Announcement

Collapse
No announcement yet.

configure a cisco 1812

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • configure a cisco 1812

    Hi there,

    i want to configure a new cisco 1812.
    what i want is :
    we have 5 external ip addresses from our ISP.
    we want that the FE0 ( wan port ) can route all those ip addresses.

    so when we put a firewall on port number 8 with 1 of the 5 external ip addresses we have internet.
    and when we put a firewall with another external ip adres on port 4 we have internet.

    whe have it also on a 1811, but that is not our router, and i cannot get the config GRR

    the 1812 is brand new, but i don't know how i can arrange this.

  • #2
    Re: configure a cisco 1812

    Is the 1811 upstream from the 1812? Your ISP will automatically route anything in your range towards you. Are you going to assign public ip's directly to other devices or do you want to use NAT? From your post it looks like you have dual internet connectivity? It would be helpful to post a diagram of the setup.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: configure a cisco 1812

      both connections are from another company.

      the first internet connections stops 13-12-2012.
      and then we want to have the other connection to work on the 1812.

      i hope this is enough...
      else i go put something together in paint :P

      Comment


      • #4
        Re: configure a cisco 1812

        Please post a diagram with connections etc. There are alot of ways to set this up.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: configure a cisco 1812

          Was already making something...

          the next picture is how we have it now with the old internet connection.
          but now with the 1812 and with the new ip addresses.
          so the 1812 just need to send everything to the internet...
          Maybee on fastEthernet port 3 one outside ip adres
          and FastEthernet port 4 another outside ip adres, etc...

          Last edited by kloenie; 29th November 2012, 16:22.

          Comment


          • #6
            Re: configure a cisco 1812

            Are the linux firewalls going to do nat for your clients? Since all devices seem to be on the same ip subnet then you may want to just bridge the traffic. Enable IRB on the router. Create your BVI interface. Assign one of the public ip's to that interface. Then put the switch ports connecting to your firewalls and the upstream fiber switch in that bridge group. Create a default route for internet based traffic

            Another way to do it would be to assign one of your public ip's to the fe0 " internet" facing interface directly. Plug your firewalls into the switch module on the router. Make sure they are all in the same vlan. All traffic to the firewalls would be switched at layer 2. Then just add a default route for internet based traffic.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: configure a cisco 1812

              okey first part to mutch abracadaba

              I know allot on it but cisco is not my thing

              the second thing is mutch easier..
              But : we don't want an outside ip on the Fe0 port.
              because we have different ports/domains on the ip's.

              and yes, the firewall does every thing, dhcp, dns, nat, etc.
              the only thing the 1812 needs to do is send the trafic true...

              then is this what we need to do ?


              Since all devices seem to be on the same ip subnet then you may want to just bridge the traffic. Enable IRB on the router. Create your BVI interface. Assign one of the public ip's to that interface. Then put the switch ports connecting to your firewalls and the upstream fiber switch in that bridge group. Create a default route for internet based traffic ?

              Comment


              • #8
                Re: configure a cisco 1812

                okey just read the post agian...

                but also the first part is not what we want.

                we do not want the public ip to be show on any port.
                just the firewall has the pubic ip.

                in your example there wil always be 1 public ip on the 1812.
                but we have 4 networks, so 1 public ip is not what we want.

                there must be no public ip on the 1812.

                Comment


                • #9
                  Re: configure a cisco 1812

                  You have to have a public ip on the router. How else will it be able to route/switch traffic? How else will you be able to connect to the router for management purposes? How can other devices do Layer 3 to Layer 2 resolution (ARP resolution) if the device has no ip address?

                  From your diagram and posts you have 5 usable public ip addresses. You also show 4 linux firewalls, so you do have enough ip's.


                  in your example there wil always be 1 public ip on the 1812.
                  but we have 4 networks, so 1 public ip is not what we want.

                  You have 4 internal networks right? (private ip addressing from the diagram you posted) Your linux firewalls will NAT those networks to their respective ip addresses correct?

                  When the ISP sends you traffic for your public ip space it needs a reachable next hop. IE your router.

                  What are the capabilites of that fiber switch? Is that something the ISP provided (Metro Ethernet switch or something?) You may be able to pull the 1812 out of the mix and just connect your fiber switch to another switch and just have a flat layer 2 network on that side.

                  I dont see what you are trying to accomplish here.
                  Last edited by auglan; 29th November 2012, 20:20.
                  CCNA, CCNA-Security, CCNP
                  CCIE Security (In Progress)

                  Comment


                  • #10
                    Re: configure a cisco 1812

                    okey.... if i understand it correct :

                    you say i need a public ip on the router.
                    but is that ip adres always seen on the internet ?

                    example, when i do now a ip check my iip adres is on the first network :
                    77.61.201.18
                    the second network 77.61.201.19
                    the Thirth network is 77.61.201.20
                    So every network has an own public ip adres.

                    for the management i will take the console port.
                    we want to setup it once, and then dont touch it anymore.
                    just do everything on the firewall..

                    that is how we do it now 6 years on the old 1811.

                    thanxs for you time, i hope you understand me now.

                    Comment


                    • #11
                      Re: configure a cisco 1812

                      example, when i do now a ip check my iip adres is on the first network :
                      77.61.201.18
                      the second network 77.61.201.19
                      the Thirth network is 77.61.201.20
                      So every network has an own public ip adres.
                      Okay so every internal private network has its own public ip from the pool allocated to you by your provider. You said you have 4 networks (private networks that is) Your public ip space is all on the same subnet I assume. (I cant see the network mask so I can't verify but most ISP's will give you contigious addressing)

                      So you have 5 usable public ip's. 4 for your networks and 1 for your router. What is the problem with putting a public ip on your router? If your router has no ip on it it can't route. The only thing I can assume is you where just using the switch module to switch the traffic? As you can't convert a physical layer 3 interface on a cisco router to just a switch port. If thats the case then you might as well replace the router with a switch as the router isn't routing at all and basically its hybrid switch.

                      By management I mean ssh/telnet for remote management. Can't do this without an ip address on the device. Console access is great but do you want to physically go to the box and console in directly when you want to check the status of the router?


                      Have you checked the config on the existing router to see how it is setup?

                      The setup your proposing is strange to say the least. You have 5 addresses so why not use them



                      you say i need a public ip on the router.
                      but is that ip adres always seen on the internet ?
                      No the ip address is assigned to the router. None of your networks will be natted to that ip address as the other 4 linux firewalls will be natting the other 4 public ip's for your networks.

                      Remember the ip on the router is just a next hop for traffic going through it. The source and destination ip address never changes in a packet (unless its being natted of course) Only the layer 2 source and destination mac address changes when a packet crosses a routed interface.
                      Last edited by auglan; 29th November 2012, 20:50.
                      CCNA, CCNA-Security, CCNP
                      CCIE Security (In Progress)

                      Comment


                      • #12
                        Re: configure a cisco 1812

                        okey so the router has an ip adres but it is not show on the net...
                        so the firewall's are seen as public ip...
                        that is what we want.

                        so i need to gife the Fe0 an public ip.
                        that is no problem, have done it.

                        and what more ?


                        the old modem is not from us, so i cannot get the config

                        Comment


                        • #13
                          Re: configure a cisco 1812

                          You need to plug your linux firewalls into the switch port module on the router. Make sure all ports are in the same vlan. Then add a default route on the router pointing to the default gateway specified by your ISP.


                          ip route 0.0.0.0 0.0.0.0 X.X.X.X (Where X is the next hop ip specified by your ISP)

                          Also make sure the default gateway on our linux box's is set for the router ip address.
                          Last edited by auglan; 29th November 2012, 22:25.
                          CCNA, CCNA-Security, CCNP
                          CCIE Security (In Progress)

                          Comment


                          • #14
                            Re: configure a cisco 1812

                            the default gateway is in the diagram...
                            it is 83.96.180.169
                            so i need to give Fe0 an public ip adres.
                            make a vlan with some ports in it.
                            make an default route to the default gateway with the command :
                            ip route 0.0.0.0 0.0.0.0 83.96.180.169

                            ( or is the next hope something else ? )

                            Comment


                            • #15
                              Re: configure a cisco 1812

                              Yes fe0 gets a public. You may or may not have to create a vlan. The default vlan on the switch module for all ports should be vlan 1 so they may be fine as is.

                              show vlan-switch ( I think this is the command to view vlan and port assignment for the module)


                              The default route on the router should point to the gateway (next hop) defined by your ISP. They should have given you that info.

                              The default gateway on the linux box's should point to the router. You network clients should have their default gateway set to the internal (private ip address) of the linux firewall for their particular network.
                              CCNA, CCNA-Security, CCNP
                              CCIE Security (In Progress)

                              Comment

                              Working...
                              X