Solved

Bridging a PTP T-1 and providing connectivity

Posted on 2004-10-20
14
312 Views
Last Modified: 2010-04-17
I have a PTP T-1 between a customer and my office.  On my end of the T is a 1650, on their side is a 1750.  With their previous ISP they used a bridging configuration to get connectivity to the Internet.  I would like to do the same, but need some help getting started.  

I am a small ISP with a Cisco 2621 router and 4 Class C's.  I am using 199.224.122.97/255.255.255.224 on the 2621 which is my router to my uplink.  I set up the 1650 on my side to use 199.224.122.98 and would like to bridge to the customer on the PTP.

I am looking for direction on the config for the 2621 and to make sure I am doing this correct.  The 1650 will be connected to my 2621 via a 3500XL switch.

Thank you!

0
Comment
Question by:scottparks
  • 7
  • 7
14 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12358130
You really don't want to bridge traffic between you and a customer. You want to route traffic. You can use private IP address space between you and this customer on the private link, but you want to route.
What address space are you going to assign this customer? Are they going to have a firewall running NAT?
0
 

Author Comment

by:scottparks
ID: 12358173
The customer does have a firewall on their side and need 5 public IP addresses since they are running a public web server and use VPN to reach their network.

I was going to assign the customer:  199.224.122.96/255.255.255.224.

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12358317
> I am using 199.224.122.97/255.255.255.224 on the 2621 ??


Their end 1750:
  interface FastEthernet 0
   ip address 199.224.122.97 255.255.255.224

  interface Serial 0
    ip address 192.168.255.2 255.255.255.252
    Descript point-to-point

  ip route 0.0.0.0 0.0.0.0 192.168.255.1

Your end 1650:

   interface serial 0
    ip address 192.168.255.1 255.255.255.252

  interface Ethernet 0
    199.224.122.1 255.255.255.0  <== Whatever is appropriate for your local LAN

   ip route 0.0.0.0 0.0.0.0 199.224.122.x   <== The Ethernet interface of your 2621
   ip route 199.224.122.96 255.255.255.224 192.168.255.2

Your end 2621:
   ip route 199.224.122.96 255.255.255.224 199.224.122.1  <== else enable a dynamic routing protocol between the 1605 and the 2621...
0
 

Author Comment

by:scottparks
ID: 12358417
I see a light, thank you!

Couple of quick questions.  I have this in my 2621 router:

ip address 199.224.122.97 255.255.255.224 secondary on my FastEthernet interface, can I still use 199.224.122.1 on the 1650 on my side, the local LAN?


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12358598
Yes, -- but -- you have to assign a totally different block to the customer to use on their LAN
What's the primary IP on your 2621?
Suggestion:
 If nothing else on your end is using the 199.224.122.96 address block, remove it as secondary from your router.
 Address the Ethernet side of 1605 to be the same subnet as your primary IP on the 2621
 Assign the user a smaller block of addresses - 199.224.122.104 255.255.255.248 - gives them just 6 addresses to use
 

0
 

Author Comment

by:scottparks
ID: 12358640
I have 4 public class C addresses on my 2621:
199.224.105.1
199.224.109.1
199.224.114.1
199.224.122.1

The primary address is a local address:   ip address 192.168.100.1 255.255.255.0

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12358709
Are they all secondary addresses?
I would still use just the primary IP for communicating among routers internally.
Perhaps you can assign the 1605 192.168.100.253 or something in that range..
I would remove all secondary addresses if they are not being used. Create yourself a spreadsheet so that you can keep track of what subnet blocks you assign to your customers. Just use them to chop up to whatever size the clients need and assign the appropriate blocks to the clients, not to yourself. You'll route to them.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:scottparks
ID: 12358744
Yes, they are all secondary and yes, I am using all except the 199.224.122 block that I have open.

interface FastEthernet0/1
 ip address 199.224.105.1 255.255.255.192 secondary
 ip address 199.224.105.65 255.255.255.192 secondary
 ip address 199.224.105.129 255.255.255.192 secondary
 ip address 199.224.105.193 255.255.255.192 secondary
 ip address 199.224.109.1 255.255.255.0 secondary
 ip address 199.224.114.254 255.255.255.0 secondary
 ip address 199.224.122.97 255.255.255.224 secondary
 ip address 192.168.100.1 255.255.255.0
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12358767
>ip address 199.224.122.97 255.255.255.224 secondary
If you're not using this, then remove it and just assign part of it to this customer, reserve another block for the next customer(s)
0
 

Author Comment

by:scottparks
ID: 12359157
Ok, with that in mind, would this config work:

Their site (1750)
int FastEthernet 0
 ip address 199.224.122.104/255.255.255.248

interface Serial 0
 ip address 192.168.255.2 255.255.255.252
 Descript point-to-point

My side (1650)
interface Serial 0
 ip address 192.168.255.1 255.255.255.252

interface Ethernet 0
 ip address 192.168.100.5 255.255.255.0

 ip route 0.0.0.0 0.0.0.0 192.168.100.1
 ip route 199.224.122.104 255.255.255.224 192.168.255.2

My side (2621)
 ip route 199.224.122.104 255.255.255.248 192.168.100.5
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12359185
Don't forget the default route on their 1750..

   ip route 0.0.0.0 0.0.0.0 192.168.255.1

0
 

Author Comment

by:scottparks
ID: 12359778
Ah, I think I messed up my masks in that above config, adding this:  
ip route 199.224.122.104 255.255.255.224 192.168.255.2
gives me
Inconsistant address and mask
0
 

Author Comment

by:scottparks
ID: 12359876
All fixed, should have been 255.255.255.248.

Thank you!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12359897
Glad to help!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now