In this scenario, I will show you how to configure a CISCO 2600 Series router (it can be any other Cisco router) so that you can deploy it at the client’s site to provide Internet connection to them. In essence, we will act as an ISP (Internet Service Provider) proving the Internet connection and the modem/router. Assume that the modem and physical connection has been setup by the ISP; we will now deploy a router on site. The router will have two interfaces called FastEthernet0/0 and FastEthernet0/1. I will dedicate FastEthernet0/0 as the WAN facing connection and the other one facing the LAN. This LAN (FastEthernet0/1) will in turn be the WAN for the client router. The client will have their IT administrator connect a local router that connect its WAN interface to our FastEthernet0/1 and obtain a static Internet IP address given to them by us.
2/ TCP/IP Addresses
The ISP provides the following TCP/IP components:
The WAN TCP/IP is a /30 subnet, which means that the subnet mask is 255.255.255.252.
30 bits = 11111111.11111111.11111111.11111100
The above bit patterns is equal to 255.255.255.252
WAN IP Address: 220.127.116.11 Subnet Mask: 255.255.255.252 Gateway: 18.104.22.168 DNS1: 22.214.171.124 DNS2: 126.96.36.199 LAN IP Subnet: /29 LAN IP Address: 188.8.131.52
As you can see, the WAN IP address is on a different block of subnet and the LAN IP is on a different block of subnet.
Take a look at the WAN subnet mask. Two bits are being used for the hosts, which means we have 22 = 4 IP addresses. They are:
184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124
The first IP address 126.96.36.199 is the network ID and cannot be used. The last IP address is the broadcast IP and cannot be used. The IP address 188.8.131.52 is on the ISP’s side and the only remaining one: 184.108.40.206 can be used as WAN on the Cisco router. This IP address will be assigned to FastEthernet0/0.
To avoid double-NATting, we will also provide a public IP address to the LAN interface (this will be the client’s WAN IP address). The ISP is so generous that it provides a /29 subnet. Let’s see what that means.
29 bits = 11111111.11111111.11111111.11111000
The above bit patterns is equal to 255.255.255.248
The IP Range that the customer can use is 220.127.116.11-18.104.22.168
However, 22.214.171.124 cannot be used as it is the network ID.
126.96.36.199 is programmed as a LAN IP Address on the PSSNET Router.
The client therefore, is left with: *.10, *.11, *.12, *.13, *.14.
188.8.131.52 cannot be used as it is a broadcast IP address.
The Default gateway is 184.108.40.206
The Subnet Mask is 255.255.255.248
In this scenario, I programmed my laptop with the *.10 IP and it appeared to work flawlessly.
3/ Router configurations
The following is the configuration on the Cisco Router.
service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname dalaris-router ! boot-start-marker boot-end-marker ! enable secret 5 $1$FO/k$zniuCv0lWkY0WYwDOFLy7/ enable password 7 001400152468001F18715E4A1A ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ip cef ! ! ip domain name dalaris.com ! ip dhcp pool 220.127.116.11/29 network 18.104.22.168 255.255.255.248 default-router 22.214.171.124 dns-server 126.96.36.199 188.8.131.52 ! ip audit po max-events 100 ! ! ! username pssadm privilege 15 password 7 21392C88772233D0D55 ! ! ! interface FastEthernet0/0 ip address 184.108.40.206 255.255.255.252 ip access-group 102 in ip access-group 101 out ip nat outside duplex auto speed auto ! interface FastEthernet0/1 ip address 220.127.116.11 255.255.255.248 ip nat inside speed auto full-duplex ! ip default-gateway 18.104.22.168 ip nat inside source list 101 interface FastEthernet0/0 overload ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 22.214.171.124 ! ! access-list 101 permit ip any any access-list 102 permit icmp any any echo-reply access-list 102 permit ip any any ! ! ! line con 0 line aux 0 line vty 0 4 access-class 1 in exec-timeout 30 0 privilege level 15 password 7 199F1A4C882277432C44321E37 login local transport preferred ssh transport input ssh ! ! end dalaris-router#
Since the Cisco router LAN IP address is 126.96.36.199 with the subnet mask of /29, it means that this IP belongs to this pool of IP addresses:
188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206
There are three bits used for the hosts so totally we have 23 = 8 IP addresses. The first IP address 220.127.116.11 cannot be used as it is the network ID. The last IP address is the broadcast IP address. The second IP is programmed on the LAN interface (FastEthernet0/1). There are five IP addresses the client can use. In this test, I plugged in a laptop and the DHCP provides me an IP address of 18.104.22.168.
The client’s IT administrator need to configure his router with a WAN IP address in the range of 22.214.171.124-14.
Information to be given to the customer (Client’s IT personnel):
IPv4 Address. . . . . . . . . . . : 126.96.36.199(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.248 Default Gateway . . . . . . . . . : 188.8.131.52 DHCP Server . . . . . . . . . . . : 184.108.40.206 C:\Users\dalaris>ping 220.127.116.11 Pinging 18.104.22.168 with 32 bytes of data: Reply from 22.214.171.124: bytes=32 time=17ms TTL=57 Reply from 126.96.36.199: bytes=32 time=16ms TTL=57 Reply from 188.8.131.52: bytes=32 time=16ms TTL=57 Reply from 184.108.40.206: bytes=32 time=16ms TTL=57 Ping statistics for 220.127.116.11: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 16ms, Maximum = 17ms, Average = 16ms C:\Users\pdalaris>ping google.com Pinging google.com [18.104.22.168] with 32 bytes of data: Reply from 22.214.171.124: bytes=32 time=19ms TTL=56 Reply from 126.96.36.199: bytes=32 time=18ms TTL=56 Reply from 188.8.131.52: bytes=32 time=18ms TTL=56 Reply from 184.108.40.206: bytes=32 time=18ms TTL=56 Ping statistics for 220.127.116.11: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 19ms, Average = 18ms C:\Users\dalaris>ipconfig /all Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 1C-75-08-67-C5-70 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6875:b2f2:23a9:4de6%11(Preferred) IPv4 Address. . . . . . . . . . . : 18.104.22.168(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.248 Lease Obtained. . . . . . . . . . : Friday, June 27, 2014 2:25:01 PM Lease Expires . . . . . . . . . . : Saturday, June 28, 2014 2:25:01 PM Default Gateway . . . . . . . . . : 22.214.171.124 DHCP Server . . . . . . . . . . . : 126.96.36.199 DHCPv6 IAID . . . . . . . . . . . : 236745992 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-09-EA-35-1C-75-08-67-C5-70 DNS Servers . . . . . . . . . . . : 188.8.131.52 184.108.40.206 NetBIOS over Tcpip. . . . . . . . : Enabled
In this scenario, I have demonstrated how to configure the Cisco router for Customer’s end as an ISP.