Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco 678 DSL configuration Question

Posted on 2004-10-10
6
Medium Priority
?
380 Views
Last Modified: 2010-04-17
I’m installing a Cisco 678 for a DSL connection.  I’m hoping that the Cisco router will allow me to easily do some thing I’m not able to do with my current router.  The first part below shows my current router’s configuration and the second part is the ideal configuration with the Cisco.  I need some help with second part.  I’m familiar with the command line interface on the Cisco and prefer to configure the router this way.  I need some help with exact commands for the router to achieve the configuration I want.

Current router:

1.  I have 3 servers with static IP addresses from a pool of 8 given from my ISP
2.  I have 10 workstations with internal IP addresses manually assigned to each workstation and they are able to access the Internet but no one is able to access them from the outside.

Ideal configuration with the Cisco 678:

1.  Keep the 3 servers with static IP addresses
2.  Have the 10 workstations and any future workstations use DHCP to obtain an internal IP address to access the Internet

I have been able to configure the Cisco 678 to have static IP addresses or to do just DHCP with internal IP address but NOT Both.

Thanks in advance for the help,
Andrew
0
Comment
Question by:Andrew54
  • 3
  • 2
6 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 12275607
To maintain static IP addresses on the servers, you need to exclude the static addresses from your DHCP pool on the router:

ip dhcp excluded-address 192.168.0.10
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.30

If all in order, use a range:

ip dhcp excluded-address 192.168.0.10 192.168.0.12

Is this what you are asking?
0
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12276526
Since the 678 has only one Ethernet port, and no way to add a second, you two choices, use a separate hardware firewall for the internal servers, or use NAT with your public IP address in a pool and forwarded some to the internal address of the servers you want to be visible on the internet. Below is a sample of such a config, This was for a 1750, which I renamed the serial port to DSL 0, but it should give you the idea of how it can be done on a 678. Myself, I’d be inclined to go the hardware firewall route since they are so cheep now days, and so easy to set up.  

service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Cisco1750
!
enable password cisco
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface FastEthernet 0
 no shutdown
 description connected to EthernetLAN
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 keepalive 10
!
interface DSL 0
 no shutdown
 description connected to Internet
  ip address 208.0.0.1 255.255.255.252
 ip nat outside
 encapsulation ppp
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 10.0.0.0 0.0.0.255
!
! Static NAT
!
ip nat inside source static 10.0.0.2 208.1.1.1 extensible
ip nat inside source static 10.0.0.3 208.1.1.2 extensible
ip nat inside source static 10.0.0.4 208.1.1.3 extensible
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool Cisco1750-natpool-1 208.1.1.1 208.1.1.6 netmask 255.255.255.248
ip nat inside source list 1 pool Cisco1750-natpool-1 overload
!
! DHCP Server
!
service dhcp
ip dhcp excluded-address 10.0.0.1 10.0.0.10
ip dhcp pool 1
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.1
 dns-server 200.1.1.3 207.208.1.5
!
router rip
 version 2
 network 10.0.0.0
 passive-interface DSL 0
 no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
 exec-timeout 0 0
 password cisco
 login
!
line vty 0 4
 password cisco
 login
!
end

0
 

Author Comment

by:Andrew54
ID: 12277355
So what separate hardware firewall for the internal servers would you recommend?

Then with the firewall in place would the Cisco serve as the DHCP server?  If you could explain the big picture or point me to a diagram.

Thanks,
Andrew
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Accepted Solution

by:
Dr-IP earned 2000 total points
ID: 12277857
What you do is configure the Cisco up with the static address, and get one of the many so called Ethernet DSL routers, they really are firewalls by the way, that you can buy for about $40, and configure the WAN interface with one of the public IP address, and connect it to the Cisco router like you would one of the servers you want on the public internet, then you connect your workstations to the LAN interface on the firewall, it then will do NAT, and DHCP for your workstations, and the Cisco will do the routing for everything.  

 
               firewall---workstations
                  |
Cisco----hub|or switch
                  |
             Servers

As for which one to get, if all you want to do is basic firewalling and DHCP, anyone you chose should do the trick, but may want to go with something a little more advanced, like one with VPN services so you can access to workstations behind it remotely.            

0
 

Author Comment

by:Andrew54
ID: 12280321
Dr-IP

Thanks for the additional information and pointing me in the correct direction.  The diagram really helped me get the big picture.

Thanks,
Andrew
0
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12281792
I figured once you got it, you’d appreciate it, especially since it’s so quick and easy to do. Last one I set up for an almost identical setup as yours took all of ten minutes to get working. Just set the IP address of the WAN, default gateway, the DNS servers you want to use, and plug it in and go. By the way if you’re thinking about having wireless for notebook users, CompUSA has some Wireless Access Point’s with a Cable/DSL Router and 4-Port Switch for $60. Not bad for something that just five years ago would have been a bargain at ten times the price.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question