01-29-2013 11:40 PM - edited 03-04-2019 06:53 PM
Hello Guys,
I am having new cisco 2901 router...
How can i connect and confiugre internet for my network end users?
Please help me with required documents and configuration notes..!
thanks
Amit
01-30-2013 12:26 AM
Hi
What exactly do you have problem with?
Here is some example of basic configuration:
https://supportforums.cisco.com/thread/2180688
01-30-2013 12:40 AM
Thanks for your reply dear..
Actually i am new for this setup. I have purchased new 2901 router and purchased one internet line from ISP.
can you tell me how can i connect my internal users to internet with use of this ISP line and router 2901?
I have ISP line details and my internal lan ip details.
Thanks and Regard's
Amit Sharma
01-30-2013 12:57 AM
This looks ok...
ip dhcp pool LAN_POOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server ???
lease 0 8
spanning-tree vlan 10 priority 4096
interface FastEthernet0
description LAN
switchport access vlan 10
interface FastEthernet1
description LAN
switchport access vlan 10
interface FastEthernet2
description LAN
switchport access vlan 10
interface FastEthernet3
description LAN
switchport access vlan 10
interface FastEthernet4
description INTERNET
ip address 197.255.52.91 255.255.255.252
ip nat outside
interface Vlan10
description LAN
ip address 192.168.1.1 255.255.255.0
ip verify unicast reverse-path
ip nat inside
! default route
ip route 0.0.0.0 0.0.0.0 197.255.52.87
! deny RFC1918
ip route 10.0.0.0 255.0.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
! NAT
ip nat inside source list LAN_NAT_POLICY interface FastEthernet4 overload
ip access-list extended LAN_NAT_POLICY
deny ip 192.168.1.0 0.255.255.255 192.168.1.0 0.255.255.255
permit ip 192.168.1.0 0.255.255.255 any
!
!
!
!
!
what is use of these commands:?
ip route 10.0.0.0 255.0.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
why use in nat these 2 commands:?
p access-list extended LAN_NAT_POLICY
deny ip 192.168.1.0 0.255.255.255 192.168.1.0 0.255.255.255
why putting first deny command?
permit ip 192.168.1.0 0.255.255.255 any
this is ok for permit this range to net....!
Thanks and Regard's
Amit Sharma
01-30-2013 01:27 AM
Hi Amit
what is use of these commands:?ip route 10.0.0.0 255.0.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
These commands are used to disable to route packets with private IPs in dst field of IPv4 header to internet. Also you should add ACL on WAN interface to deny packets with private IPs in src field of IPv4 header.
ip access-list extended BLOCK_PRIVATE_IPv4
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
intterface G0/0
ip access-group BLOCK_PRIVATE_IPv4 out
You probably use default route toward the ISP so everything will be routed to internet. You should make sure that any packet with private IP in src or dst field will be routed to internet.
why use in nat these 2 commands:?
p access-list extended LAN_NAT_POLICY
deny ip 192.168.1.0 0.255.255.255 192.168.1.0 0.255.255.255
why putting first deny command?
permit ip 192.168.1.0 0.255.255.255 any
this is ok for permit this range to net....!
You need to NAT your LAN when you want to access some internet servers. This access list ensure that only interesting traffic will be NATed. Actually ACL should look like this:
ip access-list extended LAN_NAT_POLICYdeny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 deny ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
This ACL ensure that any traffic destinated to private IPs will not be NATed, than LAN will be NATed and everything else will not.
Also I noticed that wild card masks were not correct at link I provided for you, probably some copy&paste error.
01-30-2013 01:38 AM
thanks dear..>!
i got your point...i was in confusion with same ip in deny command...!
Thanks and Regard's
Amit Sharma
01-30-2013 01:38 AM
is deny command correct with same ip ?
Thanks and Regard's
Amit Sharma
01-30-2013 01:41 AM
Dear.
one thing that if i transfer my whole internal range ip to internet what nat configuration need for this 2901 router?
Thanks and Regard's
Amit Sharma
01-30-2013 02:30 AM
ip access-list extended LAN_NAT_POLICYdeny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 deny ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list LAN_NAT_POLICY interface WAN_IFC/IP_ADDR overload
interface LAN
ip nat inside
interface WAN
ip nat outside
01-30-2013 01:04 AM
Hi
You can find on cisco Site many information about isp connectivit and Network address translation.
About this topic was The link.
What is exactly you problem? Have you done The Basic setup
Interfaces , Addresses, dhcp if needed and routing.
Sent from Cisco Technical Support iPhone App
01-30-2013 01:07 AM
yes dear..!
i have done it..!
thanks for your help!
i will check these all pints and come back with results.
Thanks and Regard's
Amit Sharma
01-09-2014 06:12 AM
Hi Patrick,
sorry for bother you about this, but I need some information about 2901 router.
I requested a new internet link over fiber to my ISP provider, and the technician installed a cisco switch ME 3400 where the fiber is connected, then an ethernet cable connects this switch to the port GE 0/1 of the router 2901 and he told me the new internet link was ip and running.
my question is:
now i have to connect the GE 0/0 port of the router 2901 to another dedicated switch? in this case I have to configure this port with my LAN details?
thanks a lot
alberto tosato
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: