Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Gateway for 3640 router
- Thread starter tomtng
- Start date
- Thread starter
- #3
- Thread starter
- #4
here is some more infor.
we want to have two networks. one for our IP phones and one for data. the IP phones will be connected to 3500 switches, and the data is connected to 2900 switches. the 3640 router has 5 fastethernet and a token ring port.
i was able to assign ip address to those ports(excluded tokenring). however, i dont know how to route/ setup one of those port for the WAN to our ISP's router.
any suggestion is greatly appriciated!
we want to have two networks. one for our IP phones and one for data. the IP phones will be connected to 3500 switches, and the data is connected to 2900 switches. the 3640 router has 5 fastethernet and a token ring port.
i was able to assign ip address to those ports(excluded tokenring). however, i dont know how to route/ setup one of those port for the WAN to our ISP's router.
any suggestion is greatly appriciated!
Hello
You will need something like this to start of :-
interface FastEthernet0
ip address 200.xxx.xxx.1 255.255.255.0 (WAN INTERFACE)
ip nat outside
interface FastEthernet1
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface FastEthernet2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip nat inside source list 1 FastEthernet2 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
let's us know how it goes! The more advance configuration can be done afer you have connectivity.
Regards
You will need something like this to start of :-
interface FastEthernet0
ip address 200.xxx.xxx.1 255.255.255.0 (WAN INTERFACE)
ip nat outside
interface FastEthernet1
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface FastEthernet2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip nat inside source list 1 FastEthernet2 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
let's us know how it goes! The more advance configuration can be done afer you have connectivity.
Regards
- Thread starter
- #6
Hello
Copy the above text into notepad,clean it up!Change the ports to ethernet with correct number,also replace ip address.The on the router go into global configuration mode,(example below)and paste the configuration.
Router(config)#
Regards
Copy the above text into notepad,clean it up!Change the ports to ethernet with correct number,also replace ip address.The on the router go into global configuration mode,(example below)and paste the configuration.
Router(config)#
Regards
- Thread starter
- #8
below is my current config:
doctor#show running-config
Building configuration...
Current configuration : 1256 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service password-recovery
!
hostname doctor
!
enable secret 5 $1$onCF$bXXZzqBJaSleZtuz1smDC/
enable password xxxx
!
ip subnet-zero
no ip routing
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
no ip mroute-cache
speed auto
half-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/0
ip address 192.168.8.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/1
ip address 192.168.7.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet2/0
no ip address
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface TokenRing2/0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
ring-speed 16
no cdp enable
!
ip classless
ip http server
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password xxxx
login
!
end
doctor#show running-config
Building configuration...
Current configuration : 1256 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service password-recovery
!
hostname doctor
!
enable secret 5 $1$onCF$bXXZzqBJaSleZtuz1smDC/
enable password xxxx
!
ip subnet-zero
no ip routing
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
no ip mroute-cache
speed auto
half-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/0
ip address 192.168.8.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/1
ip address 192.168.7.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet2/0
no ip address
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface TokenRing2/0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
ring-speed 16
no cdp enable
!
ip classless
ip http server
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password xxxx
login
!
end
Hello
Which interface is connected to the ISP and did they give you a public address or is it DHCP service.Use these steps to configure the Router.Note I assumming that interface FastEthernet0/0 is the WAN interface.
Router>enable
Router#configure terminal
Router(config)#ip routing
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source list 1 FastEthernet0/0 overload
Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.7.0 0.0.0.255
Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Regards
Which interface is connected to the ISP and did they give you a public address or is it DHCP service.Use these steps to configure the Router.Note I assumming that interface FastEthernet0/0 is the WAN interface.
Router>enable
Router#configure terminal
Router(config)#ip routing
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source list 1 FastEthernet0/0 overload
Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.7.0 0.0.0.255
Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Regards
- Thread starter
- #10
Yes...also, Minue, you have in your sample config ip nat outside, inside and inside again, all on int fa0/0...I know this is a typo, and not what you meant. tomtng, what he means is that ip nat outside goes on the WAN interface, and ip nat inside goes on all the LAN interfaces. Here is how you configure the router as a dhcp server...
router>en
router#conf t
router(config)#ip dhcp pool whatever
router(dhcp-config)#default-router (IP address of data int goes here)
You can also configure the pool for dns-server, domain-name, lease, etc---just hit the "?"
router(dhcp-config)#?
Like that. When done with the dhcp parameters, exit...
router(dhcp-config)#exit
router(config)#
Then you can tell the router about addresses you do NOT want it handing out...
router(config)#ip dhcp excluded-address 192.168.4.1 192.168.7.1
Just list them, if there is more than one. Whatever the network you want for dhcp is attached to is what you specify as the default-router. For example, if 192.168.4.0/24 is the data network, and you want the router to hand out addresses, then
router(dhcp-config)#default-router 192.168.4.1
Like that.
Burt
router>en
router#conf t
router(config)#ip dhcp pool whatever
router(dhcp-config)#default-router (IP address of data int goes here)
You can also configure the pool for dns-server, domain-name, lease, etc---just hit the "?"
router(dhcp-config)#?
Like that. When done with the dhcp parameters, exit...
router(dhcp-config)#exit
router(config)#
Then you can tell the router about addresses you do NOT want it handing out...
router(config)#ip dhcp excluded-address 192.168.4.1 192.168.7.1
Just list them, if there is more than one. Whatever the network you want for dhcp is attached to is what you specify as the default-router. For example, if 192.168.4.0/24 is the data network, and you want the router to hand out addresses, then
router(dhcp-config)#default-router 192.168.4.1
Like that.
Burt
Hi
Burt good spotting!It was a long week for me ;-)
As far as the DHCP server,use the config that Burt posted.
I don't know why you want the ip phones to get the address from the ISP DHCP server.It looks a bit tricky!But anyway this can be done,with the "ip helper-address" command.Anyway try to get the data network up and running with the examples that we posted.Then you can pass on to the VOIP network.
Regards
Burt good spotting!It was a long week for me ;-)
As far as the DHCP server,use the config that Burt posted.
I don't know why you want the ip phones to get the address from the ISP DHCP server.It looks a bit tricky!But anyway this can be done,with the "ip helper-address" command.Anyway try to get the data network up and running with the examples that we posted.Then you can pass on to the VOIP network.
Regards
- Thread starter
- #15
thank you much guys.
Our ISP also running our voip phones, so having the router act as DHCP for both networks might cause conflict (my guess).
i got Burt's correction, but i don't understand this part of Minue's:
Router(config)#ip nat inside source list 1 FastEthernet0/0 overload - what exactly this does? if it's nat inside, then i should use LAN ports right?
Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255 -what is this? is it my LAN ip ?
Router(config)#access-list 1 permit 192.168.7.0 0.0.0.255 --this?
Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
thanks!
Our ISP also running our voip phones, so having the router act as DHCP for both networks might cause conflict (my guess).
i got Burt's correction, but i don't understand this part of Minue's:
Router(config)#ip nat inside source list 1 FastEthernet0/0 overload - what exactly this does? if it's nat inside, then i should use LAN ports right?
Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255 -what is this? is it my LAN ip ?
Router(config)#access-list 1 permit 192.168.7.0 0.0.0.255 --this?
Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
thanks!
Hello
The below line tell the Router to perform PAT/NAT on that WAN interface .That's changing the private addresses to public.This can also be a pool of public addresses.Do you have a public address for the WAN interface or will it be this 192.168.5.1.
Router(config)#ip nat inside source list 1 FastEthernet0/0 overload
These two tell the router when it see those address,to NAT them.
Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.7.0 0.0.0.255
The last command tells the Router if it see any traffic from IP addresses it doesn't know about (Which would be internet addresses),to send them to WAN interface.
Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Regards
The below line tell the Router to perform PAT/NAT on that WAN interface .That's changing the private addresses to public.This can also be a pool of public addresses.Do you have a public address for the WAN interface or will it be this 192.168.5.1.
Router(config)#ip nat inside source list 1 FastEthernet0/0 overload
These two tell the router when it see those address,to NAT them.
Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.7.0 0.0.0.255
The last command tells the Router if it see any traffic from IP addresses it doesn't know about (Which would be internet addresses),to send them to WAN interface.
Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Regards
- Thread starter
- #17
I kind of sum up my understanding, so let me know if i miss anything.
step 1 -Router>enable
2-Router#configure terminal
3-Router(config)#ip routing
4-Router(config)#interface FastEthernet0/0
5-Router(config-if)#ip nat outside
6-Router(config-if)#exit
7-Router(config)#interface FastEthernet0/1
8-Router(config-if)#ip nat inside
9-Router(config-if)#exit
10-Router(config)#interface FastEthernet1/0
11-Router(config-if)#ip nat inside
12-Router(config-if)#exit
13-Router(config)#ip nat inside source list 1
FastEthernet0/0 overload
14-Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255
15-Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
16-Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
note: step 4 - e0/0 is my WAN, is my public ip goes here or my IPS's gateway ip? what's the difference anyways?
-e0/1 is for my IP phones network 192.168.4.1
-e1/0 is for my data network 192.168.8.1
to configure router's DHCP for data network:
1-router>en
2-router#conf t
3-router(config)#ip dhcp pool 9
4-router(dhcp-config)#default-router 192.168.8.1
5-router(dhcp-config)#exit
6-router(config)#ip dhcp excluded-address 192.168.4.1 192.168.8.1 192.168.6.1(ips's gateway)
thanks!
step 1 -Router>enable
2-Router#configure terminal
3-Router(config)#ip routing
4-Router(config)#interface FastEthernet0/0
5-Router(config-if)#ip nat outside
6-Router(config-if)#exit
7-Router(config)#interface FastEthernet0/1
8-Router(config-if)#ip nat inside
9-Router(config-if)#exit
10-Router(config)#interface FastEthernet1/0
11-Router(config-if)#ip nat inside
12-Router(config-if)#exit
13-Router(config)#ip nat inside source list 1
FastEthernet0/0 overload
14-Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255
15-Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
16-Router(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
note: step 4 - e0/0 is my WAN, is my public ip goes here or my IPS's gateway ip? what's the difference anyways?
-e0/1 is for my IP phones network 192.168.4.1
-e1/0 is for my data network 192.168.8.1
to configure router's DHCP for data network:
1-router>en
2-router#conf t
3-router(config)#ip dhcp pool 9
4-router(dhcp-config)#default-router 192.168.8.1
5-router(dhcp-config)#exit
6-router(config)#ip dhcp excluded-address 192.168.4.1 192.168.8.1 192.168.6.1(ips's gateway)
thanks!
Hello
A WAN interface is different to a LAN,so the configuration must be accurate.For the DHCP pool,you can only exclude ip addresses on the same subnet.So these two aren't valid 192.168.4.1,192.168.6.1 for this pool.Remember to put the network command.
router(dhcp-config)#network 192.168.8.0
Regards
A WAN interface is different to a LAN,so the configuration must be accurate.For the DHCP pool,you can only exclude ip addresses on the same subnet.So these two aren't valid 192.168.4.1,192.168.6.1 for this pool.Remember to put the network command.
router(dhcp-config)#network 192.168.8.0
Regards
Yes---public IP addresses are routeable on the internet, whereas private IP addresses are NOT---many people in the world can use the same public IP addresses, but behind their own routers, which separate networks. Public IP addresses are ALL unique. Therefor, private IP addresses are NOT routeable on the internet, and so must be translated (NAT) to public IP addresses. The overload keyword specifies that PAT will be used, or Port Address Translation (many-to-one NAT)---that way, the same IP address is translated multiple times, because the ports (layer 4, TCP/UDP) are different.
For more information on private IP addresses, see RFC 1918.
If your fa0/0 interface connects to a modem, then use a private IP address on fa0/0, with the modem in bridge mode. If this is the case, the NAT configuration is not needed at all---this depends on the ISP---sometimes, they have an ethernet handoff with the public IP configured on your router---if this is the case, then NAT is indeed necessary.
Burt
For more information on private IP addresses, see RFC 1918.
If your fa0/0 interface connects to a modem, then use a private IP address on fa0/0, with the modem in bridge mode. If this is the case, the NAT configuration is not needed at all---this depends on the ISP---sometimes, they have an ethernet handoff with the public IP configured on your router---if this is the case, then NAT is indeed necessary.
Burt
- Thread starter
- #20
hi, I've got a few no go commands:
13-Router(config)#ip nat inside source list 1
FastEthernet0/0 overload
14-Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255
15-Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
My data LAN is working and still working my IP phones network.
below is my current config:
doctor#show running-config
Building configuration...
Current configuration : 1298 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service password-recovery
!
hostname doctor
!
enable secret 5 $1$onCF$bXXZzqBJaSleZtuz1smDC/
enable password xxxx
!
ip subnet-zero
!
!
!
ip dhcp pool 9
network 192.168.8.0 255.255.255.0
default-router 192.168.8.1
!
!
!
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.
ip nat outside
no ip mroute-cache
speed auto
half-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/0
ip address 192.168.8.1 255.255.255.0
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
ip classless
ip http server
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password xxxx
login
!
end
13-Router(config)#ip nat inside source list 1
FastEthernet0/0 overload
14-Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255
15-Router(config)#access-list 1 permit 192.168.8.0 0.0.0.255
My data LAN is working and still working my IP phones network.
below is my current config:
doctor#show running-config
Building configuration...
Current configuration : 1298 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service password-recovery
!
hostname doctor
!
enable secret 5 $1$onCF$bXXZzqBJaSleZtuz1smDC/
enable password xxxx
!
ip subnet-zero
!
!
!
ip dhcp pool 9
network 192.168.8.0 255.255.255.0
default-router 192.168.8.1
!
!
!
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.
ip nat outside
no ip mroute-cache
speed auto
half-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/0
ip address 192.168.8.1 255.255.255.0
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
ip classless
ip http server
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password xxxx
login
!
end
- Status