cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
5238
Views
0
Helpful
7
Replies
premvishwakarma
Beginner

How do I use a public IP Address on the LAN with Cisco 1905 Router

Hello,

I have multiple public IP addresses (5 nos ) got from ISP. 

I have Cisco 1905 router with 2 Ethernet port as GE0/0 and GE0/1 respectively. 

I have configured one of public IP address in one of router ethernet  port GE0/0 and another port GE0/1 which is use as a LAN subnet. 

Where I have created NAT, so network devices can communicate on LAN using private IP addresses. 

Now, I want to use rest of free public IP address on host of LAN subnet behind  Router.  So I can directly communicate the devices on public IP address from outside. We don't want to use port forwarding of single public ip address. 

Please suggest the solution for the same. 

Thanks,

Prem Vishwakarma 

 

7 REPLIES 7
Georg Pauwen
VIP Expert

Hello,

what are the addresses ? LAN address and host addresses need to be in the same segment, so your only option would be to further subnet the public addresses you have been given. That is not likely to be possible, since the ISP has probably given you continuous addreeses.

Or you could use static 1-on-1 natting...

Hi,

Thanks for the reply !! 

We have public address are 5 nos. of same subnet  10.25.X.X/29. 

For LAN we are using 192.168.X.X/24.

Our some host will  be on LAN subnet  192.168.X.X/24. and 

two host required public IP directly on NIC 10.25.X.X/29

I have attached the topology diagram. 

Regards,

Prem V. 

Hello,

bridging could work here, if you connect the two hosts that need a public IP address to a different interface on the router.

Post the configuration of your router, I will try to fill in the necessary bits and pieces for that...

Here are My Router Configuration ....

CISCO1921#sh run

Building configuration...

 

Current configuration : 1950 bytes

!

! Last configuration change at 11:18:44 UTC Mon May 29 2017 by cisco

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname CISCO1921

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$6ooZ$dNRnrTUOVOd5XdP70Yab1

!

no aaa new-model

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip name-server 4.2.2.2

ip cef

no ipv6 cef

multilink bundle-name authenticated

!

cts logging verbose

!

!

license udi pid CISCO1921/K9 sn FGL2309251CB

!

!

username cisco privilege 15 password 7 094F445G67H95F

!

redundancy

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 description "Internet"

 ip address 10.21.X.X 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 description "LAN"

 ip address 192.168.0.250 255.255.255.0 secondary

 ip address 192.168.12.74 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface Serial0/1/0

 description "Connectivity another end"

 ip address 172.16.2.1 255.255.255.252

!

interface Serial0/1/1

 no ip address

 shutdown

 clock rate 2000000

!

ip default-gateway 10.25.X.X

ip forward-protocol nd

!

ip http server

no ip http secure-server

!

ip nat inside source list 101 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 10.25.X.X

ip route 172.20.31.0 255.255.255.192 172.16.2.2

ip route 172.20.31.192 255.255.255.224 172.16.2.2

ip route 192.168.74.0 255.255.255.0 172.16.2.2

!

!

!

access-list 101 permit ip 192.168.12.0 0.0.0.255 any

access-list 101 permit ip any any

!

control-plane

!

!

!

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 login local

 transport input telnet

 transport output telnet

!

scheduler allocate 20000 1000

!

end

 

CISCO1921#

CISCO1921#

CISCO1921#sh ip int bri

Interface                  IP-Address      OK? Method Status                Prot

ocol

Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down

 

GigabitEthernet0/0         10.21.X.X YES NVRAM  up                    up

 

GigabitEthernet0/1         192.168.12.74   YES NVRAM  up                    up

 

Serial0/1/0                172.16.2.1      YES NVRAM  up                    up

 

Serial0/1/1                unassigned      YES NVRAM  administratively down down

 

NVI0                       10.21.X.X YES unset  up                    up

 

CISCO1921#

Thanks,

Prem V. 

Hello,

sorry for the delay. The problem is that you have only two Ethernet ports, one of which is used for the Internet connection. Either way, with the configuration below (important parts are marked in bold), you can assign public IP addresses to the hosts connected to GigabitEthernet0/1. The default gateway for the hosts needs to be the IP address of BVI1.

Last configuration change at 11:18:44 UTC Mon May 29 2017 by cisco
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CISCO1921
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$6ooZ$dNRnrTUOVOd5XdP70Yab1
!
no aaa new-model
!
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FGL2309251CB
!
username cisco privilege 15 password 7 094F445G67H95F
!
redundancy
bridge irb
bridge 1 protocol vlan-bridge
bridge 1 route ip
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip virtual-reassembly in
bridge-group 1
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip virtual-reassembly
bridge-group 1
duplex auto
speed auto
!
interface Serial0/1/0
description "Connectivity another end"
ip address 172.16.2.1 255.255.255.252
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
interface bvI1
ip nat outside
ip address 10.21.x.x 255.255.255.248
!
ip default-gateway 10.25.X.X
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 101 interface BVI1 overload
ip route 0.0.0.0 0.0.0.0 10.25.X.X
ip route 172.20.31.0 255.255.255.192 172.16.2.2
ip route 172.20.31.192 255.255.255.224 172.16.2.2
ip route 192.168.74.0 255.255.255.0 172.16.2.2
!
access-list 101 permit ip 192.168.12.0 0.0.0.255 any
access-list 101 permit ip any any
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
!
end

Thanks for the information. 

I'll implement the configuration and update you on the same. 

Just want to confirm, 

Do I need additional port in Router.

OR

The configuration you shared will be work on the existing port. 

Regards,

Prem. 

Hello,

try using a secondary IP address on the bridged interface:

interface GigabitEthernet0/1
 ip virtual-reassembly
 bridge-group 1
 ip address 192.168.12.74 255.255.255.0 secondary
 duplex auto
 speed auto

I am not sure this will work though. If not, yes, you need another interface for your LAN hosts with private addresses...