1/ Introduction
In this scenario, I will show you how to configure a CISCO 2600 Series router (it can be any other Cisco router) so that you can deploy it at the client’s site to provide Internet connection to them. In essence, we will act as an ISP (Internet Service Provider) proving the Internet connection and the modem/router. Assume that the modem and physical connection has been setup by the ISP; we will now deploy a router on site. The router will have two interfaces called FastEthernet0/0 and FastEthernet0/1. I will dedicate FastEthernet0/0 as the WAN facing connection and the other one facing the LAN. This LAN (FastEthernet0/1) will in turn be the WAN for the client router. The client will have their IT administrator connect a local router that connect its WAN interface to our FastEthernet0/1 and obtain a static Internet IP address given to them by us.
2/ TCP/IP Addresses
The ISP provides the following TCP/IP components:
The WAN TCP/IP is a /30 subnet, which means that the subnet mask is 255.255.255.252.
30 bits = 11111111.11111111.11111111.11111100
The above bit patterns is equal to 255.255.255.252
WAN IP Address: 207.107.110.166 Subnet Mask: 255.255.255.252 Gateway: 207.107.110.165 DNS1: 64.71.255.198 DNS2: 24.153.23.114 LAN IP Subnet: /29 LAN IP Address: 207.107.102.8
As you can see, the WAN IP address is on a different block of subnet and the LAN IP is on a different block of subnet.
Take a look at the WAN subnet mask. Two bits are being used for the hosts, which means we have 22 = 4 IP addresses. They are:
207.107.110.164 207.107.110.165 207.107.110.166 207.107.110.167
The first IP address 207.107.110.164 is the network ID and cannot be used. The last IP address is the broadcast IP and cannot be used. The IP address 207.107.110.165 is on the ISP’s side and the only remaining one: 207.107.110.166 can be used as WAN on the Cisco router. This IP address will be assigned to FastEthernet0/0.
To avoid double-NATting, we will also provide a public IP address to the LAN interface (this will be the client’s WAN IP address). The ISP is so generous that it provides a /29 subnet. Let’s see what that means.
29 bits = 11111111.11111111.11111111.11111000
The above bit patterns is equal to 255.255.255.248
Topology
The IP Range that the customer can use is 207.107.102.8-207.107.102.15
However, 207.107.102.8 cannot be used as it is the network ID.
207.107.102.9 is programmed as a LAN IP Address on the PSSNET Router.
The client therefore, is left with: *.10, *.11, *.12, *.13, *.14.
207.107.102.15 cannot be used as it is a broadcast IP address.
The Default gateway is 207.107.102.9
The Subnet Mask is 255.255.255.248
In this scenario, I programmed my laptop with the *.10 IP and it appeared to work flawlessly.
3/ Router configurations
The following is the configuration on the Cisco Router.
service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname dalaris-router ! boot-start-marker boot-end-marker ! enable secret 5 $1$FO/k$zniuCv0lWkY0WYwDOFLy7/ enable password 7 001400152468001F18715E4A1A ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ip cef ! ! ip domain name dalaris.com ! ip dhcp pool 207.107.102.8/29 network 207.107.102.8 255.255.255.248 default-router 207.107.102.9 dns-server 64.71.255.198 24.153.23.114 ! ip audit po max-events 100 ! ! ! username pssadm privilege 15 password 7 21392C88772233D0D55 ! ! ! interface FastEthernet0/0 ip address 207.107.110.166 255.255.255.252 ip access-group 102 in ip access-group 101 out ip nat outside duplex auto speed auto ! interface FastEthernet0/1 ip address 207.107.102.9 255.255.255.248 ip nat inside speed auto full-duplex ! ip default-gateway 207.107.110.165 ip nat inside source list 101 interface FastEthernet0/0 overload ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 207.107.110.165 ! ! access-list 101 permit ip any any access-list 102 permit icmp any any echo-reply access-list 102 permit ip any any ! ! ! line con 0 line aux 0 line vty 0 4 access-class 1 in exec-timeout 30 0 privilege level 15 password 7 199F1A4C882277432C44321E37 login local transport preferred ssh transport input ssh ! ! end dalaris-router#
4/ Testing
Since the Cisco router LAN IP address is 207.107.102.9 with the subnet mask of /29, it means that this IP belongs to this pool of IP addresses:
207.107.102.8 207.107.102.9 207.107.102.10 207.107.102.11 207.107.102.12 207.107.102.13 207.107.102.14 207.107.102.15
There are three bits used for the hosts so totally we have 23 = 8 IP addresses. The first IP address 207.107.102.8 cannot be used as it is the network ID. The last IP address is the broadcast IP address. The second IP is programmed on the LAN interface (FastEthernet0/1). There are five IP addresses the client can use. In this test, I plugged in a laptop and the DHCP provides me an IP address of 207.107.102.10.
The client’s IT administrator need to configure his router with a WAN IP address in the range of 207.107.102.10-14.
Information to be given to the customer (Client’s IT personnel):
IPv4 Address. . . . . . . . . . . : 207.107.102.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 207.107.102.9
DHCP Server . . . . . . . . . . . : 207.107.102.9
C:\Users\dalaris>ping 4.2.2.2
Pinging 4.2.2.2 with 32 bytes of data:
Reply from 4.2.2.2: bytes=32 time=17ms TTL=57
Reply from 4.2.2.2: bytes=32 time=16ms TTL=57
Reply from 4.2.2.2: bytes=32 time=16ms TTL=57
Reply from 4.2.2.2: bytes=32 time=16ms TTL=57
Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
C:\Users\pdalaris>ping google.com
Pinging google.com [173.194.43.66] with 32 bytes of data:
Reply from 173.194.43.66: bytes=32 time=19ms TTL=56
Reply from 173.194.43.66: bytes=32 time=18ms TTL=56
Reply from 173.194.43.66: bytes=32 time=18ms TTL=56
Reply from 173.194.43.66: bytes=32 time=18ms TTL=56
Ping statistics for 173.194.43.66:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms
C:\Users\dalaris>ipconfig /all
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 1C-75-08-67-C5-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6875:b2f2:23a9:4de6%11(Preferred)
IPv4 Address. . . . . . . . . . . : 207.107.102.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Lease Obtained. . . . . . . . . . : Friday, June 27, 2014 2:25:01 PM
Lease Expires . . . . . . . . . . : Saturday, June 28, 2014 2:25:01 PM
Default Gateway . . . . . . . . . : 207.107.102.9
DHCP Server . . . . . . . . . . . : 207.107.102.9
DHCPv6 IAID . . . . . . . . . . . : 236745992
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-09-EA-35-1C-75-08-67-C5-70
DNS Servers . . . . . . . . . . . : 64.71.255.198
24.153.23.114
NetBIOS over Tcpip. . . . . . . . : Enabled
5/ Conclusion
In this scenario, I have demonstrated how to configure the Cisco router for Customer’s end as an ISP.