Hi, thank you so much! Very helpful. Just a couple of things:

- ip route 0.0.0.0 0.0.0.0 1.1.1.2

Why the 0's? Shouldn't it be just my DG provided by ISP? So in my particular case: ip route [DG IP address]

- Should NAT be configured on the WAN port? I want to allow clients to access the internet but also allow users to access devices (such as webservers) on my network.

On the previous router we built-in a VPN and then reserved it for a specific interface port, is that possible here? So let's say for example LAN port #3.  One of our clients has a similar setup iirc, in which they have a VPN built and within that VPN they also have the portfast protocol active. This is basically the reason we bought the router in the first place. The Android mediaplayers need to access this VPN but need portfast to do so. Can I keep it on L2 and still built the VPN and portfast?

Hi there,

• The zeroes are there in the command because the syntax for adding a route is like this:

ip route <destination address> <subnet mask> <gateway>

Since this route is for internet access, we use 0.0.0.0 for both destination address and subnet mask.

• Yes NAT is configured on the WAN port. You want to translate your private IP addresses (192.168.1.X) to the publicly routable address (1.1.1.1) so that your LAN devices can communicate out on the Internet.

• I realize you are connected to your ISP router. Sometimes they give you a private IP to use, and not a public one and then they do the NAT. In this case, you wouldn't need to configure NAT. If you don't know how to determine if your given WAN IP is private or public, just let me know what the first two octets are and I'll tell you.

• I'm still not clear on what you're referring to. Can you provide more detail? What is the Android media player VPN'ing into?

Regards,

Tim

Please don't forget to rate useful posts and mark answers as correct.

Good to know, really you are helping me a great deal here!

- So destination and subnet I can leave just at zeroes, only the DG needs adjusting. How about DNS? Our ISP is providing us with a DNS, where to put that in and how?

- Well technically our new Cisco router will be connected to their modem (fiber modem, which turns the incoming light signal into an usable internet signal for us). IP starts with 87.213. This is a public IP I thought. So NAT necessary?

- Sure! Here is the thing:

We have mediaplayers that are running on Android. We need to connect these devices to a server outside of our network (this server is just basically in another city). This server is very well secured by one of the biggest ISP in the country. Only way to reach it is VPN. On our old router I just had to built in a VPN to the server and connect the computers on that. Problem was while there were no problems with our Windows machine being able to make the connection, these Android mediaplayers were a different story. 

The default gateway was always on 0.0.0.0, no matter what we tried. Eventually we found out that one of your partners had the same exact problem. The Android players were just not able to make the connection and once portfast was configured the connection worked. This happened with several other partners/clients as well and was resolved in the same manner. So we need to do this as well.

What I basically want is configure a VPN connection to the server and assign in to a single interface port on the router. So just the clients on that int port are able to make the connection. This should be possible and does not seem that hard, even for me. The thing I am still struggling is that I need to have portfast configured as well on that same port. As far as I know something like this should be possible.

• Yes only DG needs adjusting
• Your router doesn't need DNS to function, but if you really want you could assign one using: ip name-server <DNS server>. Where it's important is in the DHCP scope. You can use their DNS servers in the dns-server command, or just stick with Google's.
• NAT necessary
• The VPN thing doesn't make sense to me from a networking perspective - I may be missing context. If your Android media players need to connect to a server out on the Internet via a VPN, then they need a VPN client which they can use to connect to the VPN server. There's nothing to do on the router for that. The only reason why you might configure a VPN on the router is if you needed a site-to-site VPN tunnel that peered with this provider.
• Portfast is used to tell the port it is configured on to skip the STP listening and learning phase. It doesn't provide any special network functionality other than removing an initial wait time while STP checks for loops. Regardless, it doesn't hurt to configure it anyways, you can configure portfast on the LAN interface with: spanning-tree portfast 
• I recommend also configuring spanning-tree bpduguard enable on the same port with Portfast as a safeguard against loops.
  
  

Hope this helps!

Regards,

Tim

A hero you are! This helped me greatly, first thing I'm going to do in the morning is set it up. Hopefully it will all work. Really encouraging to go and start taking some classes. I mostly work with GUI's so this is very new stuff. The manual said that once I opened the browser and surfed to the router's IP the Cisco CP software would run. But it did not, just a very basic CLI in webform really. Nothing else.

Happy to help!

If you want to learn more about getting into Cisco networking, you can go to: http://www.internetworkingcareer.com

Hopefully something in there will be helpful to you.

By the way, from Privileged EXEC mode, you can use the dir command to check the file system. If you don't see Cisco CP software on there, then your router doesn't have it which is why you only see the basic web form. You can get CP by downloading from Cisco and uploading it to your router, however it's better just to learn the CLI ;)

Regards,

Tim

Hi, 

Your help has been very useful. I decided to go with the CLI, still learning but it's going great.

I managed to configure the WAN port correctly. The default Vlan1 is assigned to interface port FE0 (this is also where I can configure the router via CLI). When connected to this interface I can browse the internet, but only after manually assigning myself a  DNS (like Google's). This default config. does not assign DNS for some reason.

I made another Vlan (Vlan 2) and configured DHCP on it like you said. Used google's DNS servers on the LAN side. This one DOES assign DNS Ip's as it should. Problem is that I don't have a working internet connection on this interface port/vlan. I'm guessing it is because I should enable NAT (correct me if I'm wrong). But how do I do this?

Do I also have to enable NAT to let other devices outside my network reach my servers inside my network? Does this NAT require a different kind of configuration? Or is this PAT I'm thinking of? On my old router we had port forwarding, for example: port 80 was for server [ip address], how do I configure it in the CLI?

Other things:

- Is there an easy to understand manual on how to setup VPN? It's an site-to-site VPN. IPSec. Can I assign the VPN to only one interface port?