cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
314
Views
0
Helpful
3
Replies
AIngram
Beginner

VDSL Fixed IP and Routed Range

Hi I've been wrestling with this for a few weeks and would appreciate pointers, I haven't seen this type of configuration anywhere, but assume it's pretty standard.  I started working on 2911 hardware with EHWIC VDSL card but due to faulty card (now replaced) decided to test out on a c887VAG router instead.  I have this from my ISP: A fixed IP Address say 180.34.82.114 and as I need additional fixed IP's for other equipment I've been assigned a routed range of say 190.206.186.0/28.  I'm hoping to use one GE/FE port for the inside network and have the remaining ports available to access fixed addresses within my routed range to connect the other network gear- IP PBX and ASA as examples.  I've always had a pre-configured Modem which has gone in front of the router and just plugged the other devices with their fixed IP's in the back.  I have access to additional 2 FE ports and a 4port Switch Card on EHWIC for the main router when i migrate.

 

The config below establishes the PPP session and allows traffic to flow with DHCP allocated addresses to the local LAN via a FE port on VLAN10.  It's using the main 180.34.82.114 address which is assigned to the Dialer0 interface to pass traffic.  Connecting a PC with one of the static IP's within the routed range to the 887 FE/Switch port only shows an internet connection but won't ping.  The ISP static and Routed range IP addresses show in the routing table assigned to VLAN 10 and 20 respectively.

All other examples I've found don't show how to handle the routed range, some fixed addresses can be static NATs to LAN addresses but the external gear is confounding me.  Its all in a small business network with Cisco GE switches.

 

I've tried the obvious IP routes, but nothing's working- help very much appreciated.

 

version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C887VA
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network local-group-author-list local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.30
!
ip dhcp pool LAN
import all
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.0.1
!
!
ip cef
ip domain name xxxx.com
ip name-server 8.8.8.8
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C887VAG+7-K9 sn
!
!
vtp mode transparent
username xxx privilege 15 password 0
!
!
!
!
controller VDSL 0
!
controller Cellular 0
!
vlan 10
name LAN:DATA
!
vlan 20
name ISP_Routed_Range
!
vlan 999
name NOT_USED
!
ip ssh version 2
!
!
!
!
!
!
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
description Tagging for PPPoE (VDSL 0)
encapsulation dot1Q 101
no ip redirects
no ip proxy-arp
ip virtual-reassembly in
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description LAN_Inside
switchport access vlan 10
no ip address
!
interface FastEthernet1
switchport access vlan 10
no ip address
!
interface FastEthernet2
switchport access vlan 10
no ip address
!
interface FastEthernet3
switchport access vlan 20
no ip address
!
interface Cellular0
no ip address
encapsulation slip
shutdown
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
!
interface Vlan10
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20

<!-- This is the Routed Range

ip address 190.206.186.1 255.255.255.240
!
interface Dialer0
mtu 1492

<!-- The static IP assigned by the ISP

ip address 180.34.82.114 255.255.255.254
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap ms-chap callin
ppp chap hostname ispusername
ppp chap password 0 password
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 195.206.186.0 255.255.255.240 Dialer0
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 3
no exec
line vty 0 4
privilege level 15
transport input all
!
end

3 REPLIES 3
balaji.bandi
VIP Master

ip route 195.206.186.0 255.255.255.240 Dialer0 (looks typo here)   - you do not need this route, since you already point default route dialer 0

 

if they routed to your network, what is the purpose of that IP you want to use.

you want to use directly those IP address, or you looking to NAT them using local IP address ? you can use Dynamic pool NAT for those IP

 

example :

 

VLAN 20 have 192.168.20.X /24  - static pool with 190.206.186.0/28

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Thanks Balaji
I tried without the static route as well. Because the Routed Range is on a completely different network from the one provided by the ISP ie the 190.206.186.0/28 and the 180.34.82.113 ISP static I was thinking I needed some way of routing between the two. I'm sure as you suggest (and I've done it before) the static NAT or Dynamic via a Pool- to a single internal network address will work just fine ie
Ip nat inside source static 192.168.0.250 190.206.186.2 with an attached route map will be fine for accessing an internal device on the inside network using an external static address.
What I'm trying to do however is to have physically a port on the router (either a GE or Switched Port) I can connect our Avaya IP Office with it's own outside Network Address and Session Border Controller and our remote Access device Cisco ASA5505's outside interface which are effectively off network- if it's clearer:
190.206.186.3 will connect to the Avaya
190.206.186.4 will connect to the ASA
(the IP Addresses are fictitious of course hence the typo- but are of the same order)
The way the ISP has set things up allows the routed range to 'appear' somehow, I guess it'll be some configuration that an ISP uses on a pre-configured router I'm looking for, just that mine hasn't got any other solution.
All help is appreciated!
balaji.bandi
VIP Master

in that case  what ever interface you like to use should be outside interface.

 

for testing :

 

configure the IP addredd with outside interface, for testing run some http service and try to access from ourside for that IP, and check also debug logs in the Router, is the packet reaching to your network before it going to http Server ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help