!
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
!
!
!
!
!
interface FastEthernet0/0
description $ETH-WAN$
ip address 192.168.10.250 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 10.0.0.1 255.0.0.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
no mop enabled
!
ip route 0.0.0.0 0.0.0.0 192.168.10.1 permanent
!
!
ip http server
no ip http secure-server
!
snmp-server community *********** RO
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password ***********
login
!
scheduler allocate 20000 1000
!
end |
|
aryobaPremium,MVM
join:2002-08-22
kudos:1 | From your description, I assume the following
* WAN (what your neighbor provides to you)
IP subnet: 192.168.10.0/24
WAN IP address: 192.168.10.250
Default Gateway: 192.168.10.1
* LAN (what your internal network uses)
IP subnet: 10.0.0.0/8
Default Gateway: 10.0.0.1
* Router FA0/0 connects to your neighbor's Ethernet connectivity while FA0/1 connects to your internal network.
With the above assumption, in general your configuration looks OK with additional NAT statement of something like the following
access-list 10 remark Permitted Subnets to go out
access-list 10 permit 10.0.0.0 0.255.255.255
!
ip nat inside source list 10 interface fastethernet0/0 overload
In addition, the FastEthernet0/1 interface speed and duplex setting should be auto/auto and not auto/full.
Suggestion:
You should not use the entire 10.0.0.0/8 subnet since it is gonna be too big of the network. What I suggest is to use just portion of it such as 10.0.0.0/24 so that you can save the rest of the 10.0.0.0/8 network for future use. |
|
| reply to alphaotoko9
Also, if they are also NAT'ing their traffic the double NAT'ing is definitely not a good idea for some apps... As long as you are just using it for Web browsing applications it should be ok. However, there are tons of instances that even some Web apps break. I do not have any specific examples, but there more than none...
on 2nd thought... I'd use a segment from their IP scheme and firewall it off from the rest of the 192... It should be a more NAT and ISP friendly... |
|
| reply to alphaotoko9
said by alphaotoko9:Am I correct to think that I can use the 2 built in FE ports on the 2811? (Fast Ethernet 0/0 and Fast Ethernet 0/1) Or do I need to install a Fast Ethernet HWIC card to route WAN to LAN? Yes to the first question. No to the second.
Mind you, your coworker's right about the HWIC, but as others have said, it's
a waste of money to get one for your needs
My only thoughts would be proper network segmentation / protection, especially
if your traffic types shouldn't mix -- ie. private data that shouldn't be running
around on a shared network.
Regards |
|
