cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1767
Views
0
Helpful
13
Replies

3825 Setup DHCP and Nat

jtothemak
Beginner
Beginner

Looking for help on on how to setup a 3825 router connecting to an isp via metro ethernet.  The public ip pool given to me by the ISP is a /26.  I would like to have my network equipment(10 3550-48 switches) on public ips and then my end users(workstations plugged into 3550 switches) on a natted .10 network directed to my isp for internet access. 

13 Replies 13

paolo bevilacqua
Hall of Fame
Hall of Fame

Wrong forum, post in "WAN and routing". You can move your posting with the Actions panel on the right.

Thanks, I moved it.  Now just need some help on a solution.

Here is the config I have so far.  I will be doing a vlan per building, with each building on there own ip block via dhcp.  Can someone please let me know if I am making an errors.  Also for the vlan sub interfaces do I need ip nat inside?  I decided to use static nat for remote access to my 3550 switches. 

hostname HueRouter

!

ip subnet-zero

!

ip dhcp excluded-address 10.0.0.1 10.0.0.50

!

ip dhcp pool hue

  network 10.0.0.0 255.0.0.0

  dns-server 8.8.8.8 8.8.4.4

  default-router 10.0.0.1

!

interface FastEthernet0

ip address 10.0.0.1 255.0.0.0

no ip directed-broadcast

ip nat inside

no ip mroute-cache

!

interface FastEthernet0/0.10

description Building 1

encapsulation dot1Q 10

ip address 10.10.1.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.20

description  Building 2

encapsulation dot1Q 20

ip address 10.10.2.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.30

description  Building 3

encapsulation dot1Q 40

ip address 10.10.3.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.40

description  Building 4

encapsulation dot1Q 40

ip address 10.10.4.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.50

description  Building 5

encapsulation dot1Q 50

ip address 10.10.5.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.60

description  Building 6

encapsulation dot1Q 60

ip address 10.10.6.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.70

description  Building 7

encapsulation dot1Q 70

ip address 10.10.7.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.80

description  Building 8

encapsulation dot1Q 80

ip address 10.10.8.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.90

description  Building 9

encapsulation dot1Q 90

ip address 10.10.9.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.100

description  Building 10

encapsulation dot1Q 100

ip address 10.10.10.0 255.255.255.0

no snmp trap link-status

!

interface FastEthernet1

ip address 1.1.1.1 255.255.255.128

no ip directed-broadcast

ip nat outside

!

ip nat inside source static 10.0.0.2 1.1.1.3

ip nat inside source static 10.0.0.3 1.1.1.4

ip nat inside source static 10.0.0.4 1.1.1.5

ip nat inside source static 10.0.0.5 1.1.1.6

ip nat inside source static 10.0.0.6 1.1.1.7

ip nat inside source static 10.0.0.7 1.1.1.8

ip nat inside source static 10.0.0.8 1.1.1.9

ip nat inside source static 10.0.0.9 1.1.1.10

ip nat inside source static 10.0.0.10 1.1.1.11

ip nat inside source static 10.0.0.11 1.1.1.12

ip nat inside source list 1 interface FastEthernet1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet1

no ip http server

!

access-list 1 permit 10.0.0.0 0.255.255.255

!

line vty 0 15

password password_here

enable secret password_here

service password-enc

You will need 'ip nat inside' on the internal interfaces.

Thank you,  I was thinking the sub interfaces needed but was unsure.  Anything else that needs attention? 

Everything else looks fine, I have two comments though. If possible I would use the actual IP address for the ISP gateway in your default route rather than the interface. You can also think about using static PAT rather than opening up every port to those hosts.

Have you actually got this configuration on a router? I would think that a Cisco router would not accept this on a main interface ip address 10.0.0.1 255.0.0.0 and this on a subinterface ip address 10.10.1.0 255.255.255.0 because of the overlapping address assignments.

Also I am not sure that you could have these 10 subnets all using the same pool of the /8 address. I would wonder if you will not need 10 individual pools configured.

If you do have it configured and it does work then please post back to the forum confirming that it does work.

HTH

Rick

HTH

Rick

It is not a running config yet.  I will not have access to the gear till the day it is deployed which is what is making me nervous and cutting over a live system.

I ran a simulator GNS3 and was able to give it 10.10.1.1 255.255.255.0 on the sub interface with 10.0.0.1 255.0.0.0 and it let it.  As soon as did a no shut it gave me an overlap.  

I will make a pool for vLAN1 and a seperate pool for each other VLAN. 

Any other issues?  Do I have routing done correctly?