Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Change LAN IP on Cisco 1721

I want to change my inside IP to a private network (192.168.0.1 or something). I have included my startup-config (replacing both IPs with 333 and 111 for security). Any help is ALWAYS appreciated!


interface FastEthernet0
 --More--                            description To Office FastEthernet
 --More--                            ip address 33.333.333.333 255.255.255.224 secondary
 --More--                            ip address 111.111.1.11 255.255.255.248
 --More--                            speed auto
 --More--                           !
 --More--                           interface Serial0
 --More--                            description To UUNET (wcomw0l31128)
 --More--                            bandwidth 1536
 --More--                            no ip address
 --More--                            encapsulation frame-relay IETF
 --More--                            no fair-queue
 --More--                            frame-relay lmi-type ansi
 --More--                           !
 --More--                           interface Serial0.1 point-to-point
 --More--                            bandwidth 1536
 --More--                            ip unnumbered FastEthernet0
 --More--                            frame-relay interface-dlci 500 IETF  
 --More--                           !
 --More--                           ip classless
 --More--                           ip route 0.0.0.0 0.0.0.0 Serial0.1
 --More--                           no ip http server
 --More--                           ip pim bidir-enable
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           line con 0
 --More--                            password eb78c1ed61
 --More--                            login
 --More--                            transport preferred none
 --More--                           line aux 0
 --More--                            password eb78c1ed61
 --More--                            login
 --More--                            modem InOut
 --More--                            transport preferred none
 --More--                            transport input all
 --More--                            transport output pad udptn telnet rlogin ssh
 --More--                            stopbits 1
 --More--                            flowcontrol hardware
 --More--                           line vty 0 4
 --More--                            password eb78c1ed61
 --More--                            login
 --More--                            transport preferred none
 --More--                           !
 --More--                           no scheduler allocate
 --More--                           end
0
mburke3434
Asked:
mburke3434
  • 8
  • 7
  • 6
2 Solutions
 
rsivanandanCommented:
Telnet to the router;

config t

int fastethernet0
ip address 192.168.0.1 255.255.255.0

This will change the address from 111.111.111.111 to 192.168.0.1

If you want to remove 333.333.333.333, then at that prompt do this;

no ip address 333.333.333.333 255.255.255.224 secondary

Cheers,
Rajesh
0
 
Scotty_ciscoCommented:
!
 --More--                           interface Serial0.1 point-to-point
 --More--                            bandwidth 1536
 --More--                            ip unnumbered FastEthernet0
 --More--                            frame-relay interface-dlci 500 IETF  

I see a problem here

your serial is unnumbered to FastEthernet0 so this needs to remain a public address are you serving out public address off of this same network?

If that is the case you can't go to a private address without NATing the outbound traffic.

Thanks
scott
0
 
rsivanandanCommented:
Yeah I saw it there too, I assume that the author needs to have that part and apart from that, he is trying to switch his private ip inside.

Cheers,
Rajesh
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
mburke3434Author Commented:
Question....

ip address 33.333.333.333 255.255.255.224 secondary   (THIS IS MY OFFICE SIDE)

ip address 111.111.1.11 255.255.255.248 (THIS IS MY OUT SIDE)

Your way had me changing Outside IP. Could you help me with the inside?

Also why are two Ip's on the same interface? shouldn't they be seperated? Did the guy who set this up do a poor job? What is meant by secondary?

Thanks for your efforts...
0
 
rsivanandanCommented:
Ok then do this;

Telnet to the router;

config t

int fastethernet0
ip address 192.168.0.1 255.255.255.0 secondary
no ip address 33.333.333.333 255.255.255.224 secondary  

This will change the address from 333.333.333.333 to 192.168.0.1


Regarding the configuration no the guy didn't do a poor job. Actually the advantage you get here is 2 networks on a single interface. In the same way you could have as many as (don't remember the limit, it is too high :-)) The reason on why the guy did that way is probably the router had only 2 interfaces and he had to configure 3 networks. I mean the requirement might have been like that when it was setup.

Cheers,
Rajesh
0
 
mburke3434Author Commented:
Sorry didn't refresh the questions in awhile.....

Some background.....For whatever reason the previous admins (contract) had the doctor purchase 50 public IP's for the T1 at his practice. The PC's are all Hard coded with these 63.000.000.000 addresses. The outside is 208.000.00.000. I have dealt with all the vendors and outside services and there is no reason they all needed public IP's. One static outside IP would have suited them just fine.

I am ready to deploy a 2003 server and would like to use a private IP scheme with DHCP. How do I get my Interfaces to allow the traffic?
0
 
mburke3434Author Commented:
Also we have another network that is 10.0.0.0 for a digital xray setup.
0
 
Scotty_ciscoCommented:
I would tie the outside to a loopback if you want to stay unnumbered and then use the publics as a nat pool or whatever but I seperate the 2 address ranges.

Thanks
scott
0
 
rsivanandanCommented:
You think right man. I don't believe it, I mean 50 public ips???? Jeez...

Okay, you can do it with a single public ip and can go like this;

Assumptions: => You'll have to correct me if any of this is wrong.

1. You only need outside access (clients browsing net), no webserver, email server etc.

2. You are connecting both the 10.x.x.x network and the planned 192.168.0.x network to the same router;

Configurations;

interface FastEthernet0
description To Office FastEthernet
ip address 192.168.0.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0 secondary
ip nat inside
speed auto
!
interface loopback0
ip address 208.000.00.000 255.255.255.0 =>substitute for actual ip and mask
no shut

interface Serial0
 description To UUNET (wcomw0l31128)
 bandwidth 1536
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 bandwidth 1536
 ip unnumbered loopback0
 frame-relay interface-dlci 500 IETF  
 ip nat outside
!
ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
ip pim bidir-enable
!
!
!
!
line con 0
 password eb78c1ed61
 login
 transport preferred none
line aux 0
 password eb78c1ed61
 login
 modem InOut
 transport preferred none
 transport input all
 transport output pad udptn telnet rlogin ssh
 stopbits 1
 flowcontrol hardware
line vty 0 4
 password eb78c1ed61
 login
 transport preferred none
!
no scheduler allocate
end

Cheers,
Rajesh
0
 
Scotty_ciscoCommented:
That provides the seperation but you would still need to NAT to the public's either a pool or to the interface.

Thanks
scott
0
 
rsivanandanCommented:
I have those in there too Scott;

ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255


Cheers,
Rajesh
0
 
Scotty_ciscoCommented:
also a consideration is what services are being provided on the inside

mail server
ftp server

ECT please respond with the additional services that you need inside or if any services are in use currently that need to be mapped.

Thanks
Scott
0
 
mburke3434Author Commented:
No mail server or ftp server....eventual TS server for offsite billing.
0
 
rsivanandanCommented:
Okay then the config above should work just fine. If you are adding a TS server to be accessed from internet, the addition for the configuration would be;

ip nat inside source static <PublicIPYouassignforTS> <InternalPrivateIPforTS>

that should be it and you can add access-lists to control the traffic flow for security reasons too.

Cheers,
Rajesh
0
 
mburke3434Author Commented:
Excellent...now lets see if I can make all the configurations  work.... : )

Can I copy your startup, replace the IP's with the correct ones, and drop into the router?

Would that work?
0
 
Scotty_ciscoCommented:
that should work fine.

Thanks
Scott
0
 
rsivanandanCommented:
Ya. Go ahead.

Cheers,
Rajesh
0
 
mburke3434Author Commented:
Great TY....I'll let you know how it goes....
0
 
mburke3434Author Commented:
Thank you both....I am sure we will talk again soon!
0
 
rsivanandanCommented:
My Pleasure :-)

Cheers,
Rajesh
0
 
Scotty_ciscoCommented:
anytime :D

Scott
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 8
  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now