Help configuring a Cisco 891 for Broadband and NAT.

GCannell · ‎03-03-2019

I’m in the process of setting up my new Cisco 891 Router for connection to the internet via BT Infinity Broadband. I’m also very new to the Cisco configuration command set and have pieced together what I feel is a workable solution from examples I’ve been reading from the forum and various articles on-line.

Before entering my configuration, I would be very grateful if one of you experts out there cold tell me if what I’ve put together is correct given what I’m trying to achieve.

My requirement are as follows:

I would like to allow computers on my internal 192.168.1 network to connect to the internet in the usual way.

I would like the Cisco router to handle my 192.168.1 DHCP Pool.

I have 3 static IP addresses provided by my ISP of which two of them will be mapped to 192.168.1 addresses on my internal network. These two addresses will by used to remotely access security cameras on port 8000. In my mock up config these are the 217.40.174.221 and 217.40.174.222 addresses.

I would like to use my third public address 217.40.174.223 80 in my example to permit outside traffic though to my internal mail server.

That’s about it and thank you in advance for any help you can provide.

Here's my mock up configuration

-----------------------------------------------------------

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

ip dhcp excluded-address 192.168.1.1 192.168.1.10

ip dhcp pool vlan1pool

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns-server 213.120.234.70

interface FastEthernet0

no ip address

shutdown

duplex auto

speed auto

interface GigabitEthernet0

no ip address

interface GigabitEthernet1

no ip address

interface GigabitEthernet2

no ip address

interface GigabitEthernet3

no ip address

interface GigabitEthernet4

no ip address

interface GigabitEthernet5

no ip address

interface GigabitEthernet6

no ip address

interface GigabitEthernet7

no ip address

interface GigabitEthernet8

description ### WAN interface ###

no ip address

ip nat outside

pppoe enable group global

pppoe-client dial-pool-number 1

no shutdown

interface Vlan 1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

interface dialer 1

ip address negotiated

ip mtu 1492

encapsulation ppp

ppp authentication chap

dialer pool 1

dialer-group 1

ppp chap hostname click@bt.com

ppp chap password 0 btclick@bt.com

ppp sent-usrername btclick@bt.com password 0 btclick@bt.com

ip nat inside source list 1 interface dialer 1 overload

ip nat inside source static udp 192.168.1.41 8000 217.40.174.221 8000 extendable

ip nat inside source static udp 192.168.1.42 8000 217.40.174.222 8000 extendable

ip nat inside source static tcp 192.168.1.43 80 217.40.174.223 80 extendable

ip route 0.0.0.0 0.0.0.0 Dialer 1

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit tcp any any established

Jaderson Pessoa · ‎03-03-2019

All other configurations are correctly. Just nat configuration need adjust. Set command below under dialer interface.

ip nat outside

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

ip dhcp excluded-address 192.168.1.1 192.168.1.10

ip dhcp pool vlan1pool

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns-server 213.120.234.70

interface FastEthernet0

no ip address

shutdown

duplex auto

speed auto

interface GigabitEthernet0

no ip address

interface GigabitEthernet1

no ip address

interface GigabitEthernet2

no ip address

interface GigabitEthernet3

no ip address

interface GigabitEthernet4

no ip address

interface GigabitEthernet5

no ip address

interface GigabitEthernet6

no ip address

interface GigabitEthernet7

no ip address

interface GigabitEthernet8

description ### WAN interface ###

no ip address

ip nat outside

pppoe enable group global

pppoe-client dial-pool-number 1

no shutdown

interface Vlan 1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

interface dialer 1

ip nat outside

ip address negotiated

ip mtu 1492

encapsulation ppp

ppp authentication chap

dialer pool 1

dialer-group 1

ppp chap hostname click@bt.com

ppp chap password 0 btclick@bt.com

ppp sent-usrername btclick@bt.com password 0 btclick@bt.com

ip nat inside source list 1 interface dialer 1 overload

ip nat inside source static udp 192.168.1.41 8000 217.40.174.221 8000 extendable

ip nat inside source static udp 192.168.1.42 8000 217.40.174.222 8000 extendable

ip nat inside source static tcp 192.168.1.43 80 217.40.174.223 80 extendable

ip route 0.0.0.0 0.0.0.0 Dialer 1

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit tcp any any established

Jaderson Pessoa
*** Rate All Helpful Responses ***

Georg Pauwen · ‎03-03-2019

Hello,

on a side note, if you got three static IP addresses (for which you have probably paid) you might as well configure one of them on the dialer interface:

interface dialer 1

ip address 217.40.174.221 x.x.x.x

GCannell · ‎03-04-2019

Thanks guys,
I really appreciate these points you've made.