01-20-2021 04:46 AM
Hi I've been wrestling with this for a few weeks and would appreciate pointers, I haven't seen this type of configuration anywhere, but assume it's pretty standard. I started working on 2911 hardware with EHWIC VDSL card but due to faulty card (now replaced) decided to test out on a c887VAG router instead. I have this from my ISP: A fixed IP Address say 180.34.82.114 and as I need additional fixed IP's for other equipment I've been assigned a routed range of say 190.206.186.0/28. I'm hoping to use one GE/FE port for the inside network and have the remaining ports available to access fixed addresses within my routed range to connect the other network gear- IP PBX and ASA as examples. I've always had a pre-configured Modem which has gone in front of the router and just plugged the other devices with their fixed IP's in the back. I have access to additional 2 FE ports and a 4port Switch Card on EHWIC for the main router when i migrate.
The config below establishes the PPP session and allows traffic to flow with DHCP allocated addresses to the local LAN via a FE port on VLAN10. It's using the main 180.34.82.114 address which is assigned to the Dialer0 interface to pass traffic. Connecting a PC with one of the static IP's within the routed range to the 887 FE/Switch port only shows an internet connection but won't ping. The ISP static and Routed range IP addresses show in the routing table assigned to VLAN 10 and 20 respectively.
All other examples I've found don't show how to handle the routed range, some fixed addresses can be static NATs to LAN addresses but the external gear is confounding me. Its all in a small business network with Cisco GE switches.
I've tried the obvious IP routes, but nothing's working- help very much appreciated.
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C887VA
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network local-group-author-list local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.30
!
ip dhcp pool LAN
import all
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.0.1
!
!
ip cef
ip domain name xxxx.com
ip name-server 8.8.8.8
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C887VAG+7-K9 sn
!
!
vtp mode transparent
username xxx privilege 15 password 0
!
!
!
!
controller VDSL 0
!
controller Cellular 0
!
vlan 10
name LAN:DATA
!
vlan 20
name ISP_Routed_Range
!
vlan 999
name NOT_USED
!
ip ssh version 2
!
!
!
!
!
!
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
description Tagging for PPPoE (VDSL 0)
encapsulation dot1Q 101
no ip redirects
no ip proxy-arp
ip virtual-reassembly in
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description LAN_Inside
switchport access vlan 10
no ip address
!
interface FastEthernet1
switchport access vlan 10
no ip address
!
interface FastEthernet2
switchport access vlan 10
no ip address
!
interface FastEthernet3
switchport access vlan 20
no ip address
!
interface Cellular0
no ip address
encapsulation slip
shutdown
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
!
interface Vlan10
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
<!-- This is the Routed Range
ip address 190.206.186.1 255.255.255.240
!
interface Dialer0
mtu 1492
<!-- The static IP assigned by the ISP
ip address 180.34.82.114 255.255.255.254
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap ms-chap callin
ppp chap hostname ispusername
ppp chap password 0 password
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 195.206.186.0 255.255.255.240 Dialer0
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 3
no exec
line vty 0 4
privilege level 15
transport input all
!
end
01-20-2021 05:41 AM
ip route 195.206.186.0 255.255.255.240 Dialer0 (looks typo here) - you do not need this route, since you already point default route dialer 0
if they routed to your network, what is the purpose of that IP you want to use.
you want to use directly those IP address, or you looking to NAT them using local IP address ? you can use Dynamic pool NAT for those IP
example :
VLAN 20 have 192.168.20.X /24 - static pool with 190.206.186.0/28
01-20-2021 06:19 AM
01-20-2021 07:06 AM
in that case what ever interface you like to use should be outside interface.
for testing :
configure the IP addredd with outside interface, for testing run some http service and try to access from ourside for that IP, and check also debug logs in the Router, is the packet reaching to your network before it going to http Server ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide