09-17-2013 05:32 PM - edited 03-07-2019 03:32 PM
Hi everyone,
I haven't done any Cisco work in a while, and I obtained a new 1921 router with a EWIC card for a T1 line that we were going to route for a VoIP project with. Turned out the carrier supplied us with their own router so now I can repurpose this 1921 for our data line, to upgrade from a Linksys.
Now, this customer has TimeWarner Cable for their dataline. So there's a cable modem in the office and it is a bridge which just passed packets to the Linksys before via straight ethernet.
I don't think I can use the EWIC in this case now, but can I use the 2 onboard Gigabit interfaces...one to the modem and one to the LAN switch?
If so, can you explain the steps of the commands to use (ACL? Default Route?)
Thanks a ton!!!
09-17-2013 07:12 PM
You should be able to connect the cable modem to the router on one of the ports and the other would go to the lan. If your Linksys was doing nat before, you'd need to configure nat on this router unless you have something else doing that for you.
HTH,
John
*** Please rate all useful posts ***
09-19-2013 07:09 AM
It's not in the thread now...but Tarjeet Singh
posted this:
aaa new-model
!
ip domain name XXX
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall icmp
ip inspect name Firewall https
interface GigabitEthernet0/0
description Uplink To Internet | IP
ip address x.x.x.x x.x.x.x
ip access-group Outside_In in
ip nat outside
ip inspect Firewall out
interface GigabitEthernet0/1
description Inside Lan -
ip address 10.0.0.1 255.0.0.0
ip nat inside
ip nat inside source list No_NAT interface GigabitEthernet0/0 overload
ip access-list extended No_NAT
deny ip 10.0.0.0 0.0.255.255 10.0.0.0 0.255.255.255
deny ip 10.0.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.0.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip any any
ip route 0.0.0.0 0.0.0.0 x.x.x.x (next hop ISP router)
ip route 10.0.0.0 255.0.0.0 10.0.0.1 (pointing to next hop inside if there is L3 switch behiend)
ip access-list extended Outside_In
permit icmp any any echo
deny ip any any
(Allow all traffic which need access)
ip access-list extended VTY-ACL
permit ip 10.0.0.0 0.0.255.255 any
(allow traffic which ever need acc to router)
line vty 0 4
access-class VTY-ACL in
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
09-19-2013 07:12 AM
I think I'm reading this correctly...and I'm preping in my lab with this.
I want the Gi0/0 interface to have 172.20.2.254 on it and the Gi0/1 to have 172.20.0.254
Currently the Linksys uses 172.20.0.1 so I would just have to change up the Gi0/0 IP address to use the static IP from TimeWarner and then I should be ok?
I have some porting rules I'll need to apply for remote access (RDP) but other then that does this all look good?
09-19-2013 07:55 AM
Do you have a public address? If so, is it being handed over to your Linksys now? You said that the Linksys uses 172.20.0.1, but that would indicate that the TWC equipment is doing the natting for you. Is that the case?
Thanks,
John
09-19-2013 08:08 AM
Yes...I have a static global IP...the Linksys LAN IP is 172.20.0.1.
In my lab I want the LAN IP of the Cisco to be the same...172.20.0.1.
The WAN IP on the Linksys now is a global IP...but to simulate that at home in my lab I'd like to use 172.20.2.254 as the WAN IP so I can uplink it to my core home router.
11-06-2013 11:02 AM
hey guys,
Will this config allow me to add NAT mappings, for example RDP to an internal address of
10.10.10.100
Also...what if I want to setup vlans on the switch that I have...at cisco switch in the future.
I'll need 2 vlans...one for desktops and one for server traffic.
I remember I need sub interfaces on this...or do I?
If so...what do I do about that and if possible can you show me?
Thank you all!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide