How to Configure Client Router at the ISP Level

1/ Introduction

In this scenario, I will show you how to configure a CISCO 2600 Series router (it can be any other Cisco router) so that you can deploy it at the client’s site to provide Internet connection to them. In essence, we will act as an ISP (Internet Service Provider) proving the Internet connection and the modem/router. Assume that the modem and physical connection has been setup by the ISP; we will now deploy a router on site. The router will have two interfaces called FastEthernet0/0 and FastEthernet0/1. I will dedicate FastEthernet0/0 as the WAN facing connection and the other one facing the LAN. This LAN (FastEthernet0/1) will in turn be the WAN for the client router. The client will have their IT administrator connect a local router that connect its WAN interface to our FastEthernet0/1 and obtain a static Internet IP address given to them by us.

2/ TCP/IP Addresses

The ISP provides the following TCP/IP components:

 The WAN TCP/IP is a /30 subnet, which means that the subnet mask is 255.255.255.252.

 30 bits = 11111111.11111111.11111111.11111100
The above bit patterns is equal to 255.255.255.252

WAN IP Address:        207.107.110.166
Subnet Mask:           255.255.255.252
Gateway:               207.107.110.165
DNS1:                  64.71.255.198
DNS2:                  24.153.23.114
 
LAN IP Subnet:         /29
LAN IP Address:        207.107.102.8

As you can see, the WAN IP address is on a different block of subnet and the LAN IP is on a different block of subnet.
Take a look at the WAN subnet mask. Two bits are being used for the hosts, which means we have 22 = 4 IP addresses. They are:

207.107.110.164
207.107.110.165
207.107.110.166
207.107.110.167

The first IP address 207.107.110.164 is the network ID and cannot be used. The last IP address is the broadcast IP and cannot be used. The IP address 207.107.110.165 is on the ISP’s side and the only remaining one: 207.107.110.166 can be used as WAN on the Cisco router. This IP address will be assigned to FastEthernet0/0.
To avoid double-NATting, we will also provide a public IP address to the LAN interface (this will be the client’s WAN IP address). The ISP is so generous that it provides a /29 subnet. Let’s see what that means.

29 bits = 11111111.11111111.11111111.11111000
The above bit patterns is equal to 255.255.255.248

 Topology

 The IP Range that the customer can use is 207.107.102.8-207.107.102.15
However, 207.107.102.8 cannot be used as it is the network ID.
207.107.102.9 is programmed as a LAN IP Address on the PSSNET Router.
The client therefore, is left with: *.10, *.11, *.12, *.13, *.14.
207.107.102.15 cannot be used as it is a broadcast IP address.

 The Default gateway is 207.107.102.9
The Subnet Mask is 255.255.255.248
In this scenario, I programmed my laptop with the *.10 IP and it appeared to work flawlessly.

3/ Router configurations

The following is the configuration on the Cisco Router.

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname dalaris-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FO/k$zniuCv0lWkY0WYwDOFLy7/
enable password 7 001400152468001F18715E4A1A
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip domain name dalaris.com
!
ip dhcp pool 207.107.102.8/29
   network 207.107.102.8 255.255.255.248
   default-router 207.107.102.9
   dns-server 64.71.255.198 24.153.23.114
!
ip audit po max-events 100
!
!
!
username pssadm privilege 15 password 7 21392C88772233D0D55
!
!
!
interface FastEthernet0/0
 ip address 207.107.110.166 255.255.255.252
 ip access-group 102 in
 ip access-group 101 out
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 207.107.102.9 255.255.255.248
 ip nat inside
 speed auto
 full-duplex
!
ip default-gateway 207.107.110.165
ip nat inside source list 101 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 207.107.110.165
!
!
access-list 101 permit ip any any
access-list 102 permit icmp any any echo-reply
access-list 102 permit ip any any
!
!
!
line con 0
line aux 0
line vty 0 4
 access-class 1 in
 exec-timeout 30 0
 privilege level 15
 password 7 199F1A4C882277432C44321E37
 login local
 transport preferred ssh
 transport input ssh
!
!
end
dalaris-router#

 
4/ Testing

Since the Cisco router LAN IP address is 207.107.102.9 with the subnet mask of /29, it means that this IP belongs to this pool of IP addresses:

207.107.102.8
207.107.102.9
207.107.102.10
207.107.102.11
207.107.102.12
207.107.102.13
207.107.102.14
207.107.102.15

There are three bits used for the hosts so totally we have 23 = 8 IP addresses. The first IP address 207.107.102.8 cannot be used as it is the network ID. The last IP address is the broadcast IP address. The second IP is programmed on the LAN interface (FastEthernet0/1). There are five IP addresses the client can use. In this test, I plugged in a laptop and the DHCP provides me an IP address of 207.107.102.10.

The client’s IT administrator need to configure his router with a WAN IP address in the range of 207.107.102.10-14.

Information to be given to the customer (Client’s IT personnel):

   IPv4 Address. . . . . . . . . . . : 207.107.102.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 207.107.102.9
   DHCP Server . . . . . . . . . . . : 207.107.102.9

 C:\Users\dalaris>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:
Reply from 4.2.2.2: bytes=32 time=17ms TTL=57
Reply from 4.2.2.2: bytes=32 time=16ms TTL=57
Reply from 4.2.2.2: bytes=32 time=16ms TTL=57
Reply from 4.2.2.2: bytes=32 time=16ms TTL=57

 Ping statistics for 4.2.2.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 17ms, Average = 16ms

 C:\Users\pdalaris>ping google.com

 Pinging google.com [173.194.43.66] with 32 bytes of data:
Reply from 173.194.43.66: bytes=32 time=19ms TTL=56
Reply from 173.194.43.66: bytes=32 time=18ms TTL=56
Reply from 173.194.43.66: bytes=32 time=18ms TTL=56
Reply from 173.194.43.66: bytes=32 time=18ms TTL=56

 Ping statistics for 173.194.43.66:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 19ms, Average = 18ms

 C:\Users\dalaris>ipconfig /all

 Ethernet adapter LAN:

    Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 1C-75-08-67-C5-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6875:b2f2:23a9:4de6%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 207.107.102.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Lease Obtained. . . . . . . . . . : Friday, June 27, 2014 2:25:01 PM
   Lease Expires . . . . . . . . . . : Saturday, June 28, 2014 2:25:01 PM
   Default Gateway . . . . . . . . . : 207.107.102.9
   DHCP Server . . . . . . . . . . . : 207.107.102.9
   DHCPv6 IAID . . . . . . . . . . . : 236745992
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-09-EA-35-1C-75-08-67-C5-70

    DNS Servers . . . . . . . . . . . : 64.71.255.198
                                       24.153.23.114
   NetBIOS over Tcpip. . . . . . . . : Enabled

5/ Conclusion
In this scenario, I have demonstrated how to configure the Cisco router for Customer’s end as an ISP.