Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cable Modem - Cisco Router Setup 1

Status
Not open for further replies.

Microbyte

Technical User
Feb 20, 2003
223
US
This came up as one of the BCRAN exam question.
But, more than that, I want to hook it up myself.
I have a cable modem currently hooked up by D-Link (consumer $50 version) router. I want to replace that with genuine cisco router and switch.
I recently bought Cisco 2900 series switch and 2500 series router. Want to hook up few of my PCs using NAT and all those nifty commands that goes with it.

My question is, what do I need to make this connection happen?
In terms of IP data, I would need my globally unique IP address and subnetmask and default gateway given by my cable modem service provider right?
Also, where the other end of RJ45 connection from the cable modem needs to hook-up?
Thanks in advance.


Microbyte
[medal][medal][medal][medal]
 
Here is a quick link that may help you.

there are two problems you have.
1. the 2500 router will not help you in this situation. You need a modular type of router 1700 or 2600 that has a Cable moden WIC card.
2. you need a static IP from your ISP, which cost a little more money than a regular ISP service.

if you get those two this will be your setup
ISP--------CiscoRouter------Switch----------PCs
Nat <-> Nat
Outside Inside

I wantd to do the do the same thing last year and decided to make it work with what I had.

This is I had to set up

ISP---- DLS modem----Switch-----Cisco2500----Switch----PCs
PC w/ICS NATout<->Natin
 
From looking at your set up, I see cisco 2500 series instead of 2600.
If I get DSL connection, i can use cisco 2500 series right?
with addition of 2 switches too?

Microbyte
[medal][medal][medal][medal]
 
I believe you can do it without a static IP, try this…

example:
ip subnet-zero
ip name-server x.x.x.x. (your ISP’s DNS server IP)
ip name-server x.x.x.x (ISP’s DNS server IP) you can add as many as you like…
ip dhcp excluded-address 10.10.10.1

Now here’s the internal IP config. In this case the internal network is 10.10.10.0:

ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2


Good Luck.
 
first thanks for helping me out here.
however, for me to execute those, i do need the right connector.

from the connection:
cable modem (RJ45) - Router (50 pin serial)

to hook up cable modem connection to the router, i would need a cable with Rj45 connection on one end and serial 50 pin connector at the other right? or is just a adaptor i need?
what does it called anyway? because i would like to search for it in the e-bay.
thanks


Microbyte
[medal][medal][medal][medal]
 
you will need two rj45 and a rj45 transformer that connects to youe ethernet port.

you need to connect you cable modem to your switch and the 2500 router(transformer) to the switch.
 
Sounds like you need an ethernet connection from your 2500 to your DSL modem. The problem appears to be that you are stuck with a serial connection on the 2500. If your 2500 has two ethernet ports, then you're ok. Use one for the DSL modem and the other for internal. If you only have a serial port and an ethernet port, then that won't work without adding an ethernet module if you can.

Does your ISP require any PPOE or anything like that? If not, then you just need to set up the router to get it's public IP with DHCP.

But...the big thing is, do you have two ethernet ports?

BierHunter
CNE, MCSE, CCNP
 
ahhh...the catch is 2 ethernet ports...darn!
i have 2501, 2502, 2503, Cat2924 and Pix501.

i recently disconnected my cable modem because of flapping link hindering traffic too often. It wasn't before, but their (Comcast) connection link is lousy.
So, i've placed an order for Verizon DSL and i believe it requires PPPoE for the hookup.

so, I really need cisco 2514 to make this happen...right?

Microbyte
[medal][medal][medal][medal]
 
If you have the 2600 and newer IOS, you can get a DSL WIC.
what I want to find is a WIC that supports cable.

what I have now is
ISP - isp cable router - hub -- FE0/0 2621 FE0/1 -- WS
static IPs NAT IPs


I asked for static IP's because I did not know how to set it up with DHCP address's from the ISP.
 
Yes, you need the 2514

but if my memory serves me correctly, you can not do NAT over ethernet ports. I not 100% sure though.
 
Thanks to every one of you!

Okay, now I'm shopping for Cisco 2514. Any IOS version I should avoid to buy which would hinder my mission? Is IOS version 11.1 good enough?
I know higher version and more memory is always better, but I've spent so much $ already.
However, one thing bothers me...

BSCI and BCRAN has NAT configuration simulation question. ISP is connected to serial port and is translated (overload)to local network which is connected to ethernet port of the router.
What is the case in that? I got the notion that it is possible to do NAT with just Cisco 2501 (1 ethernet port) instead of Cisco 2514 (2 ethernet ports), from that question.

LAN (Switch) - (Ethernet pt) NAT Router (Serial pt) - ISP

Microbyte
[medal][medal][medal][medal]
 
It can be done with the 2 router, but not the conventional way.


DSL---Eth port(routerA)ser port----ser port(routerB)eth port----switch-----Lan

perform NAT on router A.
 
I'll try that two router unconventional method until I get my hands on Cisco 2514. But the question still stands...

What's up with the BSCI (and BCRAN) one router simulation question then?

Microbyte
[medal][medal][medal][medal]
 
That question is based on the Corp. situation where the ISP is connected to the serial connection (ie. T1 or Framerelay) and you LAN connected to you eth port.

Unless you spend the money for a T1 coming into your home, you are stuck with the two router config.
 
Ahhh...I see. T1...Thanks Jsteve for the info.

Microbyte
[medal][medal][medal][medal]
 
Before I rush into buying 2511. I wanted to try this method as Jsteve as suggested.

So, I hooked it up, but I still have some problems.

PC1-(switch)--<E0>Router2501<S1>--<S0>Router2503<E0>--(switch)- PC2 and DSL modem
*I only have one switch 2924XL, so for the PC1 port = VLAN3 and PC2 and DSL modem port = VLAN1


I have used static NAT on Router2503.
So, here is my problem,
I can ping PC2 and DSL modem from PC1.
I cannot ping PC1 from PC2.
PC1 cannot access beyond DSL modem.

Here is my Router2503 config...

interface Ethernet0
ip address 192.168.1.200 255.255.255.0
no ip directed-broadcast
ip nat outside
ip ospf interface-retry 0
!
interface Serial0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
ip nat inside
ip ospf interface-retry 0
clockrate 500000
!
...omitted...
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
!
ip nat inside source static 192.168.100.105 192.168.1.105
ip classless

what am I missing? or is it something wrong with my switch setting? I am gearing towards the NAT router2503 as the curprit.
Thanks in advance.

Microbyte
[medal][medal][medal][medal]
 
The 2514 runs fine between the DSL/Cable modem and the network. NAT works fine over the ethernet ports. I have run this for 5 years now.

internet---Sonicwall/Webramp----hub----2514----LAN

The firewall does NAT as does the 2514 so there is a double NAT in effect. The hub gives me a "poor mans" DMZ . There is a terminal server sitting on the hub that I can get to either locally or remote.

On the earlier version of the 2500 IOS, you needed to have the enterprise code to get the PAT/NAT. This has changed with the newer versions. You can look up the code of the IOS at Cisco's site and get a listing of the feature set. You can also use a tool on Cisco's site to look up a command and it will tell you wich version of IOS has it or not. But that needs an account on Cisco's site.

MikeS


Find me at
&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu
 
wybnormal,

Can I see your NAT/PAT configuration?

Microbyte
[medal][medal][medal][medal]
 
!
interface Ethernet0
ip address 192.168.5.1 255.255.255.0
no ip directed-broadcast
ip nat inside
no cdp enable
!
interface Ethernet1
ip address 192.168.1.2 255.255.255.0
ip access-group 107 in
no ip directed-broadcast
ip nat outside
no cdp enable
!
ip nat inside source list 1 interface Ethernet1 overload
!
ip nat inside source static tcp 192.168.5.3 49 192.168.1.2 49 extendable
ip classless
::snip::
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.1.1.0 0.0.0.255

access-list 101 deny ip any any log-input
access-list 107 permit udp any any eq syslog
access-list 107 permit tcp host 192.168.1.10 any log
access-list 107 deny ip 0.0.0.0 255.255.0.0 any log
access-list 107 deny ip 211.0.0.0 0.255.255.255 any log
access-list 107 deny ip 210.0.0.0 0.255.255.255 any log
access-list 107 deny ip 10.0.0.0 0.255.255.255 any log
access-list 107 deny ip 172.0.0.0 0.255.255.255 any log
access-list 107 deny ip 127.0.0.0 0.255.255.255 any log
access-list 107 deny ip 255.0.0.0 0.255.255.255 any log
access-list 107 deny ip 224.0.0.0 0.255.255.255 any log
access-list 107 deny ip 192.168.5.0 0.0.0.255 any log
access-list 107 deny ip 211.104.0.0 0.0.255.255 any log
access-list 107 deny ip 211.105.0.0 0.0.255.255 any log
access-list 107 deny ip 211.106.0.0 0.0.255.255 any log
access-list 107 deny ip 211.107.0.0 0.0.255.255 any log
access-list 107 deny ip 211.108.0.0 0.0.255.255 any log
access-list 107 deny ip 211.109.0.0 0.0.255.255 any log
access-list 107 deny ip 211.110.0.0 0.0.255.255 any log
access-list 107 deny ip 211.111.0.0 0.0.255.255 any log
access-list 107 deny ip 211.112.0.0 0.0.255.255 any log
access-list 107 deny ip 211.113.0.0 0.0.255.255 any log
access-list 107 deny ip 211.114.0.0 0.0.255.255 any log
access-list 107 deny ip 211.115.0.0 0.0.255.255 any log
access-list 107 deny ip 211.116.0.0 0.0.255.255 any log
access-list 107 deny ip 211.117.0.0 0.0.255.255 any log
access-list 107 deny ip 211.118.0.0 0.0.255.255 any log
access-list 107 deny ip 211.119.0.0 0.0.255.255 any log
access-list 107 deny ip 213.137.0.0 0.0.255.255 any log
access-list 107 deny icmp any any echo log
access-list 107 deny tcp any any eq finger
access-list 107 permit ip any any

take a look at this config..

NAT on the ethernet side.. I'm using a single static and then overloading it (PAT). The accesslist 107 blocks some bothersome IP addresses along with some minor security.

MikeS


Find me at
&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top