Ah...let me make this clearer. Here's my usual configuration:
ISP Service - with Single Static IP address for our use
incoming service at point of entry in facility to:
ISP provided non-routing cable modem/bridge
ethernet connection to:
Our Cisco 2951 router
1 Port is configured as the WAN port with information from the ISP to provide internet access
1 (or 2 remaining ports) are configured as the LAN port(s) with NAT'd addresses.
DHCP is activated on LAN port to hand out the IP addresses.
LAN port is configured for a single, class c subnet like 192.168.x.x. The first 40 addresses are excluded, to be available for static assignment on the LAN and the remaining addresses are available for DHCP assignment.
In this scenario though, the facility didn't bring a separate line to go directly to our router. This is the path in this scenario. Equipment and connections not wanted are in italic
ISP Service providing service with 40 public IP addresses.
incoming service to the facility's Point of Entry
ISP non routing modem/bridge
Ethernet connection to:
Facility Router. Configured to allow internet access - I have no information on the configuration. Also configured as DHCP server to provide 30 of the 40 public via DHCP. 10 IP addresses were excluded from the range for me to use as public static IP addresses on our router
Ethernet connection to:
Facility Catalyst Switch (all ports configured to deliver addresses to clients configured for DHCP)
Ethernet connection to:
Our Cisco 2951 router
1 Port is configured as the WAN port with information from the ISP to provide internet access
1 (or 2 remaining ports) are configured as the LAN port(s) with NAT'd addresses.
DHCP is activated on LAN port to hand out the IP addresses.
LAN port is configured for a single, class c subnet like 192.168.x.x
In this scenario, we're experiencing several strange issues:
Client devices won't pull an address via DHCP
Some clients which did pick up valid IP addresses were unable to connect to the internet, unable to ping my router's WAN address, the ISP gateway, the ISP DNS servers.
For clients that did have full internet connectivity, there was a wild variance on the speed they would get for internet access. Sometimes up to 450 (the full speed of the ISP) down to as low as 3mbps.
In the case of the 3mbps, we discovered that a local network engineer had connected an older Cisco AP unit to the same network in the building next door. The AP picked up one of the public addresses from the Facility's service which had the ISP Public addresses configured as available to DHCP. After this unit was connected to the network, is when clients connected to my 2951 router started show internet speed tests of 3mbps.
Finally, I disconnected my router entirely from the Facility Catalyst switch. I connected my PC directly to the Catalyst switch. The PC picked up one of the available public IP addresses via DHCP and had internet access. However, speed tests showed only 3mbps download speed.
Requested the facility network engineer to segment the network to block our traffic from the rest of the network, giving us a clean pipe directly to the internet. For some reason they're unable to do this.
So...that puts the situation where it is now - attempting to configure the WAN port on my router to communicate only with the Gateway address and block traffic from the rest of the public addresses being used by the Facility.
As you can tell from my description, this is somewhere I haven't had to go before in our configurations. In addition to the above, the 10 public IP addresses given for my use from the facility sit in the very middle of the full range of the public IP addresses, not at the beginning or the end of the range.
