Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4620
Views
0
Helpful
10
Replies

configuring cisco router as CPE

Go to solution
SaifAlmodares8882
Level 1
Level 1

‎05-07-2019 12:17 PM

Hi all 

we are changing our internet service, the provider is requiring a Cisco 4351 router and they will provide us with 2 sets of public IPs

first set is /30 will be used for the WAN    lets say xx.xx.xx.xx/30

second set will be /26 for our LAN use     lets say yy.yy.yy.yy/26

both are public 

correct me if am wrong about what i need to do on the router

 

define the yy.yy.yy.yy/26 subnet 

set the WAN port with xx.xx.xx.xx first IP

set default route 0.0.0.0 to use the xx.xx.xx.xx second IP 

set the DNS

 

also my LAN port will be connected to my firewall where all the public IPs are used and configured so i will need the LAN port to bypass the LAN subnet to the firewall, do i have to do secondary IPs?

i know it should be an easy job but its critical and i wan to make sure i am ready to switch with no down time 

 

thanks

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Simon Ko
Level 1
Level 1
In response to SaifAlmodares8882

‎05-07-2019 03:37 PM

Now I understand your concern.
answer is , your isp router has to point to your wan IP address for /26 net.
ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

on your lan interface
int gi0/0/1
desc LAN interface
ip address y.y.y.y 255.255.255.192
no shut

and on global
Ip route 0.0.0.0 0.0.0.0 your-isp-wan-address

on firewall
ip route 0.0.0. 0.0.0.0 your-Isr-lan-address

just make sure your isp router has a static route for /26 pointing to your Isr-wan-address

View solution in original post

0 Helpful
10 Replies 10

Go to solution
rais
Level 7
Level 7

‎05-07-2019 12:34 PM

Usually 1st IP of a /30 is for ISP itself. So CPE should be the 2nd IP. 

You can simply put a route for /26 on CPE with next-hop to the FW-LAN-IP - no secondary IPs required.
HTH.

0 Helpful

Go to solution
SaifAlmodares8882
Level 1
Level 1
In response to rais

‎05-07-2019 01:01 PM

thanks for the reply :)

 

i didnt understand the last part, so the /26 is public too but its going to be used after the router by the firewall 

the port facing the firewall should bypass all the /26 IPs to it 

thanks

 

0 Helpful

Go to solution
Simon Ko
Level 1
Level 1

‎05-07-2019 01:51 PM

I think what you are doing is splitting two network on two devices.

/30 will go to WAN port and /26 will go to the Firewall.

But, if your firewall's external interface has the /26 address configured, you have to use one of /26 address for ISR's LAN interface.

If your firewall has dmz configured as /26 address. you can use private address between firewall's external interface and ISR's LAN interface.

You just have to point 0.0.0.0 route on firewall to ISR's LAN address and ISR's /26 network point to Firewall's external address.

Hope this make sense.

 

0 Helpful

Go to solution
SaifAlmodares8882
Level 1
Level 1
In response to Simon Ko

‎05-07-2019 02:29 PM

thanks again for reply 

 

what am doing is this:

 

firewall has interfaces that uses the public set /26 so what i understand now is this

interface on firewall facing cisco router is part of /26 subnet 

0.0.0.0 route is set on cisco using the router  WAN as GW

 

 

my question is: what do i need to do to define the /26 subnet on cisco router ?

 

if you can write the commands needed for all this setup i appreciate :)

 

0 Helpful

Go to solution
Simon Ko
Level 1
Level 1
In response to SaifAlmodares8882

‎05-07-2019 03:33 PM

Now I understand your concern.

answer is , your isp router has to point to your wan IP address for /26 net.

ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

 

on your lan interface

int gi0/0/1

desc LAN interface

ip address y.y.y.y 255.255.255.192

no shut

 

and on global

 Ip route 0.0.0.0 0.0.0.0 your-isp-wan-address

 

on firewall

ip route 0.0.0. 0.0.0.0 your-Isr-lan-address

 

just make sure your isp router has a static route for /26 pointing to your Isr-wan-address

0 Helpful

Go to solution
Simon Ko
Level 1
Level 1
In response to SaifAlmodares8882

‎05-07-2019 03:37 PM

Now I understand your concern.
answer is , your isp router has to point to your wan IP address for /26 net.
ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

on your lan interface
int gi0/0/1
desc LAN interface
ip address y.y.y.y 255.255.255.192
no shut

and on global
Ip route 0.0.0.0 0.0.0.0 your-isp-wan-address

on firewall
ip route 0.0.0. 0.0.0.0 your-Isr-lan-address

just make sure your isp router has a static route for /26 pointing to your Isr-wan-address
0 Helpful

Go to solution
SaifAlmodares8882
Level 1
Level 1
In response to Simon Ko

‎05-07-2019 03:53 PM

great!

thanks a lot!

 

 
 
0 Helpful

Go to solution
SaifAlmodares8882
Level 1
Level 1
In response to Simon Ko

‎05-07-2019 04:01 PM

one last question 

by this command 

ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

 

x.x.x.x is the subnet address not single IP, no?

0 Helpful

Go to solution
SaifAlmodares8882
Level 1
Level 1
In response to Simon Ko

‎05-07-2019 05:21 PM - edited ‎05-07-2019 05:58 PM

 

 

0 Helpful

Go to solution
SaifAlmodares8882
Level 1
Level 1
In response to Simon Ko

‎05-24-2019 12:28 PM

Simon

i think i mad a mistake

 

 

when you said 

your isp router has to point to your wan IP address for /26 net.
ip route x.x.x.x 255.255.255.192 your-Isr-wan-address

you meant on the ISP not on the CPE router

yes?

 

0 Helpful
Customers Also Viewed These Support Documents