05-31-2013 12:28 PM - edited 03-04-2019 08:04 PM
Hi Everyone!
Today I was having a conversation with my Cisco Academy teacher from a few years back, and we couldn't figure this out.
I am getting an internet connection via Verizon FiOS. Instead of giving me an ISR, they're going to just give me an ethernet cable. Here's what I want to do with it.
This cable is going to be plugged into a 1900 series router. Connect to that will be a 48 port switch. Connected to that will be multiple servers to be used for web hosting, email, databases, etc. My ISP is providing me with 13 public addresses, however, it is not my own unique subnet.
Here comes the question; how would I set this up? The way I was originally thinking was to assign one IP to fa0/0, a second to fa0/1, and then assign the fa0/1 address as the default gateways for all the hosts on the inside. But then I realized that it won't let me have the same network on 2 ports.
Thank You!
05-31-2013 01:25 PM
Are there any details that are missing in your question?
You can create your own subnets OR you can use whatever IPs you want on your servers and then NAT them to any public IP in your range.
HTH.
05-31-2013 03:11 PM
Hi.
I was trying to find a way to do this without using private addressing. Tell me if this will work:
As an example, let's say the public addresses I am assigned are 200.0.0.1-200.0.0.13. Would I be able to do this
Edge Router: fa0\0 plugged into FiOS connection, assigned 200.0.0.1. fa0\1 plugged into 48 port switch, 200.0.0.2. Server plugged into switch, configured with 200.0.0.3 as the IP, and 200.0.0.2 as the gateway.
The reason why I am asking is because this does not work on packet tracer, and the error is that the networks overlap.
05-31-2013 04:13 PM
Yes Verizon can give you a router or just a cable. So they are giving you multiple IP's lets say 1.1.1.0/28 so you have like 14 IP's that you can use and one for the gateway ofcourse so 13 that you can use. So here is what you will need to do:
- Connect that cable to the routers fa0/0 and setup the interface with 1.1.1.2 255.255.255.240 IP
- Setup the last resort gateway to the Verizon Gateway like "ip route 0.0.0.0 0.0.0.0 1.1.1.1"
- Now you will setup NAT for your servers that you want to assign public IP's to like, "ip nat inside source static x.x.x.x 1.1.1.3" (where x.x.x.x is the IP of your server
- And then certain you'll need to setup access lists etc.
Here is a quick link
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml
05-31-2013 05:18 PM
Wonderful So x.x.x.x would be a private address? If so, is there a way of setting this up without private addressing?
06-01-2013 06:07 AM
in this topology.......Static NAT is required.....which needs private addressing in the inside.
the router is there to put some security measures also in it............if not......just remove the router terminate thelink into the switch and configure each and every server with the pool of 13 public ip addresses and gateway and dns.........
06-01-2013 10:13 AM
Yes it would be the private address and the right way to do it. You don't want your servers sitting right out on the internet. Not a best practice and not secure.
06-01-2013 11:21 AM
These servers are for hosting, so yes I do want them sitting right out on the internet.
06-01-2013 11:37 AM
without security?
06-01-2013 12:25 PM
We have many servers that are hosting applications, websites email and stuff and I have never seen at any of my jobs where we put the servers straight out on the internet. You just simply do a NAT and people from the outside will be able to access those servers on the ports you define. Is there a specific reason you want those servers out sitting on the internet exposing them like that? Simply saying they are hosting servers is not really a reason. So explain us your scenario.....
06-01-2013 11:57 AM
Zack,
To have a better understanding of your particular network's requirements, is there a reason that you do not want or cannot use NAT to statically assign servers to specific "public" IP addresses? I understand the servers are for hosting but need to know if there is a technical reason that NAT cannot be used (such as some protocol that will not be handled correctly). Our data center hosts services for many customers and still uses NAT and/or proxying for services that are exposed to outside connections. This is done for security and other features (load balancing being one).
It may be possible to subnet your assigned IP space, though that may not be efficient enough for your needs. I'm not sure if the 1900 series would support some sort of L2 bridging through it, but that seems like it would just add unneeded complexity. You could forego the router and just connect the servers directly via the switch. Pros and cons with each possibility.
So having additional information regarding your network's requirements and restrictions would be helpful in understanding why NAT is not a viable solution and which alternative would be best.
Best of luck! -Ed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide