mburke3434
asked on
Change LAN IP on Cisco 1721
I want to change my inside IP to a private network (192.168.0.1 or something). I have included my startup-config (replacing both IPs with 333 and 111 for security). Any help is ALWAYS appreciated!
interface FastEthernet0
--More-- description To Office FastEthernet
--More-- ip address 33.333.333.333 255.255.255.224 secondary
--More-- ip address 111.111.1.11 255.255.255.248
--More-- speed auto
--More-- !
--More-- interface Serial0
--More-- description To UUNET (wcomw0l31128)
--More-- bandwidth 1536
--More-- no ip address
--More-- encapsulation frame-relay IETF
--More-- no fair-queue
--More-- frame-relay lmi-type ansi
--More-- !
--More-- interface Serial0.1 point-to-point
--More-- bandwidth 1536
--More-- ip unnumbered FastEthernet0
--More-- frame-relay interface-dlci 500 IETF
--More-- !
--More-- ip classless
--More-- ip route 0.0.0.0 0.0.0.0 Serial0.1
--More-- no ip http server
--More-- ip pim bidir-enable
--More-- !
--More-- !
--More-- !
--More-- !
--More-- line con 0
--More-- password eb78c1ed61
--More-- login
--More-- transport preferred none
--More-- line aux 0
--More-- password eb78c1ed61
--More-- login
--More-- modem InOut
--More-- transport preferred none
--More-- transport input all
--More-- transport output pad udptn telnet rlogin ssh
--More-- stopbits 1
--More-- flowcontrol hardware
--More-- line vty 0 4
--More-- password eb78c1ed61
--More-- login
--More-- transport preferred none
--More-- !
--More-- no scheduler allocate
--More-- end
interface FastEthernet0
--More-- description To Office FastEthernet
--More-- ip address 33.333.333.333 255.255.255.224 secondary
--More-- ip address 111.111.1.11 255.255.255.248
--More-- speed auto
--More-- !
--More-- interface Serial0
--More-- description To UUNET (wcomw0l31128)
--More-- bandwidth 1536
--More-- no ip address
--More-- encapsulation frame-relay IETF
--More-- no fair-queue
--More-- frame-relay lmi-type ansi
--More-- !
--More-- interface Serial0.1 point-to-point
--More-- bandwidth 1536
--More-- ip unnumbered FastEthernet0
--More-- frame-relay interface-dlci 500 IETF
--More-- !
--More-- ip classless
--More-- ip route 0.0.0.0 0.0.0.0 Serial0.1
--More-- no ip http server
--More-- ip pim bidir-enable
--More-- !
--More-- !
--More-- !
--More-- !
--More-- line con 0
--More-- password eb78c1ed61
--More-- login
--More-- transport preferred none
--More-- line aux 0
--More-- password eb78c1ed61
--More-- login
--More-- modem InOut
--More-- transport preferred none
--More-- transport input all
--More-- transport output pad udptn telnet rlogin ssh
--More-- stopbits 1
--More-- flowcontrol hardware
--More-- line vty 0 4
--More-- password eb78c1ed61
--More-- login
--More-- transport preferred none
--More-- !
--More-- no scheduler allocate
--More-- end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Question....
ip address 33.333.333.333 255.255.255.224 secondary (THIS IS MY OFFICE SIDE)
ip address 111.111.1.11 255.255.255.248 (THIS IS MY OUT SIDE)
Your way had me changing Outside IP. Could you help me with the inside?
Also why are two Ip's on the same interface? shouldn't they be seperated? Did the guy who set this up do a poor job? What is meant by secondary?
Thanks for your efforts...
ip address 33.333.333.333 255.255.255.224 secondary (THIS IS MY OFFICE SIDE)
ip address 111.111.1.11 255.255.255.248 (THIS IS MY OUT SIDE)
Your way had me changing Outside IP. Could you help me with the inside?
Also why are two Ip's on the same interface? shouldn't they be seperated? Did the guy who set this up do a poor job? What is meant by secondary?
Thanks for your efforts...
Ok then do this;
Telnet to the router;
config t
int fastethernet0
ip address 192.168.0.1 255.255.255.0 secondary
no ip address 33.333.333.333 255.255.255.224 secondary
This will change the address from 333.333.333.333 to 192.168.0.1
Regarding the configuration no the guy didn't do a poor job. Actually the advantage you get here is 2 networks on a single interface. In the same way you could have as many as (don't remember the limit, it is too high :-)) The reason on why the guy did that way is probably the router had only 2 interfaces and he had to configure 3 networks. I mean the requirement might have been like that when it was setup.
Cheers,
Rajesh
Telnet to the router;
config t
int fastethernet0
ip address 192.168.0.1 255.255.255.0 secondary
no ip address 33.333.333.333 255.255.255.224 secondary
This will change the address from 333.333.333.333 to 192.168.0.1
Regarding the configuration no the guy didn't do a poor job. Actually the advantage you get here is 2 networks on a single interface. In the same way you could have as many as (don't remember the limit, it is too high :-)) The reason on why the guy did that way is probably the router had only 2 interfaces and he had to configure 3 networks. I mean the requirement might have been like that when it was setup.
Cheers,
Rajesh
ASKER
Sorry didn't refresh the questions in awhile.....
Some background.....For whatever reason the previous admins (contract) had the doctor purchase 50 public IP's for the T1 at his practice. The PC's are all Hard coded with these 63.000.000.000 addresses. The outside is 208.000.00.000. I have dealt with all the vendors and outside services and there is no reason they all needed public IP's. One static outside IP would have suited them just fine.
I am ready to deploy a 2003 server and would like to use a private IP scheme with DHCP. How do I get my Interfaces to allow the traffic?
Some background.....For whatever reason the previous admins (contract) had the doctor purchase 50 public IP's for the T1 at his practice. The PC's are all Hard coded with these 63.000.000.000 addresses. The outside is 208.000.00.000. I have dealt with all the vendors and outside services and there is no reason they all needed public IP's. One static outside IP would have suited them just fine.
I am ready to deploy a 2003 server and would like to use a private IP scheme with DHCP. How do I get my Interfaces to allow the traffic?
ASKER
Also we have another network that is 10.0.0.0 for a digital xray setup.
I would tie the outside to a loopback if you want to stay unnumbered and then use the publics as a nat pool or whatever but I seperate the 2 address ranges.
Thanks
scott
Thanks
scott
You think right man. I don't believe it, I mean 50 public ips???? Jeez...
Okay, you can do it with a single public ip and can go like this;
Assumptions: => You'll have to correct me if any of this is wrong.
1. You only need outside access (clients browsing net), no webserver, email server etc.
2. You are connecting both the 10.x.x.x network and the planned 192.168.0.x network to the same router;
Configurations;
interface FastEthernet0
description To Office FastEthernet
ip address 192.168.0.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0 secondary
ip nat inside
speed auto
!
interface loopback0
ip address 208.000.00.000 255.255.255.0 =>substitute for actual ip and mask
no shut
interface Serial0
description To UUNET (wcomw0l31128)
bandwidth 1536
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
bandwidth 1536
ip unnumbered loopback0
frame-relay interface-dlci 500 IETF
ip nat outside
!
ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
ip pim bidir-enable
!
!
!
!
line con 0
password eb78c1ed61
login
transport preferred none
line aux 0
password eb78c1ed61
login
modem InOut
transport preferred none
transport input all
transport output pad udptn telnet rlogin ssh
stopbits 1
flowcontrol hardware
line vty 0 4
password eb78c1ed61
login
transport preferred none
!
no scheduler allocate
end
Cheers,
Rajesh
Okay, you can do it with a single public ip and can go like this;
Assumptions: => You'll have to correct me if any of this is wrong.
1. You only need outside access (clients browsing net), no webserver, email server etc.
2. You are connecting both the 10.x.x.x network and the planned 192.168.0.x network to the same router;
Configurations;
interface FastEthernet0
description To Office FastEthernet
ip address 192.168.0.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0 secondary
ip nat inside
speed auto
!
interface loopback0
ip address 208.000.00.000 255.255.255.0 =>substitute for actual ip and mask
no shut
interface Serial0
description To UUNET (wcomw0l31128)
bandwidth 1536
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
bandwidth 1536
ip unnumbered loopback0
frame-relay interface-dlci 500 IETF
ip nat outside
!
ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
ip pim bidir-enable
!
!
!
!
line con 0
password eb78c1ed61
login
transport preferred none
line aux 0
password eb78c1ed61
login
modem InOut
transport preferred none
transport input all
transport output pad udptn telnet rlogin ssh
stopbits 1
flowcontrol hardware
line vty 0 4
password eb78c1ed61
login
transport preferred none
!
no scheduler allocate
end
Cheers,
Rajesh
That provides the seperation but you would still need to NAT to the public's either a pool or to the interface.
Thanks
scott
Thanks
scott
I have those in there too Scott;
ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
Cheers,
Rajesh
ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
Cheers,
Rajesh
also a consideration is what services are being provided on the inside
mail server
ftp server
ECT please respond with the additional services that you need inside or if any services are in use currently that need to be mapped.
Thanks
Scott
mail server
ftp server
ECT please respond with the additional services that you need inside or if any services are in use currently that need to be mapped.
Thanks
Scott
ASKER
No mail server or ftp server....eventual TS server for offsite billing.
Okay then the config above should work just fine. If you are adding a TS server to be accessed from internet, the addition for the configuration would be;
ip nat inside source static <PublicIPYouassignforTS> <InternalPrivateIPforTS>
that should be it and you can add access-lists to control the traffic flow for security reasons too.
Cheers,
Rajesh
ip nat inside source static <PublicIPYouassignforTS> <InternalPrivateIPforTS>
that should be it and you can add access-lists to control the traffic flow for security reasons too.
Cheers,
Rajesh
ASKER
Excellent...now lets see if I can make all the configurations work.... : )
Can I copy your startup, replace the IP's with the correct ones, and drop into the router?
Would that work?
Can I copy your startup, replace the IP's with the correct ones, and drop into the router?
Would that work?
that should work fine.
Thanks
Scott
Thanks
Scott
Ya. Go ahead.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
Great TY....I'll let you know how it goes....
ASKER
Thank you both....I am sure we will talk again soon!
My Pleasure :-)
Cheers,
Rajesh
Cheers,
Rajesh
anytime :D
Scott
Scott
Cheers,
Rajesh