How do I use a public IP Address on the LAN with Cisco 1905 Router

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2017 11:58 PM - edited 03-08-2019 10:49 AM
Hello,
I have multiple public IP addresses (5 nos ) got from ISP.
I have Cisco 1905 router with 2 Ethernet port as GE0/0 and GE0/1 respectively.
I have configured one of public IP address in one of router ethernet port GE0/0 and another port GE0/1 which is use as a LAN subnet.
Where I have created NAT, so network devices can communicate on LAN using private IP addresses.
Now, I want to use rest of free public IP address on host of LAN subnet behind Router. So I can directly communicate the devices on public IP address from outside. We don't want to use port forwarding of single public ip address.
Please suggest the solution for the same.
Thanks,
Prem Vishwakarma
- Labels:
-
Other Switching

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 12:22 AM
Hello,
what are the addresses ? LAN address and host addresses need to be in the same segment, so your only option would be to further subnet the public addresses you have been given. That is not likely to be possible, since the ISP has probably given you continuous addreeses.
Or you could use static 1-on-1 natting...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 12:40 AM
Hi,
Thanks for the reply !!
We have public address are 5 nos. of same subnet 10.25.X.X/29.
For LAN we are using 192.168.X.X/24.
Our some host will be on LAN subnet 192.168.X.X/24. and
two host required public IP directly on NIC 10.25.X.X/29
I have attached the topology diagram.
Regards,
Prem V.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 01:05 AM
Hello,
bridging could work here, if you connect the two hosts that need a public IP address to a different interface on the router.
Post the configuration of your router, I will try to fill in the necessary bits and pieces for that...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 01:14 AM
Here are My Router Configuration ....
CISCO1921#sh run
Building configuration...
Current configuration : 1950 bytes
!
! Last configuration change at 11:18:44 UTC Mon May 29 2017 by cisco
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CISCO1921
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$6ooZ$dNRnrTUOVOd5XdP70Yab1
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FGL2309251CB
!
!
username cisco privilege 15 password 7 094F445G67H95F
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description "Internet"
ip address 10.21.X.X 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description "LAN"
ip address 192.168.0.250 255.255.255.0 secondary
ip address 192.168.12.74 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/1/0
description "Connectivity another end"
ip address 172.16.2.1 255.255.255.252
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
ip default-gateway 10.25.X.X
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.25.X.X
ip route 172.20.31.0 255.255.255.192 172.16.2.2
ip route 172.20.31.192 255.255.255.224 172.16.2.2
ip route 192.168.74.0 255.255.255.0 172.16.2.2
!
!
!
access-list 101 permit ip 192.168.12.0 0.0.0.255 any
access-list 101 permit ip any any
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
!
end
CISCO1921#
CISCO1921#
CISCO1921#sh ip int bri
Interface IP-Address OK? Method Status Prot
ocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.21.X.X YES NVRAM up up
GigabitEthernet0/1 192.168.12.74 YES NVRAM up up
Serial0/1/0 172.16.2.1 YES NVRAM up up
Serial0/1/1 unassigned YES NVRAM administratively down down
NVI0 10.21.X.X YES unset up up
CISCO1921#
Thanks,
Prem V.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 05:35 AM
Hello,
sorry for the delay. The problem is that you have only two Ethernet ports, one of which is used for the Internet connection. Either way, with the configuration below (important parts are marked in bold), you can assign public IP addresses to the hosts connected to GigabitEthernet0/1. The default gateway for the hosts needs to be the IP address of BVI1.
Last configuration change at 11:18:44 UTC Mon May 29 2017 by cisco
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CISCO1921
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$6ooZ$dNRnrTUOVOd5XdP70Yab1
!
no aaa new-model
!
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FGL2309251CB
!
username cisco privilege 15 password 7 094F445G67H95F
!
redundancy
bridge irb
bridge 1 protocol vlan-bridge
bridge 1 route ip
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip virtual-reassembly in
bridge-group 1
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip virtual-reassembly
bridge-group 1
duplex auto
speed auto
!
interface Serial0/1/0
description "Connectivity another end"
ip address 172.16.2.1 255.255.255.252
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
interface bvI1
ip nat outside
ip address 10.21.x.x 255.255.255.248
!
ip default-gateway 10.25.X.X
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 101 interface BVI1 overload
ip route 0.0.0.0 0.0.0.0 10.25.X.X
ip route 172.20.31.0 255.255.255.192 172.16.2.2
ip route 172.20.31.192 255.255.255.224 172.16.2.2
ip route 192.168.74.0 255.255.255.0 172.16.2.2
!
access-list 101 permit ip 192.168.12.0 0.0.0.255 any
access-list 101 permit ip any any
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 09:27 PM
Thanks for the information.
I'll implement the configuration and update you on the same.
Just want to confirm,
Do I need additional port in Router.
OR
The configuration you shared will be work on the existing port.
Regards,
Prem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2017 12:40 AM
Hello,
try using a secondary IP address on the bridged interface:
interface GigabitEthernet0/1
ip virtual-reassembly
bridge-group 1
ip address 192.168.12.74 255.255.255.0 secondary
duplex auto
speed auto
I am not sure this will work though. If not, yes, you need another interface for your LAN hosts with private addresses...
