cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3319
Views
0
Helpful
10
Replies

configuring cisco router as CPE

Hi all 

we are changing our internet service, the provider is requiring a Cisco 4351 router and they will provide us with 2 sets of public IPs

first set is /30 will be used for the WAN    lets say xx.xx.xx.xx/30

second set will be /26 for our LAN use     lets say yy.yy.yy.yy/26

both are public 

correct me if am wrong about what i need to do on the router

 

define the yy.yy.yy.yy/26 subnet 

set the WAN port with xx.xx.xx.xx first IP

set default route 0.0.0.0 to use the xx.xx.xx.xx second IP 

set the DNS

 

also my LAN port will be connected to my firewall where all the public IPs are used and configured so i will need the LAN port to bypass the LAN subnet to the firewall, do i have to do secondary IPs?

i know it should be an easy job but its critical and i wan to make sure i am ready to switch with no down time 

 

thanks

 

 

1 Accepted Solution

Accepted Solutions

Now I understand your concern.
answer is , your isp router has to point to your wan IP address for /26 net.
ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

on your lan interface
int gi0/0/1
desc LAN interface
ip address y.y.y.y 255.255.255.192
no shut

and on global
Ip route 0.0.0.0 0.0.0.0 your-isp-wan-address

on firewall
ip route 0.0.0. 0.0.0.0 your-Isr-lan-address

just make sure your isp router has a static route for /26 pointing to your Isr-wan-address

View solution in original post

10 Replies 10

rais
Level 7
Level 7

Usually 1st IP of a /30 is for ISP itself. So CPE should be the 2nd IP. 

You can simply put a route for /26 on CPE with next-hop to the FW-LAN-IP - no secondary IPs required.
HTH.

thanks for the reply :)

 

i didnt understand the last part, so the /26 is public too but its going to be used after the router by the firewall 

the port facing the firewall should bypass all the /26 IPs to it 

thanks

 

Simon Ko
Level 1
Level 1

I think what you are doing is splitting two network on two devices.

/30 will go to WAN port and /26 will go to the Firewall.

But, if your firewall's external interface has the /26 address configured, you have to use one of /26 address for ISR's LAN interface.

If your firewall has dmz configured as /26 address. you can use private address between firewall's external interface and ISR's LAN interface.

You just have to point 0.0.0.0 route on firewall to ISR's LAN address and ISR's /26 network point to Firewall's external address.

Hope this make sense.

 

thanks again for reply 

 

what am doing is this:

 

firewall has interfaces that uses the public set /26 so what i understand now is this

interface on firewall facing cisco router is part of /26 subnet 

0.0.0.0 route is set on cisco using the router  WAN as GW

 

 

my question is: what do i need to do to define the /26 subnet on cisco router ?

 

if you can write the commands needed for all this setup i appreciate :)

 

Now I understand your concern.

answer is , your isp router has to point to your wan IP address for /26 net.

ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

 

on your lan interface

int gi0/0/1

desc LAN interface

ip address y.y.y.y 255.255.255.192

no shut

 

and on global

 Ip route 0.0.0.0 0.0.0.0 your-isp-wan-address

 

on firewall

ip route 0.0.0. 0.0.0.0 your-Isr-lan-address

 

just make sure your isp router has a static route for /26 pointing to your Isr-wan-address

Now I understand your concern.
answer is , your isp router has to point to your wan IP address for /26 net.
ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

on your lan interface
int gi0/0/1
desc LAN interface
ip address y.y.y.y 255.255.255.192
no shut

and on global
Ip route 0.0.0.0 0.0.0.0 your-isp-wan-address

on firewall
ip route 0.0.0. 0.0.0.0 your-Isr-lan-address

just make sure your isp router has a static route for /26 pointing to your Isr-wan-address

great!

thanks a lot!

 

 
 

one last question 

by this command 

ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

 

x.x.x.x is the subnet address not single IP, no?

 

 

Simon

i think i mad a mistake

 

 

when you said 

your isp router has to point to your wan IP address for /26 net.
ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

you meant on the ISP not on the CPE router

yes?

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: