Solved

Cisco 678 DSL configuration Question

Posted on 2004-10-10
6
363 Views
Last Modified: 2010-04-17
I’m installing a Cisco 678 for a DSL connection.  I’m hoping that the Cisco router will allow me to easily do some thing I’m not able to do with my current router.  The first part below shows my current router’s configuration and the second part is the ideal configuration with the Cisco.  I need some help with second part.  I’m familiar with the command line interface on the Cisco and prefer to configure the router this way.  I need some help with exact commands for the router to achieve the configuration I want.

Current router:

1.  I have 3 servers with static IP addresses from a pool of 8 given from my ISP
2.  I have 10 workstations with internal IP addresses manually assigned to each workstation and they are able to access the Internet but no one is able to access them from the outside.

Ideal configuration with the Cisco 678:

1.  Keep the 3 servers with static IP addresses
2.  Have the 10 workstations and any future workstations use DHCP to obtain an internal IP address to access the Internet

I have been able to configure the Cisco 678 to have static IP addresses or to do just DHCP with internal IP address but NOT Both.

Thanks in advance for the help,
Andrew
0
Comment
Question by:Andrew54
  • 3
  • 2
6 Comments
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
To maintain static IP addresses on the servers, you need to exclude the static addresses from your DHCP pool on the router:

ip dhcp excluded-address 192.168.0.10
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.30

If all in order, use a range:

ip dhcp excluded-address 192.168.0.10 192.168.0.12

Is this what you are asking?
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
Since the 678 has only one Ethernet port, and no way to add a second, you two choices, use a separate hardware firewall for the internal servers, or use NAT with your public IP address in a pool and forwarded some to the internal address of the servers you want to be visible on the internet. Below is a sample of such a config, This was for a 1750, which I renamed the serial port to DSL 0, but it should give you the idea of how it can be done on a 678. Myself, I’d be inclined to go the hardware firewall route since they are so cheep now days, and so easy to set up.  

service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Cisco1750
!
enable password cisco
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface FastEthernet 0
 no shutdown
 description connected to EthernetLAN
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 keepalive 10
!
interface DSL 0
 no shutdown
 description connected to Internet
  ip address 208.0.0.1 255.255.255.252
 ip nat outside
 encapsulation ppp
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 10.0.0.0 0.0.0.255
!
! Static NAT
!
ip nat inside source static 10.0.0.2 208.1.1.1 extensible
ip nat inside source static 10.0.0.3 208.1.1.2 extensible
ip nat inside source static 10.0.0.4 208.1.1.3 extensible
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool Cisco1750-natpool-1 208.1.1.1 208.1.1.6 netmask 255.255.255.248
ip nat inside source list 1 pool Cisco1750-natpool-1 overload
!
! DHCP Server
!
service dhcp
ip dhcp excluded-address 10.0.0.1 10.0.0.10
ip dhcp pool 1
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.1
 dns-server 200.1.1.3 207.208.1.5
!
router rip
 version 2
 network 10.0.0.0
 passive-interface DSL 0
 no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
 exec-timeout 0 0
 password cisco
 login
!
line vty 0 4
 password cisco
 login
!
end

0
 

Author Comment

by:Andrew54
Comment Utility
So what separate hardware firewall for the internal servers would you recommend?

Then with the firewall in place would the Cisco serve as the DHCP server?  If you could explain the big picture or point me to a diagram.

Thanks,
Andrew
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 13

Accepted Solution

by:
Dr-IP earned 500 total points
Comment Utility
What you do is configure the Cisco up with the static address, and get one of the many so called Ethernet DSL routers, they really are firewalls by the way, that you can buy for about $40, and configure the WAN interface with one of the public IP address, and connect it to the Cisco router like you would one of the servers you want on the public internet, then you connect your workstations to the LAN interface on the firewall, it then will do NAT, and DHCP for your workstations, and the Cisco will do the routing for everything.  

 
               firewall---workstations
                  |
Cisco----hub|or switch
                  |
             Servers

As for which one to get, if all you want to do is basic firewalling and DHCP, anyone you chose should do the trick, but may want to go with something a little more advanced, like one with VPN services so you can access to workstations behind it remotely.            

0
 

Author Comment

by:Andrew54
Comment Utility
Dr-IP

Thanks for the additional information and pointing me in the correct direction.  The diagram really helped me get the big picture.

Thanks,
Andrew
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
I figured once you got it, you’d appreciate it, especially since it’s so quick and easy to do. Last one I set up for an almost identical setup as yours took all of ten minutes to get working. Just set the IP address of the WAN, default gateway, the DNS servers you want to use, and plug it in and go. By the way if you’re thinking about having wireless for notebook users, CompUSA has some Wireless Access Point’s with a Cable/DSL Router and 4-Port Switch for $60. Not bad for something that just five years ago would have been a bargain at ten times the price.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now