I am a newbie at Cisco and i don't have any experience what so ever with this equipment.
I have bought this switch to try :
We (our company) have a new glass fiber internet from a provider with 5 ip-addresses in an /29 range.
I try the accomplice the following.
On port 1 comes the output from the provider. On port 2 till 7 I want to separate the ip addresses so can distribute these addresses to our lan, to a wifi hotspot for external company visitors etc.
So on port 2 a ip to the lan, on port 3 a ip to wifi router
Can You give ideas how to make this happen?
You do realize that with the topology you are describing, the LAN will only have a maximum of 3 IP addresses and all the IPs will be publicly routable right (security issues). I would suggest using a firewall before your network. Cisco has an SMB solution in the SA500 series devices - the SA520 should be best for you.
But back to your question, you can use the switch in Layer 2 mode to "distribute" the IPs if the /29 network that holds your 5 IP addresses uses a gateway from the provider in the same network. You should be able to tell if this is so because the usable IPs are in sequence and the gateway will be the IP address value just before the lowest e.g. Usable IPs 192.168.1.2-6 and your gateway is 192.168.1.1 (ISP).
Otherwise, if you have a Point to Point allocation, and this /29 is routed to the Poin-Point IP then you will need a router or the switch would need to be configured in Layer 3 mode. Best is for you to use the firewall.
Thanks for the reaction
And yes, I am aware of this situation therefore these ip splitting happens before our firewall.
1 ip address of the isp should be redirected to our LAN.
What you suggest about the gateway is correct. The lowest is our gateway and above these I have 5 more addresses.
As I mentioned earlier I am a complete newbie in the Cisco world. Can You give any detailed instructions how to do this? Should I use the ACL? And/or something else?
All I want to happen is the ISP ip’s rearrange to the different ports and I can’t find anything to do this.
Could you please give me a hand?
Can you send me your topology?
I'll be able to help you much better if I have a clear picture of your existing topology. Naturally keep sensitive information obscurred, but I still need to have an idea of how your address space is arranged.
Is this what You want. i had to make this with 7 day's free smartdraw otherwise i must wait for a fortnight to us a proper program, sorry.
Thanks for the diagram. It helps a lot.
I'm assuming the ISP switch is the first off the cloud. You actually don't need to do much on the switch to support this topology.
I would suggest you simply change the default username and password and enable secure modes of switch administration (https/ssh) only. You can use one of the public IPs for remote management (61 and 62 are free).
You can get the details for changing the IP in chapter 1 of the Administrative guide. Get it here:
Also pg. 275 shows how to configure the accepted modes of administrative access.
Ensure that the firewall and wireless devices both use the default gateway provided by the ISP. The wireless devices would need to be routers that do PAT for this to make sense because the hotspot users would need to be issued private IP addresses since you don't have sufficient public IPs to distrubute.
Thanks for the quick replay
Your assumption about the ISP is correct.
As You suggested I changed the username and password (mandatory) and the IP of the Cisco to 62.
Also changed under the SECURITY the management access authentication.
But how can I arrange the ip range send only to the designated port? i.e. ip 60 to port 2, ip 58 to port 3 etc? make use of vlan? Or is it simple connect the devices to the Cisco and thas it.
You can't assign the IPs to the desgnated port.
Yes, simply connect the WAPs (hope these are routers) and the firewall as per your diagram and assign the IPs to the device connected to the port on the switch and that should work.
Remember to set the Default GW to .57 on the external interfaces of the Wireless routers and the Firewall.
Let me know how that goes.
I followed your advice and it went ok as you predicted. How ever….
I tried to connect this also to our lan with a the last remaining ip-address.
On our isa we have 2 adapters, 1 is connected to a modem and has a different ip range then our lan, the other one is connected with our lan.
When I connect the cisco switch to the internet connector and I change the address to .60 with the .57 gateway I can’t connect to the internet. So it seems I do something wrong. Do you have any advice in this matter?
I believe it’s something very simple but I can’t discover it.