Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1121
Views
2
Helpful
6
Replies

Cisco IOS 17.9.04a multi IP WAN configuration

Go to solution
Slavec
Level 1
Level 1

ā€Ž01-23-2024 11:53 AM - last edited on ā€Ž01-28-2024 09:31 PM by Community Manager

Hi there, I have a cisco 1111X-8P running IOS 17.9.04a. My ISP upgraded me to a PRO fiber connection, basically no more DHCP on WAN interface with one IP, I got a /29 block, so now I'm PRO.

What I want to do;

Say, my IP's are:
.1 network
.2 first hop 
.3 cisco 1111x WAN IP
.4 LAN traffic
.5 XBOX

.8 broadcast network

Now, with my regular NAT setup (below), every client has .3 [cisco] as a wan IP. How can I make my LAN use .4 as their WAN IP and specifically the XBOX, also in LAN use .5 ??

current NAT setup:

ip nat inside source route-map KETENBAAN interface GigabitEthernet0/0/1.1 overload
!
route-map KETENBAAN permit 1
match ip address 161
!
ip access-list extended 161
10 remark alle lans mogen naar buiten
10 remark ------------------------------------------------
10 permit ip 10.0.0.0 0.255.255.255 any
20 remark ------------------------------------------------
20 deny ip 192.168.178.0 0.0.0.255 10.15.161.0 0.0.0.255
30 permit ip 192.0.0.0 0.255.255.255 any
remark ------------------------------------------------

The 192.168 network is a guest network. 

 

Much obliged for any input,

SvdM

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
liviu.gheorghe
VIP
VIP

ā€Ž01-23-2024 01:40 PM - last edited on ā€Ž01-28-2024 09:34 PM by Community Manager

Hello @Slavec ,

one way of doing what you described is as follows:

1. erase the old NAT configuration - disconnect the WAN interface before starting in order to clear NAT translations already on the router

 

ANconf t

no ip nat inside source route-map KETENBAAN interface GigabitEthernet0/0/1.1 overload

no route-map KETENBA

2. define 2 address pools for the 2 NAT translations

conf t

ip nat pool LAN-pool x.x.x.4 prefix-length 24

ip nat pool XBOX-pool x.x.x.5 prefix-length 24

3. reconfigure access-list for LAN NAT - we are going to deny the IP address of the XBOX in order to not having it NATed with the whole LAN

conf t

ip access-list extended 161
5 remark deny IP address of XBOX

5 deny ip host <XBOX IP address> any

4. Configure IP access-list only for XBOX

conf t

ip access-list extended 162

permit ip host <XBOX IP address> any

5. Configure new NAT statements:

ip nat inside source list 161 pool LAN-pool overload

ip nat inside source list 162 pool XBOX-pool overload

If disconnecting the WAN interface is not possible, you can remove the command

ip nat inside

from the LAN interface - this will erase all NAT translations that are in effect on the router giving you the possibility to erase the old NAT commands.

After finishing the reconfiguration, do not forget to put the command

ip nat inside

on the LAN interface.

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

6 Replies 6

Go to solution
liviu.gheorghe
VIP
VIP

ā€Ž01-23-2024 01:40 PM - last edited on ā€Ž01-28-2024 09:34 PM by Community Manager

Hello @Slavec ,

one way of doing what you described is as follows:

1. erase the old NAT configuration - disconnect the WAN interface before starting in order to clear NAT translations already on the router

 

ANconf t

no ip nat inside source route-map KETENBAAN interface GigabitEthernet0/0/1.1 overload

no route-map KETENBA

2. define 2 address pools for the 2 NAT translations

conf t

ip nat pool LAN-pool x.x.x.4 prefix-length 24

ip nat pool XBOX-pool x.x.x.5 prefix-length 24

3. reconfigure access-list for LAN NAT - we are going to deny the IP address of the XBOX in order to not having it NATed with the whole LAN

conf t

ip access-list extended 161
5 remark deny IP address of XBOX

5 deny ip host <XBOX IP address> any

4. Configure IP access-list only for XBOX

conf t

ip access-list extended 162

permit ip host <XBOX IP address> any

5. Configure new NAT statements:

ip nat inside source list 161 pool LAN-pool overload

ip nat inside source list 162 pool XBOX-pool overload

If disconnecting the WAN interface is not possible, you can remove the command

ip nat inside

from the LAN interface - this will erase all NAT translations that are in effect on the router giving you the possibility to erase the old NAT commands.

After finishing the reconfiguration, do not forget to put the command

ip nat inside

on the LAN interface.

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
Slavec
Level 1
Level 1
In response to liviu.gheorghe

ā€Ž01-23-2024 02:41 PM - last edited on ā€Ž01-28-2024 09:35 PM by Community Manager

 

2. define 2 address pools for the 2 NAT translations

conf t

ip nat pool LAN-pool x.x.x.4 prefix-length 24

ip nat pool XBOX-pool x.x.x.5 prefix-length 24

So, my WAN int gi 0/0/1.1

ip address 31.161.18.114 255.255.255.248
ip address 31.161.18.115 255.255.255.255 secondary
ip address 31.161.18.117 255.255.255.255 secondary

(/29 block)

so.. 
ip nat pool LAN-pool 31.161.18.115 prefix-length 29
ip nat pool XBOX-pool 31.161.18.116 prefix-length 29

??

0 Helpful

Go to solution
liviu.gheorghe
VIP
VIP
In response to Slavec

ā€Ž01-23-2024 02:48 PM - last edited on ā€Ž01-28-2024 09:35 PM by Community Manager

You don't need the secondary IP addresses on

 int gi0/0/1.1

Correct config is:

int gi 0/0/1.1

ip address 31.161.18.114 255.255.255.248

I omitted the end address of the pool in the previous config. Correct is:
ip nat pool LAN-pool 31.161.18.115 31.161.18.115 prefix-length 29
ip nat pool XBOX-pool 31.161.18.116 31.161.18.116 prefix-length 29

 

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
Slavec
Level 1
Level 1
In response to liviu.gheorghe

ā€Ž01-23-2024 03:11 PM - last edited on ā€Ž01-28-2024 09:36 PM by Community Manager 

conf t
!
no ip access-list extended 161
ip access-list extended 161
remark XBOX acces denied
remark ------------------------------------------------
deny ip host 10.15.161.42 any
remark alle lans mogen naar buiten
remark ------------------------------------------------
permit ip 10.0.0.0 0.255.255.255 any
remark ------------------------------------------------
!
ip access-list extended 162
remark XBOX acces allowed
remark ------------------------------------------------
permit ip host 10.15.161.42 any
remark ------------------------------------------------
!





gonna test it when everyone sleeps

TIA

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

ā€Ž01-23-2024 02:22 PM - edited ā€Ž01-23-2024 02:44 PM

You have one SP and one WAN interface and more than one public IP?

MHM

0 Helpful

Go to solution
Slavec
Level 1
Level 1
In response to MHM Cisco World

ā€Ž01-23-2024 02:53 PM - last edited on ā€Ž01-28-2024 09:36 PM by Community Manager

Yes, I got a static block a /29 and only one wan interface gi 0/0/0 (shutdown) and active GPON on gi 0/0/1.1 (L2)

ip address 31.161.18.114 255.255.255.248
ip address 31.161.18.115 255.255.255.255 secondary
ip address 31.161.18.117 255.255.255.255 secondary

can do .118 and .119 too, but have no use for it (yet, maybe guest network vlan get their own IP, but is new and heaven for me)

Vlan1 is LAN and XBOX is in same Vlan as the rest of the kids gear and mine (having it in separate vlan creates problems, cuz their apps can't find the PS and XBOX anymore so nag nag nag until fixed. Xbox is mine, but nothing works because all the ports for online play were for the PS and switch with one IP) 

0 Helpful
Customers Also Viewed These Support Documents