11-14-2010 10:14 PM - edited 03-04-2019 10:27 AM
Running a Cisco 857W on ADSL with 8 static IP addresses (7 sequential: 11.22.33.166-172 and also 11.22.33.99). I need to do a combination of static and dynamic NAT to accomplish my goals here. What I cannot figure out is where to apply certain settings. BVI1 should be the internal NAT, correct? That seems fine, but what IP address do I assign for ATM0, which would be the outside nat? Or do I have it all wrong?
Example static NATs:
ip nat inside source static 192.168.16.100 11.22.33.166
ip nat inside source static 192.168.16.101 11.22.33.167
ip nat inside source static 192.168.16.102 11.22.33.168
Dynamic NAT needs to route 11.22.33.99 WAN IP to every other address in the 192.168.16.0/24 block. Posted below is my current working configuration, with pure RFC-1483 bridging and DHCP handled by the router. Thanks for your help!
Router#show run
Building configuration...
Current configuration : 1442 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
clock timezone PST -8
clock summer-time PDT recurring
no ip routing
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.16.1 192.168.16.200
ip dhcp excluded-address 192.168.16.241 192.168.16.255
!
ip dhcp pool DHCPPOOL
network 192.168.16.0 255.255.255.0
dns-server 192.168.16.100
default-router 192.168.16.100
!
!
no ip cef
!
!
!
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
ip virtual-reassembly
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.16.1 255.255.255.0
ip virtual-reassembly
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end
11-14-2010 11:38 PM
You figure that BVI 1 should be internal , that is correct. For your external interface, if you have a external IP address , this should be configure on Dialer 0 interface.Do a no shut on your ATM 0 interface, this should bring up your Dialer 0 interface. Define some access list define for NAT and add some routing which I see is lacking in your config statement.I have a working example for your reference as to how a working config might look like:
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
!
encryption vlan 1 key 1 size 128bit 0 ?????????????? transmit-key
encryption vlan 1 mode wep mandatory
ssid ??????
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
ip address 11.22.33.99 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username username@yourisp.com password ????
interface Vlan1
no ip address
bridge-group 1
interface BVI1
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip nat inside source list nat-list interface Dialer0 overload
ip nat inside source static 192.168.16.100 11.22.33.166
ip nat inside source static 192.168.16.101 11.22.33.167
ip nat inside source static 192.168.16.102 11.22.33.168
ip access-list extended nat-list
permit ip 192.168.16.0 0.0.0.255 any
ip route 0.0.0.0 0.0.0.0 Dialer 0
dialer-list 1 protocol ip permit
11-15-2010 09:17 AM
Thank you for taking the time to reply.
Therein lies the confusion! Why would i need a Dialer interface when I'm not using ppp? My ADSL is a pure RFC1483 bridge. So then would I assign the outside NAT and IP address directly to the ATM interface? And if so, how do I account for the 8 static IP addresses coming across my bridge? Can I assign more than one IP address to the ATM interface?
Thanks again for your help.
11-15-2010 04:15 PM
See if this link will help: http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_example09186a0080093e50.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide