11-19-2012 01:39 PM - edited 03-07-2019 10:08 AM
Hi Guru's,
We have a Router with one External IP and a couple of VLANs. We have got a Teleconferencing Unit that needs almost every port known to man to work, so decided to get the unit its own External IP.
We have the IP now and I wouldn't have the first idea how to get it in the router and then also to use it only for the Video unit (From outside straight through to Video).
Is this a biggy that I should get someone in to do or could I do it myself? Im comfortable adding lines to the router but just don't know what the lines should be.
The new IP's purchased are 116.199.222.200/30 (Only need to use one address, lets say 116.199.222.200). No idea what the subnet mask should be...
The router config below stripped of irrelevant stuff:
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
switchport access vlan 2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
duplex full
speed 100
!
interface FastEthernet4.4090
description MANAGEMENT
encapsulation dot1Q 4090
ip address 172.23.1.214 255.255.255.248
!
interface FastEthernet4.4093
encapsulation dot1Q 4093
ip address 116.199.222.62 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
interface Vlan1
description LAN
ip address 192.168.72.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description WirelessLAN
ip address 192.168.73.1 255.255.255.0
ip access-group 173 in
ip nat inside
ip virtual-reassembly in
!
ip nat inside source list 10 interface FastEthernet4.4093 overload
ip nat inside source list 20 interface FastEthernet4.4093 overload
ip route 0.0.0.0 0.0.0.0 116.199.222.61
ip route 192.168.248.0 255.255.255.0 172.23.1.209
ip route 202.50.246.248 255.255.255.255 172.23.1.209
!
ip access-list standard snmp
permit 202.50.246.10
permit 202.50.246.11
permit 202.50.246.141
permit 202.50.246.131
!
logging trap debugging
access-list 1 permit 27.252.114.237
access-list 1 permit 202.50.246.248
access-list 1 deny any
access-list 10 permit 192.168.72.0 0.0.0.255
access-list 20 permit 192.168.73.0 0.0.0.255
access-list 30 permit 192.168.74.0 0.0.0.255
access-list 173 deny ip 192.168.73.0 0.0.0.255 192.168.72.0 0.0.0.255
access-list 173 permit ip any any
Solved! Go to Solution.
11-21-2012 02:10 PM
Plug the video system (lifesize?) into fa1
Assign 192.168.72.100 to the video system
Log into the router and issue
conf t
ip nat inside source static 192.168.72.100 116.199.222.200
int fastethernet 1
switchport mode access
switchport access vlan 1
exit
interface FastEthernet4.4093
ip address 116.199.222.200 255.255.255.252 secondary
exit
You're done this should work.
11-19-2012 01:42 PM
Since you have nat configured, you'd map a static address to it like:
ip nat inside source static 192.168.72.50 116.199.222.200
I'm of course assuming that you'll have 192.168.72.50 assigned to the video unit..
HTH,
John
11-19-2012 01:49 PM
The unit is patched straight through to the router's FA1 Physical port.
Also I first need to get the new Public IP address into the router..Or do I not even need to do that?
11-19-2012 02:21 PM
You could configure fa1 as the first address of the block and then your second address on your video unit. The default gateway for the video unit was point to the first address that you configured for the switchport.
11-19-2012 02:30 PM
So I need to know how to confugure that port with the new Outside IP..
11-19-2012 02:32 PM
int fa1
ip address 116.199.222.201 255.255.255.252
Your device would be addressed at 116.199.222.202 255.255.255.252 with a default gateway of 116.199.222.201.
The provider should be routing for you and point this subnet to your public address that's on fa4.4093.
HTH,
John
**** Please rate useful posts ****
11-20-2012 12:57 PM
That comes up with some layer error..
I think Ill have to get someone in to do this. I just want to plug the Video Unit directly into the Router FA1 port and have it on the new external IP and have no ports blocked...
11-21-2012 02:10 PM
Plug the video system (lifesize?) into fa1
Assign 192.168.72.100 to the video system
Log into the router and issue
conf t
ip nat inside source static 192.168.72.100 116.199.222.200
int fastethernet 1
switchport mode access
switchport access vlan 1
exit
interface FastEthernet4.4093
ip address 116.199.222.200 255.255.255.252 secondary
exit
You're done this should work.
11-23-2012 11:50 AM
Hi John, thankyou for these commands. Just one problem with the very last line (ip address 116.199.222.200 255.255.255.252 secondary).
Gives me error: Bad mask /30 for address 116.199.222.200
Edit: Changed to 201 rather than 200. We were given 3 IP's. Don't know whats wrong with 200.
So does this mean that there is absolutely no port blocking on that address? This Video unit is crap and requires all the ranges
11-26-2012 01:33 PM
Todd,
Yeah as long as you have no other ACL's on the device that's a straight 1-1 NAT, if this is a lifesize device, I had similar problems mapping ports. I ended up going a different route.
If you used 201 then you also need to
ip nat inside source static 192.168.72.100 116.199.222.201
And it should work for you.
11-27-2012 12:56 PM
Heys thanks for the replies everyone, and John, that config works a treat. Now im going to get a new Video unit. This LG really is a heap of crud. It will communicate with a whole bunch of test sites no problem with sound and Video but when I try with the site in Italy that we need, it wont talk. Putting down to incompatability.
Thanks again for the help
11-26-2012 01:55 PM
.200 is your network .201 is first useable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide