11-28-2012 10:50 AM - edited 03-03-2019 06:51 AM
Hi
I hope someone can confirm my plan.
We have been asked to setup a small isp for a block of flats the config we are thinking is below. My question is what is the best way to share the external ip addresses with the different flats and routers the end users will have.
100Mb link Ethernet = cisco layer 3 switch= cisco layer 2 switch= end user router
I'm planing on subnetting the ip range from our isp into smaller parts then setting up Vlans for each customer and routing the traffic out via the layer 3 switch.
Am I on the right path with this design?
Many thanks
Sent from Cisco Technical Support iPad App
11-29-2012 11:21 PM
since it is going to be like an sip network/multi tenant solution provider then you need to virtualize and separate the internal private networks using vlans in l2 and vrfs in l3 per private lan
at the internet edge router you implement something called vrf-aware NAT to support and provide a shred internet ip/liink to multiple vrfs/customers
if separation not required you may use multiple vlans and inter VLAN routing with NAT on the internet edge for traffic sourced from all the internal
hope this help
if helpful rate
Sent from Cisco Technical Support iPad App
11-30-2012 01:22 AM
Hi Marwanshawi,
Thanks for the reply.
Separation is not required Im just looking for a way to share external IP range with different customers on site but being able to control how many IP address they can have. Example
If I have a block of IP xxx.xxx.xxx.1 / 29 from my ISP I want to be able to chop this up and give customer A xxx.xxx.xxx.1 to xxx.xxx.xxx.5 for example and customer B xxx.xxx.xxx.6 to xxx.xxx.xxx.7. How ever i want to stop Customer A from getting addresses outside of his/her assignment with out being wasteful with ip addresses
I hope I have explained this correctly
11-30-2012 10:28 AM
In this case no need for vrf, simply use policy nating with PAT where you create acl, route map and pool of public/outside ip per customer then create a nat/par statement per customer matching the relevant acl/route map as the source and using the desired nat-pool
Using the overload keyword will make it a pat where you can provide hosts internet even if they exceed the maxim IPs in the relevant nat-pool using port translation
This is per customer and you can search fir policy nat with acl or route map for more detailed configuration but in terms of deign this is how it works
Hope this help
If helpful rate
Sent from Cisco Technical Support iPhone App
11-30-2012 11:47 AM
Is this not double natting as the customer will be doing nat for there private LAN behind there on routers.
Cheers
Sent from Cisco Technical Support iPad App
11-30-2012 05:18 PM
eve though there is no problem in it
Unless this is something not supported by a client application for example
But in general they can perform their own nat and you do your nat in your end
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide