Multiple public IP addresses on 877W

pentester1964 · ‎11-24-2011

Hello all,

I wonder if someone could help me on a little matter I have. I would like to configure an 877w I just bought. It's connecting to a UK ADSL2+ link.

I'm a penetration tester and I want to put the Cisco router in front of my existing firewall which has an IPS on it, so that it doesn't get in the way of port scans and vulnerability scans. My ISP has issued me with 14 usable addresses a/240 subnet and basically I want to be able to use the route with just the public IP addresses. I have configured Cisco routers before, but never with this type of configuration. It's always been single public IP address NAT'd through to one or two internal LAN's.

It will be nice if I could assign the wireless and fast ethernet ports to the same VLAN using the public addresses. I don't want to use DHCP I'm quite happy statically assigning IP addresses to the computers wireless and LAN interfaces. I am reasonably certain this is possible because not sure how to do it and a little busy at the moment carrying out penetration tests.

If someone out there could provide me with a basic script I can apply from the cli, I will gladly donate £50 today named charity.

Many thanks in advance.

cadet alain · ‎11-24-2011

Hi,

to have interfaces both in the same subnet on a router you must either use VRF lite or transparent bridging.

It wont work with just one RIB.

Regards.

Alain

Don't forget to rate helpful posts.

pentester1964 · ‎11-24-2011

I would happily settle for using just th fast ethernet ports and I could configure static NAT to the wireless.

cadet alain · ‎11-24-2011

Hi,

the router won't let you configure 2 interfaces on the same router both in the same subnet unless you do what I proposed above.

Regards.

Alain.

Don't forget to rate helpful posts.

pentester1964 · ‎11-24-2011

In that case would it be something like this below?

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/30

encapsulation aal5mux

!

dsl operating-mode auto

bridge-group 1

!

interface Vlan1

no ip address

bridge-group 1

!

bridge 1 protocol ieee

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux

!

dsl operating-mode auto

bridge-group 1

!

interface Vlan1

no ip address

bridge-group 1

!

bridge 1 protocol ieee

cadet alain · ‎11-24-2011

Hi,

for transparent bridging yes

Regards.

Alain

Don't forget to rate helpful posts.

pentester1964 · ‎11-24-2011

OK for some reason it doesn't work.

anyone any ideas why that might be? Here's the config.

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

enable secret 5 noyoucantseeit

enable password noyoucantseeit

!

no aaa new-model

!

crypto pki token default removal timeout 0

!

dot11 syslog

ip source-route

no ip routing

!

no ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache

no atm ilmi-keepalive

bridge-group 1

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

no ip route-cache

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

no ip address

no ip route-cache

bridge-group 1

!

interface Dialer0

ip address negotiated

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname user@myisp.com

ppp chap password 0 noyoucantseeit

no cdp enable

bridge-group 1

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

logging esm config

!

control-plane

!

bridge 1 protocol ieee

!

line con 0

no modem enable

line aux 0

line vty 0 4

password noyoucantseeit

login

transport input all

!

end

cadet alain · ‎11-24-2011

Hi,

if you get dhcp address from provider then you need to do routing, it won't work with bridging. maybe you could try IRB and leave vlan 1 interface as bridged and still route on the dialer interface.

Regards.

Alain.

Don't forget to rate helpful posts.